可搜尋式加密和密文相等性驗證 / Searchable encryption and equality test over ciphertext

黃凱彬, Huang, Kaibin

Unknown Date

本文深入探討許多基於公開金鑰密碼和通行碼的密文運算方案。首先第一個主題是「公開金鑰密碼」，從其基本架構和安全定義開始，透過文獻探討逐步地討論公開金鑰密碼學的各項特性、以及討論公開金鑰密碼中兩個常見的密文運算：同態加密系統和可交換性加密系統。同態運算是針對同一把公鑰加密的不同密文間的運算：兩個以同一把公鑰加密的密文可以在不解密的前提下進行運算，進而成為另一個合法密文。這個密文運算的結果等同於兩個明文做運算後再以該公鑰加密。可交換性加密系統是一個容許重複的加密系統：已用甲方公鑰加密的密文可以再度用乙方公鑰再加密，進而之成一個多收件者的密文。第一個主題圍繞著這兩個密文運算的技巧討論相關的加密方案。接下來第二個研究的的主題是「基於公開金鑰密碼之密文相等性驗證」，「密文相等性驗證」是密文運算中一個基礎但重要的功能，經授權的測試者可以在不解密密文的前提下，驗證兩個加密後的訊息是否相等。此外，除了相等或不相等之外，測試者無法得知密文中的其他訊息。「基於公開金鑰密碼之密文相等性驗證」相當於在「公開金鑰密碼」的基礎上，再加上「授權」和「密文相等性驗證」的功能。其中「授權」的範圍和「授權」的設計，直接影響到該方案的實用性及安全性，本文提出三個關於「授權」的主題：「單一密文授權」、「相容性授權」和「語意安全授權」。第三個研究主題是「 可搜尋式加密系統」， 常被應用於以下情境：使用者一個檔案及數個「關鍵字」進行加密，然後儲存在雲端伺服器上。當使用者想要對加密檔案進行關鍵字搜尋時，他可以自訂幾個想搜尋的「關鍵字」並對雲端伺服器發出搜尋要求。在收到搜尋要求後，雖然關鍵字都是加密儲存，仍可利用「可搜尋式加密」技巧將符合關鍵字搜尋的檔案傳回給收件者。整個過程中檔案和關鍵字都被加密保護，伺服器無法得知其儲存及搜尋內容。本文提出兩個「 可搜尋式加密系統」，分別是「子集合式多關鍵字可搜尋式加密系統」和「基於通行碼的可搜尋式加密系統」 。 / This dissertation addresses the research about ciphertext computation skills over public key encryption and password-authenticated cryptosystems. The first topic is related to the public key encryption, the framework and security notions for public key encryption are revised; and two common ciphertext-computable public key encryptions including homomorphic encryption and commutative encryption are following discussed. The homomorphic encryption denotes computations over ciphertexts encrypted using the same public key. The homomorphic operation over ciphertexts may be equal to the encryption of a new message computed between two original messages. In terms of commutative encryption, it stands for a repeated encryption system that Alice’s ciphertext can be duplicated encrypted using Bob’s public key. A dual-receiver ciphertext will appear after the commutative encryption. Following, based on the public key encryption, the second topic focuses on the public key encryption with equality test schemes, the basic and fundamental ciphertext computation. Briefly, the user-authorized testers are able to verify the equivalence between messages hidden in ciphertexts after they acquire trapdoors from ciphertext receivers; and the ciphertexts were never decrypted in the whole equality testing process. The scope and architecture of the authorization directly influence the application and security for equality test schemes. Three authorizations including “cipher-bound authorization”, “compatible authorization” and “semantic secure authorization” will be proposed. The third topic is keyword search. It works in the following scenario: a user outsources encrypted files and encrypted keywords on a cloud file storage system; then, when needed, the user is able to request a search query to the file server, which is corresponding to some encrypted keywords. Although files and keywords are encrypted, the server is still able to verify the match-up and return related files to the user. Two researches about keyword search are proposed: the subset multi-keyword search based on public key encryption, and the password-authenticated keyword search.

密文運算

公開金鑰密碼

安全證明

密文相等性驗證

可搜尋式加密

基於通行碼的認證系統

Ciphertext computation

Public key encryption

Security proof

Equality test

Searchable encryption

Password-authenticated systems