引用本文: |
-
蒲浪,林超,伍玮,何德彪.基于SM9的公钥可搜索加密方案[J].信息安全学报,2023,8(1):108-118 [点击复制]
- PU Lang,LIN Chao,WU Wei,HE Debiao.A Public-key Encryption with Keyword Search Scheme from SM9[J].Journal of Cyber Security,2023,8(1):108-118 [点击复制]
|
|
摘要: |
云存储技术因其使用便捷、性价比高等优势得以迅速发展, 越来越多用户将个人数据外包至第三方云服务器存储。虽然数据加密存储可有效保护数据安全和用户隐私, 但传统的对称/非对称加密技术会影响数据检索和使用。可搜索加密是一种特殊的加密技术, 一经提出便备受关注, 在保障数据机密性的同时可提供数据检索功能。目前, 国内外学者提出了大量可搜索加密方案, 但现有方案都基于国外密码算法设计, 尚未见基于国产商用密码算法的可搜索加密方案在国内外刊物上公开发表, 不符合我国密码核心技术自主可控的要求。为了丰富国产商用密码算法在可搜索加密方面的研究, 满足云存储领域的数据安全检索需求, 本文以 SM9 标识加密算法为基础, 构造了一种公钥可搜索加密方案 (SM9-PEKS)。在 q-ABDHE 安全假设和随机谕言模型下, 本文首先证明 SM9 标识加密算法的匿名性, 进而证明 SM9-PEKS 方案的安全性。理论分析和编程实现结果表明, 与常用经典的公钥可搜索加密方案相比, 本文方案在增加 64 字节通信代价的情况下, 可至少降低 31.31%的计算开销。最后, 提出了未来可能的研究方向。 |
关键词: SM9 算法 公钥可搜索加密 标识密码 匿名性 |
DOI:10.19363/J.cnki.cn10-1380/tn.2023.01.08 |
投稿时间:2021-10-04修订日期:2021-12-08 |
基金项目:本课题得到国家自然科学基金(No. 62102089, No. 62032005, No. 61872089, No. 61972294), 中央高校基本科研业务费专项资金(No.2042021kf1030), 湖北省自然科学基金 (No. 2017CFA007), 福建省自然科学基金(No. 2020J02016)资助。 |
|
A Public-key Encryption with Keyword Search Scheme from SM9 |
PU Lang1, LIN Chao1, WU Wei2, HE Debiao3
|
(1.College of Computer and Cyber Security, Fujian Normal University, Fuzhou 350117, China;2.School of Mathematics and Statistics, Fujian Normal University, Fuzhou 350117, China;3.School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China) |
Abstract: |
Cloud storage technology has developed rapidly due to its flexible use and high cost performance, more and more users outsource their personal data to third-party cloud servers in order to save local storage resources and use data more conveniently. A large number of security risks appear while storing data, the data that usually need to be encrypted then stored to effectively protect data security and user privacy, but traditional symmetric/asymmetric encryption technology affects data efficient retrieval and use. Searchable encryption is a special cryptographic technology that not only guarantees data confidentiality but also provides convenient and secure data retrieval service. Searchable encryption has attracted widespread attention of scholars as soon as it was proposed. At present, domestic and foreign scholars have proposed a large number of searchable encryption schemes, but the existing schemes are based on foreign cryptographic algorithms. After our extensive research, there is no searchable encryption schemes based on domestic commercial cryptography algorithm has been published in domestic and foreign academic journals, which does not meet the requirements of security and independent control of cryptography core technology. In order to enrich the research of domestic commercial cryptographic algorithms in searchable encryption, and meet the security retrieval needs of data stored in the cloud servers, this article firstly adapts the SM9 identity-based encryption algorithm to construct a public key searchable encryption scheme (SM9-PEKS). Then, we prove the anonymity of SM9 identity-based encryption algorithm in the random oracle model based on the security assumption of q-ABDHE, followed by the security of the proposed SM9-PEKS. Theoretical analysis and programming implementation results show that, this scheme has a good balance between safety and efficiency. Compared with the classic commonly used PEKS schemes, the SM9-PEKS can reduce the computational overhead by at least 31.31% under extra communication cost of 64 bytes. Finally, the possible future research directions are proposed. |
Key words: SM9 algorithm public key encryption with keyword search identity-based cryptography anonymity |