云端协同下基于区块链的隔离密文检索方案

郑开发; 黄传林; 孙炜; 周俊旭; 刘志全; 苗银宾

引用本文：

郑开发,黄传林,孙炜,周俊旭,刘志全,苗银宾.云端协同下基于区块链的隔离密文检索方案[J].信息安全学报,已采用 [点击复制]
zheng kaifa,Huang Chuanlin,Sun Wei,Zhou Junxu,Liu Zhiquan,Miao Yinbin.A Blockchain-Based Isolated Searchable Encryption Scheme in a Cloud-Edge-End Collaborative Framework[J].Journal of Cyber Security,Accept [点击复制]

本文已被：浏览 898次下载 141次
云端协同下基于区块链的隔离密文检索方案
郑开发¹, 黄传林², 孙炜³, 周俊旭³, 刘志全³, 苗银宾⁴
0 字体:加大+\|默认\|缩小-
(1.北京航空航天大学;2.中国船舶集团有限公司第七二四研究所;3.暨南大学;4.西安电子科技大学)

摘要:

在云-边-端协同架构下，融合区块链与密文检索是保障物联网（IoT）敏感数据安全共享的关键。然而，现有方案仍面临边缘节点半可信、访问控制中心化以及终端计算开销过大等多重挑战。针对上述问题，本文提出一种云端协同下基于区块链的隔离密文检索方案。为提升系统安全性与去中心化程度，方案利用区块链共识系统（BCS）实现了密钥的去中心化生成与实时撤销。同时，方案构建了云-边-端协同计算模型，将高复杂度的加密任务下沉至边缘节点，显著降低了终端的计算开销。此外，为实现任意数据拥有者（DO）对任意数据用户（DU）的灵活授权，方案结合区块链设计了隔离检索机制：DO 将索引公钥嵌入搜索令牌（token）中，DU 基于此生成陷门，从而支持了任意搜索场景的扩展。从理论分析可以看出，本方案兼顾了系统的实用性、可扩展性和安全性。性能分析表明，本方案在保障数据安全性的同时，为敏感数据的共享提供了一种高效的解决方案。

关键词: 可搜索加密边缘计算隐私保护属性加密可撤销

DOI：

投稿时间：2025-08-20修订日期：2026-02-13

基金项目:国家重点研发计划 (2022YFB3104900)，国家自然科学基金面上项目, 车联网中隐私保护的信任体系构建关键问题研究,(62272195),北京市科技新星交叉项目（20250484795）

A Blockchain-Based Isolated Searchable Encryption Scheme in a Cloud-Edge-End Collaborative Framework

zheng kaifa¹, Huang Chuanlin², Sun Wei³, Zhou Junxu³, Liu Zhiquan³, Miao Yinbin⁴

(1.Beihang University;2.The 724th Research Institute of China State Shipbuilding Corporation Limited;3.Jinan University;4.Xidian University)

Abstract:

Under the cloud-edge-end collaborative architecture, the integration of blockchain and ciphertext retrieval is key to ensuring the secure sharing of sensitive Internet of Things (IoT) data. However, existing schemes still face multiple challenges, including semi-trusted edge nodes, centralized access control, and excessive computational overhead on terminal devices. To address these issues, this paper proposes a blockchain-based isolated ciphertext retrieval scheme under cloud-edge-end collaboration. To enhance system security and decentralization, the scheme utilizes a Blockchain Consensus System (BCS) to achieve decentralized key generation and real-time revocation. Concurrently, the scheme establishes a cloudedge-end computational model that offloads high-complexity encryption tasks to edge nodes, significantly reducing the computational overhead on terminals. Furthermore, to enable flexible authorization from any Data Owner (DO) to any Data User (DU), the scheme designs an isolated retrieval mechanism integrated with blockchain. The DO embeds a public index key into a search token, based on which the DU generates a trapdoor, thus supporting the extension of arbitrary search scenarios. Theoretical analysis shows that the scheme balances practicality, scalability, and security. Performance analysis indicates that our scheme provides an efficient solution for sensitive data sharing while guaranteeing data security.

Key words: Searchable encryption edge computing privacy preservation attribute-based encryption revocability