Verifiable searchable encryption scheme of fine-grained result by designated tester in cloud

doi:10.11772/j.issn.1001-9081.2024081223

Journal of Computer Applications ›› 2025, Vol. 45 ›› Issue (9): 2882-2892.DOI: 10.11772/j.issn.1001-9081.2024081223

• Cyber security • Previous Articles

Verifiable searchable encryption scheme of fine-grained result by designated tester in cloud

Runyu YAN¹^,²(), Rui GUO¹^,², Yongbo YAN¹^,², Guangjun LIU³

^1.School of Cyberspace Security，Xi’an University of Posts and Telecommunications，Xi’an Shaanxi 710121，China
^2.National Engineering Research Center for Wireless Security （Xi’an University of Posts and Telecommunications），Xi’an Shaanxi 710121，China
^3.School of Information Engineering，Xi’an University，Xi’an Shaanxi 710065，China

Received:2024-08-29 Revised:2024-10-30 Accepted:2024-11-11 Online:2024-11-19 Published:2025-09-10
Contact: Runyu YAN
About author:GUO Rui， born in 1984， Ph. D.， associate professor. His research interests include searchable encryption， cloud computing security， data sharing.
YAN Yongbo， born in 2000， M. S. candidate. His research interests include proxy re-encryption， data sharing.
LIU Guangjun， born in 1980， Ph. D.， professor. His research interests include cryptography， coding theory， network coding， secure coding computation.
Supported by:
General Project of Shaanxi Provincial Natural Science Foundation(2024JC-YBMS-545);Xi’an Science and Technology Program(23KGDW0018-2023)

云中指定测试者的细粒度结果可验证搜索加密方案

闫润雨¹^,²(), 郭瑞¹^,², 闫永勃¹^,², 刘光军³

^1.西安邮电大学网络空间安全学院，西安 710121
^2.无线网络安全技术国家工程研究中心（西安邮电大学），西安 710121
^3.西安文理学院信息工程学院，西安 710065

通讯作者: 闫润雨
作者简介:郭瑞（1984—），男，河南洛阳人，副教授，博士，CCF会员，主要研究方向：可搜索加密、云计算安全、数据共享
闫永勃（2000—），男，陕西西安人，硕士研究生，主要研究方向：代理重加密、数据共享
刘光军（1980—），男，安徽六安人，教授，博士，主要研究方向：密码学、编码理论、网络编码、安全编码计算。
基金资助:
陕西省自然科学基金资助项目(2024JC-YBMS-545);陕西省自然科学基金资助项目(2024JC-YBMS-557);西安市科技计划项目(23KGDW0018-2023)

Abstract

Abstract:

In response to the issue that semi-trusted nature of cloud servers in searchable encryption may result in incorrect or incomplete search results， a verifiable searchable encryption scheme of fine-grained result by designated tester in cloud was proposed. In this scheme， data users were allowed to query keywords on encrypted datasets to retrieve files， and verification mechanism was combined to ensure data privacy protection and reliability of search results in cloud； by introducing Merkle Hash Tree （MHT） with Rank value and Counting Bloom Filter （CBF）， correctness of dataset was verified， and accurate results were filtered out in a fine-grained way and the number of qualified files not returned was given， integrity of the dataset was ensured， dynamic updating of the dataset was implemented， and semantic security of selected keywords was proved under random oracle model. Simulation results demonstrate that compared to traditional certificateless verifiable search encryption schemes， the proposed scheme has lower computational overhead and higher execution efficiency in practical applications.

Key words: cloud storage, searchable encryption, designated tester, fine-grained validation, dynamic updating

摘要：

针对可搜索加密中的云服务器半可信特性可能导致返回错误或不完整搜索结果的问题，提出一种云中指定测试者的细粒度结果可验证搜索加密方案。该方案允许数据使用者在加密数据集上查询关键字来获取文件，并结合验证机制以确保云中数据隐私保护和搜索结果的可靠性；引入带Rank值的Merkle哈希树（MHT）和计数型布隆过滤器（CBF），不仅验证了数据集的正确性，还可以细粒度地筛选出正确结果并给出未返回的合格文件数，从而确保数据集的完整性，实现数据集的动态更新；并在随机预言机模型下证明选择关键字的语义安全性。实验结果表明，相较于传统的无证书可验证搜索加密方案，所提方案具有更小的计算开销，且在实际应用中具有较高的执行效率。

关键词: 云存储, 可搜索加密, 指定测试者, 细粒度验证, 动态更新

CLC Number:

TP309.7

Runyu YAN, Rui GUO, Yongbo YAN, Guangjun LIU. Verifiable searchable encryption scheme of fine-grained result by designated tester in cloud[J]. Journal of Computer Applications, 2025, 45(9): 2882-2892.

闫润雨, 郭瑞, 闫永勃, 刘光军. 云中指定测试者的细粒度结果可验证搜索加密方案[J]. 《计算机应用》唯一官方网站, 2025, 45(9): 2882-2892.

Figures/Tables 16

Fig. 1 Structure of RMHT

Fig. 2 Example of CBF

Fig. 3 System model of proposed scheme

Fig. 4 Verification process

Fig. 5 Process of proposed scheme

Tab. 1 Definition of parameter symbols

符号	含义
$λ$	系统安全参数
$P K I D$	用户ID公钥
$S K I D$	用户ID私钥
$W$	文件中包含的所有关键字集， $W = w 1, w 2, ⋯, w n$
$F w$	包含关键字 $w$ 的明文文件集， $F w = f 1, f 2, ⋯, f l$
$C w$	$w$ 的关键字密文
$C F w$	包含关键字 $w$ 的文件密文集， $C F w = C f 1, C f 2, ⋯, C f l$
$C k$	$k$ 的密钥密文
$H R$	RMHT的根节点哈希值
$S i g$	文件认证标签值
$V w$	包含关键字 $w$ 的文件的验证集
$T w'$	待搜索关键字 $w'$ 的陷门
$P R$	证明信息
$S R$	验证信息
$R w$	文件搜索结果集，正确搜索下 $R w = C F$
$R e m$	未返回合格文件数

Tab. 1 Definition of parameter symbols

符号	含义
$λ$	系统安全参数
$P K I D$	用户ID公钥
$S K I D$	用户ID私钥
$W$	文件中包含的所有关键字集， $W = w 1, w 2, ⋯, w n$
$F w$	包含关键字 $w$ 的明文文件集， $F w = f 1, f 2, ⋯, f l$
$C w$	$w$ 的关键字密文
$C F w$	包含关键字 $w$ 的文件密文集， $C F w = C f 1, C f 2, ⋯, C f l$
$C k$	$k$ 的密钥密文
$H R$	RMHT的根节点哈希值
$S i g$	文件认证标签值
$V w$	包含关键字 $w$ 的文件的验证集
$T w'$	待搜索关键字 $w'$ 的陷门
$P R$	证明信息
$S R$	验证信息
$R w$	文件搜索结果集，正确搜索下 $R w = C F$
$R e m$	未返回合格文件数

Fig. 6 Verification set construction

Fig. 7 Updating RMHT

Fig. 8 CBF verification example

Tab. 2 Comparison of functional characteristics of different schemes

方案	抗密钥托管	指定测试者	动态更新	结果验证	细粒度验证
文献［20］方案	×	√	×	×	×
文献［21］方案	√	√	√	×	×
文献［25］方案	√	×	×	×	×
文献［29］方案	×	×	√	√	×
文献［30］方案	×	×	×	√	×
文献［31］方案	×	√	×	√	×
本文方案	√	√	√	√	√

Tab. 3 Comparison of computational overhead of different schemes

方案	密文生成	陷门生成	匹配测试	结果验证
文献［20］方案	$P + 2 E G + H G$	$3 E G + 2 H G$	$4 P + E G T$	—
文献［21］方案	$9 E G + 2 H G$	$6 E G + 2 H G$	$3 P + 4 E G$	—
文献［25］方案	$10 E G + H G$	$10 E G + H G$	$4 P$	—
文献［29］方案	$5 E G + H G$	$6 E G + H G$	$3 P$	$4 P + 2 H G$
文献［30］方案	$2 P + 4 E G + 2 E G T + H G$	$2 E G + H G$	$2 P$	$4 P + 2 E G$
文献［31］方案	$3 P + 2 E G + 2 E G T + H G$	$4 E G + 2 H G$	$3 P + E G T$	$2 P + H G$
本文方案	$2 P + 3 E G + H G$	$P + 3 E G + H G$	$2 P + 2 E G T$	$5 P + 2 E G + H G$

Tab. 3 Comparison of computational overhead of different schemes

方案	密文生成	陷门生成	匹配测试	结果验证
文献［20］方案	$P + 2 E G + H G$	$3 E G + 2 H G$	$4 P + E G T$	—
文献［21］方案	$9 E G + 2 H G$	$6 E G + 2 H G$	$3 P + 4 E G$	—
文献［25］方案	$10 E G + H G$	$10 E G + H G$	$4 P$	—
文献［29］方案	$5 E G + H G$	$6 E G + H G$	$3 P$	$4 P + 2 H G$
文献［30］方案	$2 P + 4 E G + 2 E G T + H G$	$2 E G + H G$	$2 P$	$4 P + 2 E G$
文献［31］方案	$3 P + 2 E G + 2 E G T + H G$	$4 E G + 2 H G$	$3 P + E G T$	$2 P + H G$
本文方案	$2 P + 3 E G + H G$	$P + 3 E G + H G$	$2 P + 2 E G T$	$5 P + 2 E G + H G$

Tab. 4 Basic operation time consumption

操作	时间	操作	时间
$P$	5.90	$E G T$	0.62
$E G$	6.48	$H G$	15.96

Tab. 4 Basic operation time consumption

操作	时间	操作	时间
$P$	5.90	$E G T$	0.62
$E G$	6.48	$H G$	15.96

Fig. 9 Comparison of algorithm time costs in various stages

Fig. 10 Verification of CBF

Fig. 11 Verification of correctness and completeness

Fig. 12 Comparison of verification overhead

References 36

[1]	MELL P， GRANCE T. The NIST definition of cloud computing： NIST SP 800-14 ［EB/OL］. ［2024-06-11］. .
[2]	冯朝胜，秦志光，袁丁. 云数据安全存储技术［J］. 计算机学报， 2015， 38（1）： 150-163.
	FENG C S， QIN Z G， YUAN D. Techniques of secure storage for cloud data ［J］. Chinese Journal of Computers， 2015， 38（1）： 150-163.
[3]	沈剑，周天祺，曹珍富. 云数据安全保护方法综述［J］. 计算机研究与发展， 2021， 58（10）： 2079-2098.
	SHEN J， ZHOU T Q， CAO Z F. Protection methods for cloud data security ［J］. Journal of Computer Research and Development， 2021， 58（10）： 2079-2098.
[4]	XUE K， CHEN W， LI W， et al. Combining data owner-side and cloud-side access control for encrypted cloud storage ［J］. IEEE Transactions on Information Forensics and Security， 2018， 13（8）： 2062-2074.
[5]	李颖，马春光. 可搜索加密研究进展综述［J］. 网络与信息安全学报， 2018， 4（7）： 13-21.
	LI Y， MA C G. Review on research progress of searchable encryption ［J］. Journal of Network and Information Security， 2018， 4（7）： 13-21.
[6]	SONG D X， WANGER D A， PERRING A. Practical techniques for searches on encrypted data ［C］// Proceedings of the 2000 IEEE Symposium on Security and Privacy. Piscataway： IEEE， 2000： 44-55.
[7]	吴逸伦. 不可信云环境下的数据保护与应用关键技术研究［D］. 长沙：国防科学技术大学， 2016： 1-132.
	WU Y L. Research on the data security in the untrusted cloud environment ［D］. Changsha： National University of Defense Technology， 2016： 1-132.
[8]	LIU H， MING Y， WANG C， et al. Blockchain-assisted verifiable certificate-based searchable encryption against untrusted cloud server for Industrial Internet of Things ［J］. Future Generation Computer Systems， 2024， 153： 97-112.
[9]	WANG J， CHEN X， HUANG X， et al. Verifiable auditing for outsourced database in cloud computing ［J］. IEEE Transactions on Computers， 2015， 64（11）： 3293-3303.
[10]	FAN Y， LIN X， TAN G， et al. One secure data integrity verification scheme for cloud storage ［J］. Future Generation Computer Systems， 2019， 96： 376-385.
[11]	YIN H， QIN Z， ZHANG J， et al. Achieving secure， universal， and fine-grained query results verification for secure search scheme over encrypted cloud data ［J］. IEEE Transactions on Cloud Computing， 2021， 9（1）： 27-39.
[12]	GOH E J. Secure indexes ［EB/OL］. ［2024-06-14］. .
[13]	CURTMOLA R， GARAY J， KAMARA S， et al. Searchable symmetric encryption： improved definitions and efficient constructions ［J］. Journal of Computer Security， 2011， 19（5）： 895-934.
[14]	BONEH D， DI CRESCENZO G， OSTROVSKY R， et al. Public key encryption with keyword search ［C］// Proceedings of the 2004 International Conference on the Theory and Applications of Cryptographic Techniques， LNCS 3027. Berlin： Springer， 2004： 506-522.
[15]	BYUN J W， RHEE H S， PARK H A， et al. Off-line keyword guessing attacks on recent keyword search schemes over encrypted data ［C］// Proceedings of the 2006 Workshop on Secure Data Management， LNCS 4165. Berlin： Springer， 2006： 75-83.
[16]	BAEK J， SAFAVI-NAINI R， SUSILO W. Public key encryption with keyword search revisited ［C］// Proceedings of the 2008 International Conference on Computational Science and Its Applications， LNCS 5072. Berlin： Springer， 2008： 1249-1259.
[17]	FANG L， SUSILO W， GE C， et al. Public key encryption with keyword search secure against keyword guessing attacks without random oracle ［J］. Information Sciences， 2013， 238： 221-241.
[18]	LI H， HUANG Q， SHEN J， et al. Designated-server identity-based authenticated encryption with keyword search for encrypted emails ［J］. Information Sciences， 2019， 481： 330-343.
[19]	GUO J， HAN L， YANG G， et al. An improved secure designated server public key searchable encryption scheme with multi-ciphertext indistinguishability ［J］. Journal of Cloud Computing， 2022， 11： No.14.
[20]	GHOSH S， ISLAM S H， BISHT A， et al. Provably secure public key encryption with keyword search for data outsourcing in cloud environments ［J］. Journal of Systems Architecture， 2023， 139： No.102876.
[21]	CHENAM V B， ALI S T. A designated tester-based certificateless public key encryption with conjunctive keyword search for cloud-based MIoT in dynamic multi-user environment ［J］. Journal of Information Security and Applications， 2023， 72： No.103377.
[22]	PENG Y， CUI J， PENG C， et al. Certificateless public key encryption with keyword search ［J］. China Communications， 2014， 11（11）： 100-113.
[23]	WU L， ZHANG Y， MA M， et al. Certificateless searchable public key authenticated encryption with designated tester for cloud-assisted medical Internet of Things ［J］. Annals of Telecommunications， 2019， 74（7/8）： 423-434.
[24]	CHENG L， MENG F. Public key authenticated searchable encryption against frequency analysis attacks ［J］. Information Sciences， 2023， 640： No.119060.
[25]	CHENG L， MENG F. Certificateless public key authenticated searchable encryption with enhanced security model in IIoT applications ［J］. IEEE Internet of Things Journal， 2023， 10（2）： 1391-1400.
[26]	CHAI Q， GONG G. Verifiable symmetric searchable encryption for semi-honest-but-curious cloud servers ［C］// Proceedings of the 2012 IEEE International Conference on Communications. Piscataway： IEEE， 2012： 917-922.
[27]	MIAO Y， MA J， LIU X， et al. VMKDO： verifiable multi-keyword search over encrypted cloud data for dynamic data-owner ［J］. Peer-to-Peer Networking and Applications， 2018， 11（2）： 287-297.
[28]	ZHANG S， HE J， LIANG W， et al. MMDS： a secure and verifiable multimedia data search scheme for cloud-assisted edge computing ［J］. Future Generation Computer Systems， 2024， 151： 32-44.
[29]	崔新华，田有亮，张起嘉. 高效的可验证无证书可搜索加密方案［J］. 通信学报， 2023， 44（8）： 61-77.
	CUI X H， TIAN Y L， ZHANG Q J. Efficient certificateless searchable encryption scheme with verifiability ［J］. Journal on Communications， 2023， 44（8）： 61-77.
[30]	LI H， WANG T， QIAO Z， et al. Blockchain-based searchable encryption with efficient result verification and fair payment ［J］. Journal of Information Security and Applications， 2021， 58： No.102791.
[31]	LIU J， WEI Z， QIN J， et al. Verifiable key-aggregate searchable encryption with a designated server in multi-owner setting ［J］. IEEE Transactions on Services Computing， 2023， 16（6）： 4233-4247.
[32]	LIU C， CHEN J， YANG L T， et al. Authorized public auditing of dynamic big data storage on cloud with efficient verifiable fine-grained updates ［J］. IEEE Transactions on Parallel and Distributed Systems， 2014， 25（9）： 2234-2244.
[33]	李志单，陈勇群，王巍. 基于计数布隆过滤器的属性基多关键词可搜索加密方案［J］. 电信科学， 2023， 39（11）： 116-127.
	LI Z D， CHEN Y Q， WANG W. Attribute-based multi-keyword searchable encryption scheme based on counting Bloom filter ［J］. Telecommunications Science， 2023， 39（11）： 116-127.
[34]	BONEH D， FRANKLIN M. Identity based encryption from the Weil pairing ［J］. SIAM Journal on Computing， 2003， 32（3）： 586-615.
[35]	TAKASHIMA K. Expressive attribute-based encryption with constant-size ciphertexts from the decisional linear assumption ［J］. IEICE Transactions on Fundamentals of Electronics， Communications and Computer Sciences， 2020， E103-A（1）： 74-106.
[36]	SUN L， XU C， ZHANG X， et al. Certificateless searchable encryption with trapdoor unlinkability for industrial Internet of Things ［J］. IEEE Systems Journal， 2023， 17（3）： 4521-4532.

Verifiable searchable encryption scheme of fine-grained result by designated tester in cloud

云中指定测试者的细粒度结果可验证搜索加密方案

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 16

References 36

Related Articles 15

Recommended Articles

Metrics

[1]	Yundong LIU, Xueming WANG. Dynamic searchable encryption scheme based on puncturable pseudorandom function [J]. Journal of Computer Applications, 2025, 45(8): 2612-2621.
[2]	Haifeng MA, Jiewei CAI, Qingshui XUE, Jiahai YANG, Jing HAN, Zixuan LU. Post-quantum certificateless public audit scheme based on lattice [J]. Journal of Computer Applications, 2025, 45(4): 1249-1255.
[3]	Xiaojun ZHANG, Yunpu HAO, Lei LI, Chenyang LI, Ziyu ZHOU. Data tamper-proof batch auditing scheme based on industrial cloud storage systems [J]. Journal of Computer Applications, 2025, 45(3): 891-895.
[4]	Xiaoling SUN, Danhui WANG, Shanshan LI. Dynamic ciphertext sorting and retrieval scheme based on blockchain [J]. Journal of Computer Applications, 2024, 44(8): 2500-2505.
[5]	Zheng WANG, Jingwei WANG, Xinchun YIN. Searchable electronic health record sharing scheme with user revocation [J]. Journal of Computer Applications, 2024, 44(2): 504-511.
[6]	Gaimei GAO, Mingbo DUAN, Yaling XUN, Chunxia LIU, Weichao DANG. SM9-based attribute-based searchable encryption scheme with cryptographic reverse firewall [J]. Journal of Computer Applications, 2024, 44(11): 3495-3502.
[7]	Xiaoyu DU, Shuaiqi LIU, Zhijie HAN, Zhenxiang HUO, Yujing WANG. Patient-centric medical information sharing scheme based on IPFS and blockchain [J]. Journal of Computer Applications, 2024, 44(10): 3122-3133.
[8]	Jiaxing LU, Hua DAI, Yuanlong LIU, Qian ZHOU, Geng YANG. Dictionary partition vector space model for ciphertext ranked search in cloud environment [J]. Journal of Computer Applications, 2023, 43(7): 1994-2000.
[9]	Zhenjie XIE, Wei FU. Error replica recovery mechanism for cloud storage based on auditable multiple replicas [J]. Journal of Computer Applications, 2023, 43(4): 1102-1108.
[10]	PANG Xiaoqiong, WANG Yunting, CHEN Wenjun, JIANG Pan, GAO Yanan. Fair and verifiable multi-keyword ranked search over encrypted data based on blockchain [J]. Journal of Computer Applications, 2023, 43(1): 130-139.
[11]	Li LI, Yi WU, Zhikun YANG, Yunpeng CHEN. Medical electronic record sharing scheme based on sharding-based blockchain [J]. Journal of Computer Applications, 2022, 42(1): 183-190.
[12]	LI Xiuyan, LIU Mingxi, SHI Wenbo, DONG Guofang. Efficient dynamic data audit scheme for resource-constrained users [J]. Journal of Computer Applications, 2021, 41(2): 422-432.
[13]	Xiaoling SUN, Guang YANG, Yanping SHEN, Qiuge YANG, Tao CHEN. Searchable encryption scheme based on splittable inverted index [J]. Journal of Computer Applications, 2021, 41(11): 3288-3294.
[14]	TANG Xin, ZHOU Linna. Response obfuscation based secure deduplication method for cloud data with resistance against appending chunk attack [J]. Journal of Computer Applications, 2020, 40(4): 1085-1090.
[15]	Wei FU, Chenyang GU, Qiang GAO. Multi-user sharing ORAM scheme based on attribute encryption [J]. Journal of Computer Applications, 2020, 40(2): 497-502.