云存储中多用户可验证的动态可搜索对称加密研究

Encryption is the basic technology to ensure the security of the data in the cloud, while ciphertext search is the key to improve the usability of the cloud storage. Most of the searchable encryption schemes consider the honest-but-curious or semi-honest cloud storage server. However, cloud storage in reality may be unreliable or even malicious. In this case, the encrypted data and search results returned by the server is not completely trustable, so it is crucial to verify the integrity of search results and encrypted data. Considering the untrusted cloud storage server security model, this project explores multi-user verifiable and dynamic searchable symmetric encryption in cloud storage. The main contents include: Combining attribute based encryption and linear secret sharing to realize fine-grained authorization management for multi-user; Utilizing algebraic signatures and homomorphic hash to achieve efficiency integrity verification of data and search results; Constructing the binary vector index to realize flexible multi-keyword search, and utilizing the geometric partition merge method to achieve dynamic updating of ciphertext and index. The ultimate goal is to achieve a set of provable security theory and designing method taking into account security and efficiency for multi-user verifiable and dynamic searchable symmetric encryption. It provides a theoretical foundation and technical support for the cloud storage security, which has important theoretical and practical significance to promote the development of cloud storage.

加密是确保云端数据安全的基本技术，而密文搜索则是提高云存储易用性的关键。目前的可搜索加密方案多是针对半可信的云存储服务器，而现实中的云存储服务器可能是不可信的甚至是恶意的。在此情况下，服务器返回的密文数据与搜索结果是不完全可信的，因此对搜索结果及密文数据进行完整性验证是至关重要的。针对不可信的云存储服务安全模型，本课题研究云存储中多用户可验证的动态可搜索对称加密。具体研究内容包括：结合属性加密与线性秘密共享技术实现多用户环境下细粒度的权限管理；利用代数签名和同态Hash实现高效的数据与搜索结果的完整性验证；构建二进制向量索引，实现灵活的多关键词搜索，并采用几何划分合并方法实现密文和索引的动态更新。本课题预期形成一套多用户可验证的动态可搜索对称加密方案的可证明安全性理论和兼顾安全性及效率的设计方法，为云存储安全提供理论基础和技术保障，对于推进云存储的快速发展具有重要的理论意义和实用价值。

密文数据搜索是信息安全和密码学领域的一个重要问题，云存储服务要真正实现让用户“存得放心”、“找得快速”、“用得方便”，就必须解决密文环境下的数据检索。针对当前密文搜索研究工作中存在的诸多问题，本课题研究云存储中多用户可验证的动态可搜索对称加密（SSE）方案，提出若干多用户可验证的动态SSE方案，注重兼顾安全性、效率等设计需求，能使得理论成果更好地满足实际应用的需求。本课题将推动可搜索对称加密方案的设计朝着更加实用化的方向发展，对于推进云存储的快速发展具有重要的理论意义和实用价值。