策略隐藏的可撤销属性基可搜索加密方案

doi:10.19678/j.issn.1000-3428.0069806

计算机工程 ›› 2026, Vol. 52 ›› Issue (5): 293-302. doi: 10.19678/j.issn.1000-3428.0069806

策略隐藏的可撤销属性基可搜索加密方案

刘晨旭¹, 曹素珍¹^,²^,*(), 刘静洁¹, 庞新杰¹, 冯珍¹

1. 西北师范大学计算机科学与工程学院, 甘肃兰州 730070
2. 西北师范大学密码学与数据分析重点实验室, 甘肃兰州 730070

收稿日期:2024-04-29 修回日期:2024-11-08 出版日期:2026-05-15 发布日期:2026-05-12
通讯作者: 曹素珍
作者简介:
刘晨旭, 男, 硕士研究生, 主研方向为网络与信息安全
曹素珍(通信作者), 副教授
刘静洁, 硕士研究生
庞新杰, 硕士研究生
冯珍, 硕士研究生
基金资助:
国家自然科学基金(62262060); 国家自然科学基金(62362059); 甘肃省教育厅产业支撑计划项目(2022CYZC-17); 甘肃省教育厅产业支撑计划项目(2023CYZC-09); 甘肃省重点研发计划(23YFGA0081)

Revocable Attribute-Based Searchable Encryption Scheme with Policy Hiding

LIU Chenxu¹, CAO Suzhen¹^,²^,*(), LIU Jingjie¹, PANG Xinjie¹, FENG Zhen¹

1. College of Computer Science and Engineering, Northwest Normal University, Lanzhou 730070, Gansu, China
2. Key Laboratory of Cryptography and Data Analytics, Northwest Normal University, Lanzhou 730070, Gansu, China

Received:2024-04-29 Revised:2024-11-08 Online:2026-05-15 Published:2026-05-12
Contact: CAO Suzhen

摘要/Abstract

摘要：

数据隐私保护和密文可搜索性问题在云计算环境中的重要性与日俱增, 针对传统CP-ABE方案中明文形式的访问策略可能会泄露敏感信息、恶意用户撤销繁琐等问题, 提出一种具有前后向安全、可撤销和部分策略隐藏的属性基可搜索加密方案。通过公开用户属性名、隐藏用户属性值的方式实现部分策略隐藏, 避免敏感信息泄露。将用户的身份信息与二叉树叶节点关联, 用户撤销列表与密文绑定, 使得恶意用户被可信中心添加到撤销列表后将无法访问撤销前后的密文, 从而在满足前后向安全的情况下实现用户直接撤销。而云服务器仅需更新与撤销列表相关的密文, 不需要执行密钥更新, 提高了密文更新的效率。采用更新二叉树节点的随机值方式复用被撤销用户占用的二叉树节点, 实现系统中用户数量的扩容。基于q-BDHE假设, 证明所提出的方案在随机预言模型中满足选择明文攻击下的不可区分(IND-CPA)安全性。性能分析表明, 相比传统CP-ABE方案, 该方案在加密阶段的计算开销至少降低了15.3%, 在搜索验证和密文更新阶段计算开销较低。

关键词: 策略隐藏, 用户撤销, 属性基加密, 可搜索, 二叉树

Abstract:

The importance of data privacy protection and ciphertext searchability in cloud computing environments is increasing. Access policies in plain text in traditional CP-ABE schemes may leak sensitive information, and revoking malicious users is cumbersome. To address these issues, this study proposes an attribute-based searchable encryption scheme with forward and backward security, revocability, and partial policy hiding. This scheme achieves partial policy hiding by exposing user attribute names and hiding user attribute values to avoid sensitive information leakage. A user's identity information is associated with the leaves of a binary tree, and the user revocation list is bound to the ciphertext. Thus, malicious users cannot access the ciphertext before and after revocation once they are added to the revocation list by the trusted center, thereby achieving direct user revocation while meeting forward and backward security. After a malicious user is revoked, the cloud service provider only needs to update the ciphertext related to the revocation list, and no additional key update operation is required, which improves the computational efficiency of the ciphertext update. The binary tree nodes occupied by the revoked user are reused by updating the random value of the binary tree node, which increases the number of users in the system. Based on the q-Bilinear Diffie-Hellman Exponent (q-BDHE) assumption, the proposed scheme is proven to be Indistinguish ability under Chosen Plaintext Attack (IND-CPA) secure in the random oracle model. In performance analyses, computational burden reduces by at least 15.3% during the scheme's encryption stage, and the computational overhead is low in the search verification and ciphertext update phases.

Key words: policy hiding, user revocation, attribute-based encryption, searchable, binary tree

刘晨旭, 曹素珍, 刘静洁, 庞新杰, 冯珍. 策略隐藏的可撤销属性基可搜索加密方案[J]. 计算机工程, 2026, 52(5): 293-302.

LIU Chenxu, CAO Suzhen, LIU Jingjie, PANG Xinjie, FENG Zhen. Revocable Attribute-Based Searchable Encryption Scheme with Policy Hiding[J]. Computer Engineering, 2026, 52(5): 293-302.

https://www.ecice06.com/CN/Y2026/V52/I5/293

图/表 8

图1 二叉树示意图

Fig.1 Schematic diagram of binary tree

图2 系统模型

Fig.2 System model

图3 不同方案在密钥生成阶段的时间

Fig.3 Time among different schemes during the key generation phase

图4 不同方案在加密阶段的时间

Fig.4 Time among different schemes during the encryption phase

图5 不同方案在搜索验证阶段的时间

Fig.5 Time among different schemes during the search verification phase

图6 不同方案在解密阶段的时间

Fig.6 Time among different schemes during decryption phase

图7 不同方案在密文更新阶段的时间

Fig.7 Time among different schemes during the ciphertext update phase

参考文献 28

1	SAI S , CHAMOLA V , CHOO K-K R , et al. Confluence of blockchain and artificial intelligence technologies for secure and scalable healthcare solutions: a review. IEEE Internet of Things Journal, 2022, 10 (7): 5873- 5897. URL
2	WANG H Y , LIANG J L , DING Y , et al. Ciphertext-policy attribute-based encryption supporting policy-hiding and cloud auditing in smart health. Computer Standards & Interfaces, 2023, 84, 103696. doi: 10.1016/j.csi.2022.103696
3	ZHANG G , DING Z , XU J , et al. Reasoning and tracing of information security events in the expressway networking system based on deep learning. International Journal of Intelligent Systems, 2022, 37 (11): 8988- 9012. doi: 10.1002/int.22977
4	蒋淇淇, 张亮, 彭凌祺, 等. 基于区块链的可问责可验证外包分层属性加密方案. 计算机工程, 2025, 51 (3): 24- 33. doi: 10.19678/j.issn.1000-3428.0069378
	JIANG Q Q , ZHANG L , PENG L Q , et al. Accountable and verifiable outsourced hierarchical attribute encryption scheme based on blockchain. Computer Engineering, 2025, 51 (3): 24- 33. doi: 10.19678/j.issn.1000-3428.0069378
5	GOPALA M , SRIRAM G . Edge computing vs. cloud computing: an overview of big data challenges and opportunities for large enterprises. International Research Journal of Modernization in Engineering Technology and Science, 2022, 4 (1): 1331- 1337. doi: 10.0202/Computin.2022197786
6	ZHANG Y H , ZHU T , GUO R , et al. Multi-keyword searchable and verifiable attribute-based encryption over cloud data. IEEE Transactions on Cloud Computing, 2021, 11 (1): 971- 983. URL
7	SETHI K , PRADHAN A , BERA P . PMTER-ABE: a practical multi-authority CP-ABE with traceability, revocation and outsourcing decryption for secure access control in cloud systems. Cluster Computing, 2021, 24, 1525- 1550. doi: 10.1007/s10586-020-03202-2
8	LI H , YU K P , LIU B , et al. An efficient ciphertext-policy weighted attribute-based encryption for the Internet of health things. IEEE Journal of Biomedical and Health Informatics, 2021, 26 (5): 1949- 1960. URL
9	SONG D X, WAGNER D, PERRIG A. Practical techniques for searches on encrypted data[C]//Proceeding of IEEE Symposium on Security and Privacy. Washington D. C., USA: IEEE Press, 2000: 44-55.
10	BONEH D, DI CRESCENZO G, OSTROVSKY R, et al. Public key encryption with keyword search[C]// Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques. Berlin, Germany: Springer, 2004: 506-522.
11	BONEH D, FRANKLIN M. Identity-based encryption from the Weil pairing[EB/OL]. [2024-03-21]. https://link.springer.com/content/pdf/10.1007/3-540-44647-8_13.pdf?pdf=core.
12	YU Y , SHI J B , LI H L , et al. Key-policy attribute-based encryption with keyword search in virtualized environments. IEEE Journal on Selected Areas in Communications, 2020, 38 (6): 1242- 1251. doi: 10.1109/JSAC.2020.2986620
13	YIN H , ZHANG J X , XIONG Y Q , et al. CP-ABSE: a ciphertext-policy attribute-based searchable encryption scheme. IEEE Access, 2019, 7, 5682- 5694. doi: 10.1109/ACCESS.2018.2889754
14	BOLDYREVA A, GOYAL V, KUMAR V. Identity-based encryption with efficient revocation[C]//Proceedings of the 15th ACM Conference on Computer and communications Security. New York, USA: ACM Press, 2008: 417-426.
15	LI J G , YAO W , HAN J G , et al. User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage. IEEE Systems Journal, 2017, 12 (2): 1767- 1777. URL
16	LIAN H J , WANG Q X , WANG G B . Large universe ciphertext-policy attribute-based encryption with attribute level user revocation in cloud storage. The International Arab Journal Information Technology, 2020, 17 (1): 107- 117. doi: 10.34028/iajit/17/1/13
17	BOUCHAALA M , GHAZEL C , SAIDANE L A . Trak-CPABE: a novel traceable, revocable and accountable ciphertext-policy attribute-based encryption scheme in cloud computing. Journal of Information Security and Applications, 2021, 61, 102914. doi: 10.1016/j.jisa.2021.102914
18	LIU Z H , DUAN S H , ZHOU P L , et al. Traceable-then-revocable ciphertext-policy attribute-based encryption scheme. Future Generation Computer Systems, 2019, 93, 903- 913. doi: 10.1016/j.future.2017.09.045
19	HAN D Z , PAN N N , LI K-C . A traceable and revocable ciphertext-policy attribute-based encryption scheme based on privacy protection. IEEE Transactions on Dependable and Secure Computing, 2022, 19 (1): 316- 327. doi: 10.1109/TDSC.2020.2977646
20	ZHANG Y H , DENG R H , XU S , et al. Attribute-based encryption for cloud computing access control: a survey. ACM Computing Surveys, 2020, 53 (4): 1- 41. URL
21	YANG F , LIU L , YOU W , et al. You are revoked and out: towards directly revocable ciphertext-policy attribute-based encryption. Security and Communication Networks, 2022, 41, 1- 17.
22	ZHANG Y H , ZHENG D , DENG R H . Security and privacy in smart health: efficient policy-hiding attribute-based access control. IEEE Internet of Things Journal, 2018, 5 (3): 2130- 2145. doi: 10.1109/JIOT.2018.2825289
23	MOHD SATAR S D , HUSSIN M , HANAPI Z M , et al. Towards virtuous cloud data storage using access policy hiding in ciphertext policy attribute-based encryption. Future Internet, 2021, 13 (11): 279. doi: 10.3390/fi13110279
24	CHAUDHARI P , DAS M L . KeySea: keyword-based search with receiver anonymity in attribute-based searchable encryption. IEEE Transactions on Services Computing, 2022, 15 (2): 1036- 1044. doi: 10.1109/TSC.2020.2973570
25	RASORI M , LA MANNA M , PERAZZO P , et al. A survey on attribute-based encryption schemes suitable for the Internet of things. IEEE Internet of Things Journal, 2022, 9 (11): 8269- 8290. doi: 10.1109/JIOT.2022.3154039
26	HE Y , WANG H Y , LI Y , et al. An efficient ciphertext-policy attribute-based encryption scheme supporting collaborative decryption with blockchain. IEEE Internet of Things Journal, 2022, 9 (4): 2722- 2733. doi: 10.1109/JIOT.2021.3099171
27	王经纬, 宁建廷, 许胜民, 等. 面向可变用户群体的可搜索属性基加密方案. 软件学报, 2023, 34 (4): 1907- 1925. doi: 10.13328/j.cnki.jos.006698
	WANG J W , NING J T , XU S M , et al. Searchable attribute-based encryption scheme for dynamic user groups. Journal of Software, 2023, 34 (4): 1907- 1925. doi: 10.13328/j.cnki.jos.006698
28	MIAO Y B , MA J F , LIU X M , et al. Attribute-based keyword search over hierarchical data in cloud computing. IEEE Transactions on Services Computing, 2017, 13 (6): 985- 998. doi: 10.1109/TSC.2017.2757467

[1]	易求知, 汤红波, 邱航. 基于布隆过滤器的物联网场景中多用户可搜索加密方案[J]. 计算机工程, 2025, 51(7): 254-262.
[2]	孙瑾, 苏文娟, 王璐, 叶克鑫. 基于联盟区块链和星际文件系统的安全租房方案[J]. 计算机工程, 2024, 50(11): 187-196.
[3]	黄保华, 郑慧颖, 屈锡, 陈宁江. 联盟链高效存储访问控制方案[J]. 计算机工程, 2023, 49(8): 37-45.
[4]	张晓均, 刘庆, 郑爽, 王鑫, 薛婧婷, 王世雄. 支持隐私保护的可验证云端数据分享方案[J]. 计算机工程, 2023, 49(3): 49-57.
[5]	方子旋, 曹素珍, 闫俊鉴, 卢彦霏, 何启芝, 王彩芬. 智慧医疗环境下白盒可追溯的CP-ABE方案[J]. 计算机工程, 2023, 49(3): 142-150.
[6]	王正, 曹素珍, 赵晓, 周大伟, 邢丹丹. 云边协同下可排序的属性基可搜索加密方案[J]. 计算机工程, 2023, 49(12): 121-128.
[7]	张凌云, 陈玉玲. 基于格上密文策略属性基加密的联盟链数据共享方案[J]. 计算机工程, 2023, 49(11): 30-39.
[8]	丁晓晖, 曹素珍, 王彩芬. 智能合约辅助下满足前后向安全的动态可搜索加密方案[J]. 计算机工程, 2022, 48(7): 141-150.
[9]	张超, 彭长根, 丁红发, 许德权. 基于国密SM9的可搜索加密方案[J]. 计算机工程, 2022, 48(7): 159-167.
[10]	彭红艳, 李杰, 石贞奎, 李先贤. 一种基于区块链可验证的加密图像检索方案[J]. 计算机工程, 2022, 48(2): 25-33,39.
[11]	张晓东, 陈韬伟, 余益民. 一种基于LWE‐CPABE的区块链数据共享方案[J]. 计算机工程, 2022, 48(10): 158-168,175.
[12]	王静宇, 周雪娟. 一种支持属性撤销的密文策略属性基加密方案[J]. 计算机工程, 2021, 47(7): 95-100.
[13]	窦凤鸽, 曹素珍, 马佳佳, 丁晓晖, 王彩芬. 指定使用者的多服务器多关键字可搜索加密方案[J]. 计算机工程, 2021, 47(11): 144-149,157.
[14]	黄保华, 黄丕荣, 赵伟宏, 彭丽. 云存储中支持属性撤销的多关键词可搜索加密方案[J]. 计算机工程, 2021, 47(11): 29-36.
[15]	邓志辉, 王少辉, 王平. 基于合数阶双线性对的可搜索加密方案分析与改进[J]. 计算机工程, 2020, 46(9): 123-128,135.

选择文件类型/文献管理软件名称

选择包含的内容

策略隐藏的可撤销属性基可搜索加密方案

Revocable Attribute-Based Searchable Encryption Scheme with Policy Hiding

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 28

相关文章 15

编辑推荐

Metrics

本文评价

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

策略隐藏的可撤销属性基可搜索加密方案

Revocable Attribute-Based Searchable Encryption Scheme with Policy Hiding

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 28

相关文章 15

编辑推荐

Metrics

本文评价