Research On Proxy Re-encryption With Keyword Search Scheme

In today’s era of data technology,data is widely collected and stored in the cloud.Massive data contains huge amounts of information and knowledge,which gives rise to the demand for exchange and sharing.However,because the data usually contains sensitive information of users,large-scale data circulation will make users face the threat of privacy disclosure.Therefore,how to share cloud data effectively and activate the value of data elements under the premise of ensuring security and privacy has aroused people’s great attention.Proxy re-encryption with keyword search has the functions of keyword search and decryption authorization,which is the theoretical and technical basis for optional sharing of ciphertext data in the cloud.This thesis mainly studies the time-controlled access authorization and offline keyword guessing attack(adversaries are divided into external and internal server)of proxy re-encryption with keyword search,and proposes the following two schemes:(1)To solve the problems that proxy re-encryption with keyword search does not support time-controlled access authorization and cannot resist off-line keyword guessing attack,we propose a time-controlled designated tester proxy re-encryption with keyword search scheme.The scheme allows the data owner to dynamically grant the search and decryption rights of ciphertext data in the cloud to the data user within a specified time range,and can resist off-line keyword guessing attack by external adversaries.By adding the time range information in the re-encryption phase,the data owner can flexibly set different access time ranges for different data users,data users can only search and decrypt data within the specified time range,access rights will be automatically revoked after expiration without requiring the data owner to perform additional operations to revoke the authorization.By designating the server as the test executor,external adversaries are prevented from launching off-line keyword guessing attack.Security proof and performance evaluation show that the scheme realize better security at the expense of admissible computation and communication costs.In addition,we apply the proposed scheme to the scenario of sharing patients’ electronic medical records among different hospitals,and design a specific electronic medical records sharing scheme based on the consortium blockchain.(2)To deal with the off-line keyword guessing attack suffered by conditional proxy reencryption with keyword search,we propose a server-aided conditional proxy re-encryption with keyword search scheme.By introducing a key server(with public and private key pairs)to help users generate keyword ciphertext and trapdoor,the off-line keyword guessing attack by external adversaries and internal server adversary are solved simultaniously.Different from that the keyword ciphertext and trapdoor are directly generated by the original keyword in the conditional proxy re-encryption with keyword search scheme,users need to ask a semi-trusted key server for the keyword signature to generate the corresponding keyword ciphertext and trapdoor in the server-aided conditional proxy re-encryption with keyword search scheme.Because the private key of the key server is required to generate keyword ciphertext and trapdoor,neither of the two types of adversaries can traverse all the keywords in the keyword space to carry out off-line keyword guessing attack without the private key of the key server.We propose a general transformation method from conditional proxy re-encryption with keyword search scheme to secure server-aided conditional proxy re-encryption with keyword search scheme using deterministic blind signature scheme,and give the security proof.In order to illustrate the feasibility,we present a specific server-aided conditional proxy re-encryption with keyword search scheme.In addition,we propose a method to avoid single point of failure by expanding the number of key servers,and periodic key update to key servers can be supported without affecting the search function,which further improves the security of the scheme.To sum up,the research content of this thesis mainly focuses on the security of proxy reencryption with keyword search,which provids theoretical reserve and technical reference for secure and efficient sharing of ciphertext data in the cloud.