基于布隆过滤器的物联网场景中多用户可搜索加密方案

doi:10.19678/j.issn.1000-3428.0069220

摘要/Abstract

摘要：

可搜索加密技术以提取出的关键词作为索引, 在文档群中对特定文档进行搜索。现有的可搜索加密方案存在消耗随关键词数量增多而显著增加以及多用户索引不能碰撞的问题。针对现有方案的局限性, 提出一种物联网(IoT)场景中多用户多关键词的可搜索加密方案。基于布隆过滤器的特性, 使用内存消耗较小的向量作为索引对文档群进行分组, 在允许索引碰撞的同时提高可搜索加密的效率。利用由加密关键词生成的验证密文对陷门中是否包含本文档所含关键词进行验证, 从而使用户能在共用索引的文档中找到匹配的文档。基于离散对数问题及Diffle-Hellman问题的困难性, 该方案在各阶段生成密文所需的计算次数较少。理论分析和实验结果表明, 该方案具有可用性和安全性, 且通信开销相较对比方案更小。

关键词: 可搜索加密算法, 多关键词加密算法, 布隆过滤器, Diffle-Hellman假设, 离散对数问题

Abstract:

Searchable encryption technology utilizes extracted keywords as indexes to search for specific documents within a document collection. However, existing searchable encryption schemes suffer from the issues of significantly increased resource consumption with an increased number of keywords and the inability to allow index collisions in multi-user scenarios. To address the limitations of the current schemes, a searchable encryption scheme for multi-user and multi-keyword scenarios in Internet of Things (IoT) environments is proposed. Leveraging the characteristics of Bloom filters, a memory-efficient vector is employed as an index for grouping document collections, thereby enhancing the efficiency of searchable encryption while permitting index collisions. A verification ciphertext generated from encrypted keywords is used to verify whether the trapdoor contains the keywords present in a document, thereby enabling users to locate matching documents within the shared-index document collection. Based on the discrete logarithm's hardness and the Diffie-Hellman problems, the proposed scheme requires fewer computational operations for ciphertext generation at each stage. Theoretical analysis and experimental results demonstrate that the scheme is both feasible and secure, with reduced communication overhead when compared with alternative approaches.

Key words: searchable encryption algorithm, multi-keyword encryption algorithm, Bloom filter, Diffle-Hellman assumption, discrete logarithm problem

易求知, 汤红波, 邱航. 基于布隆过滤器的物联网场景中多用户可搜索加密方案[J]. 计算机工程, 2025, 51(7): 254-262.

YI Qiuzhi, TANG Hongbo, QIU Hang. Multi-User Searchable Encryption Scheme for IoT Scenarios Based on Bloom Filter[J]. Computer Engineering, 2025, 51(7): 254-262.

https://www.ecice06.com/CN/Y2025/V51/I7/254

图/表 8

图1 系统模型

Fig.1 System model

图2 布隆过滤器的映射过程

Fig.2 The mapping process of Bloom filter

图3 子索引生成过程

Fig.3 Subindex generation process

图4 不同阶段各方案的算法时间消耗

Fig.4 Algorithm time consumption of each scheme in different stages

参考文献 27

1	黄静. 物联网综述. 北京财贸职业学院学报, 2016, 32 (6): 21- 26. doi: 10.3969/j.issn.1974-2923.2016.06.005
	HUANG J . Overview of the Internet of Things. Journal of Beijing College of Finance and Commerce, 2016, 32 (6): 21- 26. doi: 10.3969/j.issn.1974-2923.2016.06.005
2	施鑫垚, 王静宇, 刘立新. 物联网环境下分布式的隐私保护数据聚合方案. 小型微型计算机系统, 2024, 45 (8): 2026- 2033.
	SHI X Y , WANG J Y , LIU L X . Distributed privacy protection data aggregation scheme in the Internet of Things environment. Journal of Chinese Computer Systems, 2024, 45 (8): 2026- 2033.
3	MAHMOOD M , KHAN M I , ZIAUDDIN , et al. Improving security architecture of Internet of medical things: a systematic literature review. IEEE Access, 2023, 11, 107725- 107753.
4	ZIDI C M , SONDI P , MITTON N , et al. Review and perspectives on the audit of vehicle-to-everything communications. IEEE Access, 2023, 11, 81623- 81645.
5	JE S M , WOO H , CHOI J , et al. A research trend on anonymous signature and authentication methods for privacy invasion preventability on smart grid and power plant environments. Energies, 2022, 15 (12): 1- 20.
6	TANG Z H . Secret sharing-based IoT text data outsourcing: a secure and efficient scheme. IEEE Access, 2021, 9, 76908- 76920.
7	SONG D X, WAGNER D, PERRIG A. Practical techniques for searches on encrypted data[C]//Proceeding of 2000 IEEE Symposium on Security and Privacy. Washington D.C., USA: IEEE Press, 2000: 44-55.
8	BONEH D, DI CRESCENZO G, OSTROVSKY R, et al. Public key encryption with keyword search[C]//Proceeding of International Conference on the Theory and Applications of Cryptographic Techniques. Washington D.C., USA: IEEE Press, 2004: 506-522.
9	WU L B , CHEN B W , ZEADALLY S , et al. An efficient and secure searchable public key encryption scheme with privacy protection for cloud storage. Soft Computing, 2018, 22 (23): 7685- 7696.
10	HAN L D , GUO J L , YANG G , et al. An efficient and secure public key authenticated encryption with keyword search in the logarithmic time. IEEE Access, 2021, 9, 151245- 151253.
11	GOH E J . Secure indexes. IACR Cryptol. ePrint Arch, 2003, 8042 (216): 353- 373.
12	BAO F, DENG R H, DING X H, et al. Private query on encrypted data in multi-user settings[C]//Proceedings of International Conference on Information Security Practice and Experience. Berlin, Germany: Springer, 2008: 71-85.
13	FENG T , SI J W . Certificateless searchable encryption scheme in multi-user environment. Cryptography, 2022, 6 (4): 61.
14	WANG G F , LIU C Y , DONG Y F , et al. IDCrypt: a multi-user searchable symmetric encryption scheme for cloud applications. IEEE Access, 2018, 6, 2908- 2921.
15	WANG H J , DONG X L , CAO Z F . Secure and efficient encrypted keyword search for multi-user setting in cloud computing. Peer-to-Peer Networking and Applications, 2019, 12 (1): 32- 42.
16	LI X H , TONG Q Y , ZHAO J W , et al. VRFMS: verifiable ranked fuzzy multi-keyword search over encrypted data. IEEE Transactions on Services Computing, 2023, 16 (1): 698- 710.
17	LU Y , LI J G , ZHANG Y C . Secure channel free certificate-based searchable encryption withstanding outside and inside keyword guessing attacks. IEEE Transactions on Services Computing, 2021, 14 (6): 2041- 2054.
18	CHEN B W , WU L B , KUMAR N , et al. Lightweight searchable public-key encryption with forward privacy over IIoT outsourced data. IEEE Transactions on Emerging Topics in Computing, 2021, 9 (4): 1753- 1764.
19	SUN Y B , LI X F , LV F R , et al. Research on logistics information blockchain data query algorithm based on searchable encryption. IEEE Access, 2021, 9, 20968- 20976.
20	冯涛, 陈李秋, 方君丽, 等. 基于本地化差分隐私和属性基可搜索加密的区块链数据共享方案. 通信学报, 2023, 44 (5): 224- 233.
	FENG T , CHEN L Q , FANG J L , et al. Blockchain data sharing scheme based on localized difference privacy and attribute-based searchable encryption. Journal on Communications, 2023, 44 (5): 224- 233.
21	郑东, 何俊杰, 秦宝东, 等. 可撤销的多关键字公钥可搜索加密方案. 计算机应用研究, 2023, 40 (7): 2179-2183, 2191.
	ZHENG D , HE J J , QIN B D , et al. Multi-keyword public key searchable encryption scheme with keyword revocation. Application Research of Computers, 2023, 40 (7): 2179-2183, 2191.
22	宋安宁, 王宝成, 李化鹏. 基于无证书的具有否认认证的可搜索加密方案. 计算机应用研究, 2023, 40 (5): 1510- 1514.
	SONG A N , WANG B C , LI H P . Certificateless cryption based public key keyword searchable encryption scheme with denial authentication. Application Research of Computers, 2023, 40 (5): 1510- 1514.
23	秦宝东, 陈从正, 何俊杰, 等. 基于可验证秘密共享的多关键词可搜索加密方案. 信息网络安全, 2023, 23 (5): 32- 40.
	QIN B D , CHEN C Z , HE J J , et al. Multi-keyword searchable encryption scheme based on verifiable secret sharing. Netinfo Security, 2023, 23 (5): 32- 40.
24	袁承昊, 李勇, 任爽. 多关键词动态可搜索加密方案. 网络与信息安全学报, 2023, 9 (2): 143- 153.
	YUAN C H , LI Y , REN S . Multi-keyword dynamic searchable encryption scheme. Chinese Journal of Network and Information Security, 2023, 9 (2): 143- 153.
25	崔新华, 田有亮, 张起嘉. 高效的可验证无证书可搜索加密方案. 通信学报, 2023, 44 (8): 61- 77.
	CUI X H , TIAN Y L , ZHANG Q J . Efficient certificateless searchable encryption scheme with verifiability. Journal on Communications, 2023, 44 (8): 61- 77.
26	NAIR M S , RAJASREE M S . Fine-grained search and access control in multi-user searchable encryption without shared keys. Journal of Information Security and Applications, 2018, 41, 124- 133.
27	SUN L X , XU C X , LI C , et al. Server-aided searchable encryption in multi-user setting. Computer Communications, 2020, 164, 25- 30.

[1]	叶晓东, 赵迎迎, 孙永奇, 赵思聪, 刘真. 基于非定长编码和滑动窗口的隐私保护记录链接方法[J]. 计算机工程, 2024, 50(2): 154-164.
[2]	曹素珍,孙晗,戴文洁,王秀娅. 基于DLP的可选择链接可转换环签名方案[J]. 计算机工程, 2019, 45(2): 144-147,153.
[3]	黄保华,吕琦,莫家威. 云存储中基于拼音相似度的密文模糊搜索方案[J]. 计算机工程, 2019, 45(1): 103-108.
[4]	翟金凤,孙立博,鲁凯,林学勇,秦文虎. 基于Counting Bloom Filter的流抽样算法研究[J]. 计算机工程, 2018, 44(8): 273-278.
[5]	陈辉焱,刘乐,张晨晨. 一种具有CDH问题安全性基于身份的签名方案[J]. 计算机工程, 2018, 44(4): 174-180.
[6]	左黎明,张婷婷,郭红丽,陈祚松. 基于无对映射的无证书聚合签名方案[J]. 计算机工程, 2017, 43(5): 313-316.
[7]	姚敏,尹建伟,唐彦,罗智凌. 基于数据路由的分布式备份数据去重系统[J]. 计算机工程, 2017, 43(2): 85-91.
[8]	汤永利,王菲菲,闫玺玺,李子臣. 高效可证明安全的无证书签名方案[J]. 计算机工程, 2016, 42(3): 156-160.
[9]	冯泽宇,巩博儒,赵运磊. 基于离散对数的数字签名标准对比研究[J]. 计算机工程, 2016, 42(1): 145-149.
[10]	牛淑芬,王彩芬,张玉磊,曹素珍. 多源网络编码数据完整性验证方案[J]. 计算机工程, 2015, 41(3): 21-25.
[11]	杨阳,朱晓玲,丁凉. 基于中国剩余定理的无可信中心可验证秘密共享研究[J]. 计算机工程, 2015, 41(2): 122-128.
[12]	翟海波,庄毅,霍瑛. 基于服务力向量的发布/ 订阅自动发现算法[J]. 计算机工程, 2014, 40(9): 51-54,65.
[13]	包杰，王伶俐. 基于函数分类和布隆过滤器的布尔匹配方法[J]. 计算机工程, 2014, 40(6): 275-280.
[14]	程文娟，董莹莹，韩俊光. 一种简单高效的密封式电子拍卖方案[J]. 计算机工程, 2014, 40(3): 171-174.
[15]	罗军，陈席林，李文生. 高效Key-Value持久化缓存系统的实现[J]. 计算机工程, 2014, 40(3): 33-38.

选择文件类型/文献管理软件名称

选择包含的内容