西安电子科技大学学报 ›› 2020, Vol. 47 ›› Issue (5): 48-56.doi: 10.19665/j.issn1001-2400.2020.05.007

• 专题:区块链技术与进展 • 上一篇    下一篇

一种支持前向安全更新和验证的加密搜索算法

李涵1(),张晨2,黄荷姣1,郭宇2   

  1. 1.哈尔滨工业大学(深圳) 计算机科学与技术学院,广东 深圳 518055
    2.香港城市大学 计算机科学学院,香港特别行政区 999077
  • 收稿日期:2020-05-07 出版日期:2020-10-20 发布日期:2020-11-06
  • 作者简介:李涵(1994—),女,哈尔滨工业大学(深圳)硕士研究生,E-mail: linyuhan32@gmail.com
  • 基金资助:
    国家重点研发计划(2017YFB0803002);国家重点研发计划(2016YFB0800804);国家自然科学基金(61672195);国家自然科学基金(61732022)

Algorithm for encrypted search with forward secure updates and verification

LI Han1(),ZHANG Chen2,HUANG Hejiao1,GUO Yu2   

  1. 1. Department of Computer Science and Technology, Harbin Institute of Technology, Shenzhen 518055,China
    2. Department of Computer Science, City University of Hong Kong,Hong Kong 999077,China
  • Received:2020-05-07 Online:2020-10-20 Published:2020-11-06

摘要:

近年来,云计算的进步推动了可搜索加密技术的发展。然而,现有的加密搜索模式主要考虑中心化的环境,即搜索操作执行在传统的客户-服务器模型中。如何在非信任的分布式环境(如区块链系统)应用可搜索加密技术仍有待探索。与此同时,如何保证前向安全更新则是可搜索加密技术面临的另一挑战。为解决以上问题,基于区块链技术,设计了一种支持前向安全更新和验证的加密搜索算法。首先,提出了一种支持前向安全更新的双索引结构,并展示了如何将此结构应用于区块链系统,以实现最优的搜索和更新复杂度;其次,提出了一种新的结果验证方案,该方案基于加密的链上验证表实现了强大的数据保护,并显著降低了区块链的开销;最终,通过Redis集群实现了系统原型,并利用Amazon Cloud服务器对系统进行了性能评估。大量实验证明了所设计的方案是安全且高效的。

关键词: 加密搜索, 前向安全, 区块链系统, 动态可搜索加密

Abstract:

Recent advances in cloud computing are further pushing forward the development of the technique known as searchable encryption. However, existing encrypted search schemes mainly consider a centralized setting, where a search is conducted in a traditional client-server model. How to apply searchable encryption schemes to an untrusted distributed setting like the blockchain environment remains to be explored. Meanwhile, the advanced security property like forward security is posing new challenges that traditional technologies are no longer sufficient to cope with. In this work, we explore the potential of the blockchain technique and propose a novel dual index structure for forward-secure encrypted search with dynamic file updates. We show how to synthesize this design strategy in the context of blockchain-based storage systems and achieve both optimal search and update complexity. We also propose a verification scheme to verify the correctness of search results and customize an encrypted on-chain checklist to achieve strong data protection and lower the blockchain overhead. We implement the prototype on a Redis cluster and conduct performance evaluations on the Amazon Cloud. Extensive experiments demonstrate the security and efficiency of the design.

Key words: encrypted search, forward security, blockchain system, dynamic searchable encryption

中图分类号: 

  • TP301.6