结合公钥加密和关键字可搜索加密的加密方案
|
摘要
带关键字搜索的公钥加密(PEKS)是一种有用的加密原语,它允许用户将在加密数据上搜索的功能委托给不可信的第三方服务器,而不影响原始数据的安全性和隐私性。但是,由于缺乏对于数据的加密以及解密能力,PEKS方案不能单独进行使用,必须与标准的公钥加密方案(PKE)相结合。因此,Baek等人在2006年引入了一种新的加密原语,称为结合PKE和PEKS的加密方案(PKE+PEKS),它同时提供了PKE和PEKS的功能。目前,已有文献提出了几种PKE+PEKS方案。然而,他们都没有考虑关键字猜测攻击的问题。本文提出一个新的高效且能够抵抗关键字猜测攻击的PKE+PEKS方案,与已有方案相比,该方案在性能上有很大的提升,并且在生成关键字和数据密文时,不需要使用双线性对,极大地降低了计算和存储成本。安全性分析表明,本文中所提出的方案能够满足密文隐私安全性、陷门不可区分性和抗关键字猜测攻击的安全性。效率分析表明,本分提出的方案更加高效。
Public key encryption with keyword search( PEKS) is a useful cryptographic primitive which allows one to delegate to an untrusted storage server the capability of searching on publicly encrypted data without impacting the security and privacy of original data. However,due to lack of data encryption and decryption function,a PEKS scheme cannot be used alone but has to be coupled with a standard public key encryption( PKE) scheme. For this reason,a new cryptographic primitive called integrated PKE and PEKS( PKE + PEKS) was introduced by Baek et al. in 2006,which provides the functions of both PKE and PEKS. So far,several PKE + PEKS schemes have been proposed in the literature. However,none of them considers the keyword guessing attack. This paper proposes a new efficient PKE + PEKS scheme which can resist keyword guessing attacks. Compared with other existed scheme,the performance of this scheme is greatly improved and we needn't use bilinear pairing in the generation of ciphertext of keywords and data,which reduces the cost of computation and storage. The security analysis shows that the scheme proposed in this paper can satisfy the security of ciphertext privacy,the trapdoor indistinguishability and the keyword guessing attack respectively. Efficiency analysis shows that the proposed scheme is more efficient.
Public key encryption with keyword search( PEKS) is a useful cryptographic primitive which allows one to delegate to an untrusted storage server the capability of searching on publicly encrypted data without impacting the security and privacy of original data. However,due to lack of data encryption and decryption function,a PEKS scheme cannot be used alone but has to be coupled with a standard public key encryption( PKE) scheme. For this reason,a new cryptographic primitive called integrated PKE and PEKS( PKE + PEKS) was introduced by Baek et al. in 2006,which provides the functions of both PKE and PEKS. So far,several PKE + PEKS schemes have been proposed in the literature. However,none of them considers the keyword guessing attack. This paper proposes a new efficient PKE + PEKS scheme which can resist keyword guessing attacks. Compared with other existed scheme,the performance of this scheme is greatly improved and we needn't use bilinear pairing in the generation of ciphertext of keywords and data,which reduces the cost of computation and storage. The security analysis shows that the scheme proposed in this paper can satisfy the security of ciphertext privacy,the trapdoor indistinguishability and the keyword guessing attack respectively. Efficiency analysis shows that the proposed scheme is more efficient.
引文
[1] SONG D X,WAGNER D,PERRIG A. Practical techniques for searches on encrypted data[C]//Proceedings of 2000IEEE Symposium on Security and Privacy. 2000:44-55.
[2] BONEH D,DI CRESCENZO G,OSTROVSKY R,et al.Public key encryption with keyword search[C]//Proceedings of 2004 International Conference on the Theory and Applications of Cryptographic Techniques. 2004:73-86.
[3] BYUN J,RHEE H,PARK H,et al. Off-line keyword guessing attacks on recent keyword search schemes over encrypted data[C]//Proceedings of the Workshop on Secure Data Management. 2006:75-83.
[4] BAEK J,SAFAVI-NAINI R,SUSILO W. Public key encryption with keyword search revisited[C]//Proceedings of Computational Science and Its Applications. 2008:1249-1259.
[5] YAU W,HENG S,GOI B. Off-line keyword guessing attacks on recent public key encryption with keyword search schemes[C]//Proceedings of Autonomic and Trusted Computing. 2008:100-105.
[6] RHEE H,PARK J,SUSILO W,el al. Improved searchable public key encryption with designated tester[C]//Proceedings of International Symposium on ACM Symposium on Information,Computer and Communications Security. 2009:376-379.
[7] RHEE H,PARK J,SUSILO W,el al. Trapdoor security in a searchable public-key encryption scheme with a designated tester[J]. Journal of System and Software,2008,83(5):763-771.
[8] SHAO Z,YANG B. On security against the server in designated tester public key encryption with keyword search[J]. Journal of Information Processing Letters,2015,115(12):957-961.
[9] HU C,LIU P. An enhanced searchable public key encryption scheme with a designated tester and its extensions[J].Journal of Computers,2012,7(3):716-723.
[10] HU C,LIU P. A secure searchable public key encryption scheme with a designated tester against keyword guessing attacks and its extension[C]//Proceedings of Computer Science, Environment, Ecoinformatics and Education.2011:131-136.
[11] GU C,ZHU Y,PAN H. Efficient public key encryption with keyword search schemes from pairings[C]//Proceedings of Information Security and Cryptology. 2007:372-383.
[12] FANY L,SUSILO W,GE C,et al. Public key encryption with keyword search secure against keyword guessing attacks without random Oracle[J]. Journal of Information Sciences,2013,238(7):221-241.
[13] VALLENT T,KIM H. A pairing-free public key encryption with keyword searching for cloud storage services[C]//Proceedings of E-Infrastructure and E-Services for Developing Countries. 2013:70-78.
[14] HU C,HE P,LIU P. Public key encryption with multikeyword search[C]//Proceedings of Network Computing and Information Security. 2012:568-576.
[15] WU T,TSAI T,TSENG Y. Efficient searchable ID-based encryption with a designated server[J]. Journal of Annals of Telecommunications,2013,69(7):391-402.
[16] ZHANG J H,MAO J. Efficient public key encryption with revocable keyword search in cloud computing[J]. Journal of Cluster Computing,2016,19(3):1211-1217.
[17]王刚,李非非,王瑶.指定服务器的基于身份加密连接关键字搜索方案[J].计算机与现代化,2017(4):118-121.
[18] BAEK J,SAFAVI-NAINI R,SUSILO W. On the integration of public key data encryption and public key encryption with keyword search[C]//Proceedings of International Conference on Information Security. 2006:217-232.
[19] ZHANG R,IMAI H. Generic combination of public key encryption with keyword search and public key encryption[C]//Proceedings of Cryptology and Network Security.2007:159-174.
[20] CHEN Y,ZHANG J,LIN D. Generic constructions of integrated PKE and PEKS[J]. Journal of Designs Codes and Cryptography,2014,78(2):493-526.
[21] BUCCAFURRI F,LAX G,SAHU R,et al. Practical and secure integrated PKE+PEKS with keyword privacy[C]//Proceedings of International Joint Conference on E-Business and Telecommunications. 2016:448-453.
[22] CHEN Y. SPEKS:Secure server-designation public key encryption with keyword search against keyword guessing attacks[J]. Journal of Computer Journal,2014,58(4):922-933.
[23] ABDALLA M,BELLARE M,ROGAWAY P. The Oracle Diffie-Hellman assumptions and an analysis of DHIES[C]//Proceedings of Topics in Cryptology. 2001:143-158.
[2] BONEH D,DI CRESCENZO G,OSTROVSKY R,et al.Public key encryption with keyword search[C]//Proceedings of 2004 International Conference on the Theory and Applications of Cryptographic Techniques. 2004:73-86.
[3] BYUN J,RHEE H,PARK H,et al. Off-line keyword guessing attacks on recent keyword search schemes over encrypted data[C]//Proceedings of the Workshop on Secure Data Management. 2006:75-83.
[4] BAEK J,SAFAVI-NAINI R,SUSILO W. Public key encryption with keyword search revisited[C]//Proceedings of Computational Science and Its Applications. 2008:1249-1259.
[5] YAU W,HENG S,GOI B. Off-line keyword guessing attacks on recent public key encryption with keyword search schemes[C]//Proceedings of Autonomic and Trusted Computing. 2008:100-105.
[6] RHEE H,PARK J,SUSILO W,el al. Improved searchable public key encryption with designated tester[C]//Proceedings of International Symposium on ACM Symposium on Information,Computer and Communications Security. 2009:376-379.
[7] RHEE H,PARK J,SUSILO W,el al. Trapdoor security in a searchable public-key encryption scheme with a designated tester[J]. Journal of System and Software,2008,83(5):763-771.
[8] SHAO Z,YANG B. On security against the server in designated tester public key encryption with keyword search[J]. Journal of Information Processing Letters,2015,115(12):957-961.
[9] HU C,LIU P. An enhanced searchable public key encryption scheme with a designated tester and its extensions[J].Journal of Computers,2012,7(3):716-723.
[10] HU C,LIU P. A secure searchable public key encryption scheme with a designated tester against keyword guessing attacks and its extension[C]//Proceedings of Computer Science, Environment, Ecoinformatics and Education.2011:131-136.
[11] GU C,ZHU Y,PAN H. Efficient public key encryption with keyword search schemes from pairings[C]//Proceedings of Information Security and Cryptology. 2007:372-383.
[12] FANY L,SUSILO W,GE C,et al. Public key encryption with keyword search secure against keyword guessing attacks without random Oracle[J]. Journal of Information Sciences,2013,238(7):221-241.
[13] VALLENT T,KIM H. A pairing-free public key encryption with keyword searching for cloud storage services[C]//Proceedings of E-Infrastructure and E-Services for Developing Countries. 2013:70-78.
[14] HU C,HE P,LIU P. Public key encryption with multikeyword search[C]//Proceedings of Network Computing and Information Security. 2012:568-576.
[15] WU T,TSAI T,TSENG Y. Efficient searchable ID-based encryption with a designated server[J]. Journal of Annals of Telecommunications,2013,69(7):391-402.
[16] ZHANG J H,MAO J. Efficient public key encryption with revocable keyword search in cloud computing[J]. Journal of Cluster Computing,2016,19(3):1211-1217.
[17]王刚,李非非,王瑶.指定服务器的基于身份加密连接关键字搜索方案[J].计算机与现代化,2017(4):118-121.
[18] BAEK J,SAFAVI-NAINI R,SUSILO W. On the integration of public key data encryption and public key encryption with keyword search[C]//Proceedings of International Conference on Information Security. 2006:217-232.
[19] ZHANG R,IMAI H. Generic combination of public key encryption with keyword search and public key encryption[C]//Proceedings of Cryptology and Network Security.2007:159-174.
[20] CHEN Y,ZHANG J,LIN D. Generic constructions of integrated PKE and PEKS[J]. Journal of Designs Codes and Cryptography,2014,78(2):493-526.
[21] BUCCAFURRI F,LAX G,SAHU R,et al. Practical and secure integrated PKE+PEKS with keyword privacy[C]//Proceedings of International Joint Conference on E-Business and Telecommunications. 2016:448-453.
[22] CHEN Y. SPEKS:Secure server-designation public key encryption with keyword search against keyword guessing attacks[J]. Journal of Computer Journal,2014,58(4):922-933.
[23] ABDALLA M,BELLARE M,ROGAWAY P. The Oracle Diffie-Hellman assumptions and an analysis of DHIES[C]//Proceedings of Topics in Cryptology. 2001:143-158.