可搜索加密(searchable encryption,SE)允许用户将数据加密后存储到云服务器上,然后在密文数据中按关键词进行搜索,且保证隐私泄漏的最小化.现已提出了针对效率和安全性方面的多种SE方案,但对于多方用户的可搜索加密,目前绝大多数方案都需要用到完全可信的第三方来进行用户授权.针对这一问题,提出让半诚实的云服务器来维护一个权限分配矩阵,允许用户按自己的意愿控制其他用户对自己文件的访问权限,从而弱化了可信第三方的功能.而且,搜索者可指定用户并且服务器只在对其授权的用户文档中进行搜索,从而缩小了搜索范围.同时,利用双线性对的性质,在不增加额外交互的前提下解决了加密文档的密钥分发问题.最后给出该方案在随机预言机模型下安全性的形式化证明.
Searchable encryption(SE)allows a client to store a collection of encrypted documents on a server and later quickly carry out keyword searches on these encrypted documents,while revealing minimal information to the server.Searchable encryption is an active area of research and a number of schemes with different efficiency and security characteristics have been proposed in the literature.In terms of the multi-user setting,most existing schemes involve a fully-trusted third-party to assign permission among users.In this paper,based on bilinear pairing,we propose a multi-user searchable encryption scheme without the trusted third-party.Specifically,we allow users to discretionarily authorize the documents which other users can access,by maintaining rights assignment matrix to the cloud service provider(CSP)which is honest but curious.Moreover in our scheme,in the searching phase the user can search the documents he wants meanwhile has access to,and accordingly reduce the search scopes of the cloud server.In addition,based on bilinear pairing,we solve the problem of symmetric key distribution,which is neglected in most existing schemes.Actually it implies security risks if the symmetric key is shared among the users.Lastly,we provide formal security proof of our scheme in random oracle model.