Page 361 - 《软件学报》2025年第9期
P. 361
4272 软件学报 2025 年第 36 卷第 9 期
Abstract: Cloud storage has become an important part of the digital economy as it brings great convenience to users’ data management.
However, complex and diverse network environments and third parties that are not fully trusted pose great threats to users' privacy. To
protect users’ privacy, data is usually encrypted before storage, but the ciphertext generated by traditional encryption techniques hinders
subsequent data retrieval. Public-key encryption with keyword search (PEKS) technology can provide a confidential retrieval function while
guaranteeing data encryption, but the traditional PEKS scheme is vulnerable to keyword guessing attacks due to the small number of
common keywords. Public-key authenticated encryption with keyword search (PAEKS) introduces authentication technology based on
PEKS, which can further improve security. However, most of the existing PAEKS schemes are designed based on foreign cryptographic
algorithms, which do not meet the development needs of independent innovation of cryptography in China. This study proposes an SM9-
PAEKS scheme, which can effectively improve user-side retrieval efficiency by redesigning algorithm structure and transferring time-
consuming operations to a resource-rich cloud server. Scheme security is also proved under the random oracle model based on q-BDHI
and Gap-q-BCCA1 security assumptions. Finally, theoretical analysis and experimental results show that compared with the optimal
communication cost among similar schemes, SM9-PAEKS can reduce the total computational overhead by at least 59.34% with only 96
bytes of additional communication cost, and the computational overhead reduction of keyword trapdoor generation is particularly
significant, about 77.55%. This study not only helps to enrich national security algorithm applications but also provides theoretical and
technical support for data encryption and retrieval in cloud storage.
Key words: public-key authenticated encryption with keyword search (PAEKS); SM9 encryption algorithm; privacy protection; data security;
cloud storage
近年来, 互联网技术发展迅速, 网络中的数据呈现规模大、种类多和增速快的特征. 为缓解本地海量数据带来
的存储压力, 越来越多的用户选择将个人数据上传至云端存储. 然而, 数据一旦存储至云端, 意味着用户失去对自
己数据的控制权. 此外, 由于网络环境的复杂多样性和第三方云存储提供商的不完全可信, 用户个人数据和隐私面
临泄露的威胁与挑战. 这将阻碍云存储的发展和应用, 云存储服务提供商需采取相应的安全措施以保护用户隐私 [1] .
为确保数据安全, 用户通常先加密数据后存储, 但传统对称/非对称加密技术生成的密文不利于后续数据的检
索与使用. 为此, 用户可将全部数据下载至本地, 先解密后检索, 但往往用户数据量较大, 该方式面临占用大量网络
带宽、消耗计算与存储资源的困境. 此外, 用户也可以将密钥发送给云端服务器, 由资源丰富的云端完成解密与检
索, 但这面临密钥如何安全传输和云端是否足够可信等问题. 探寻加密数据的同时, 提供便捷检索功能的技术已成
为一大研究热点. 公钥可搜索加密 (public-key encryption with keyword search, PEKS) 技术因有效平衡了功能性、
效率与实用性, 成为最有效解决方式之一.
目前, 围绕 PEKS 技术的相关研究取得了一系列优秀的成果 [2] . 然而, 由于日常生活中使用的关键词数量较少,
以英语为例, 常用单词仅 3 000 个. 因此, 传统 PEKS 方案易遭受恶意云服务器发起的内部关键词猜测攻击, 从而泄
露用户数据中包含的关键词, 对用户的隐私造成极大威胁 [3,4] . 公钥认证可搜索加密 (public-key authenticated
encryption with keyword search, PAEKS) 在 PEKS 的基础上引入发送方公私钥, 分别用于关键词陷门和关键词密文
生成. 由于缺少发送方私钥, 云服务器无法生成合理关键词密文, 从而可有效抵抗内部关键词猜测攻击, 为用户隐
私提供更强保障. 现有 PAEKS 方案大多基于国外密码算法设计, 不符合我国密码技术自主可控的发展需求. 此外,
现有多数 PAEKS 方案中用户端涉及较多高耗时运算, 不利于物联网等领域的轻量级设备使用. 为了进一步保障
用户隐私同时促进国产密码算法的扩展与应用, 亟需基于国产密码算法设计安全实用的 PAEKS 方案.
针对上述发展瓶颈, 本文提出基于国密 SM9 的公钥认证可搜索加密方案, 填补了现有研究中缺乏基于国密算
法所设计 PAEKS 方案的空缺, 可有效保障云存储系统的安全性与实用性, 本文主要贡献如下.
(1) 扩展国产商用密码的功能性, 提出了首个基于国密 SM9 的公钥认证可搜索加密方案 (SM9-PAEKS), 该方
案采用 SM9 密码算法的椭圆曲线参数, 可与使用 SM9 系列密码的系统实现完美兼容, 有助于国密算法的推广与
应用, 增强公钥可搜索加密技术的自主可控能力.
(2) 抵抗关键词猜测攻击, SM9-PAEKS 通过引入共享密钥的方式, 在关键词密文和陷门生成阶段分别引入发
送方私钥和接收方私钥, 实现抗关键词猜测攻击的特性, 即便内部诚实但好奇的云服务器也无法发起关键词猜测
攻击, 从而提高了安全性.
(3) 提升用户端检索效率, 现有大部分 PAEKS 方案都是基于高耗时双线性配对运算设计的, 用户端通常涉及
