CAJ | 학술논문

在存储服务中，可搜索加密方案使得用户能够有选择地访问其密文数据，同时还能确保用户搜索数据的机密性。基于连接关键词(即多个关键词的布尔组合)的可搜索加密方案因其更高的搜索精度在安全存储服务中有着重要的应用价值。目前已有的基于连接关键词的可搜索加密方案存在诸如连接关键词的陷门太大、搜索效率不高及不支持多用户等问题。该文采用授权用户和存储服务器先后对关键词加密的方式提出了一个高效的基于连接关键词的可搜索加密方案，使得授权用户能够利用连接关键词的陷门搜索加密文档。在确定性Diffie-Hellman问题假设下，证明了方案的安全性。通过与现有方案相比较，提出的方案在通信和计算代价，即搜索陷门大小、关键词加密和搜索的速度等方面的综合效率得到提高。此外，提出的方案支持多用户，即能够动态地增加和撤销用户，使得用户能够直接在存储服务器上进行数据共享。
재존저복무중，가수색가밀방안사득용호능구유선택지방문기밀문수거，동시환능학보용호수색수거적궤밀성。기우련접관건사(즉다개관건사적포이조합)적가수색가밀방안인기경고적수색정도재안전존저복무중유착중요적응용개치。목전이유적기우련접관건사적가수색가밀방안존재제여련접관건사적함문태대、수색효솔불고급불지지다용호등문제。해문채용수권용호화존저복무기선후대관건사가밀적방식제출료일개고효적기우련접관건사적가수색가밀방안，사득수권용호능구이용련접관건사적함문수색가밀문당。재학정성Diffie-Hellman문제가설하，증명료방안적안전성。통과여현유방안상비교，제출적방안재통신화계산대개，즉수색함문대소、관건사가밀화수색적속도등방면적종합효솔득도제고。차외，제출적방안지지다용호，즉능구동태지증가화철소용호，사득용호능구직접재존저복무기상진행수거공향。
In storage service, searchable encryption scheme allows users to access their cipher data selectively, and meanwhile ensures the confidentiality of search data. Since possessing higher search accuracy, conjunctive keyword (namely Boolean combination of multiple keywords) searchable encryption scheme enjoys greater significance in secure storage service application. However, there are some flaws in existing searchable encryption schemes, such as the size of the trapdoor of conjunctive keyword is too large, the search efficiency is slow and there is no support for multiple users search, etc. In this paper, an efficient conjunctive keyword searchable encryption scheme is proposed based on the method that the keywords are encrypted by authorized users and storage server successively,in which authorized users are allowed to search encrypted documents with the trapdoor generated by conjunctive keyword. The scheme is provable secure in the decisional Diffie-Hellman assumption. Compared with the existing schemes, the overall efficiency of the proposed scheme in computation and communication cost, including the size of trapdoor, the speed of keyword encryption and searching, is improved. Moreover, the proposed scheme also supports multiple users, that is, users can be added or revoked dynamically, by this way, and users can share data directly in storage server.