可搜索加密及其驱动的SQL隐私数据库设计

Privacy-preserving SQL database driven by searchable encryption

  • 摘要: 隐私数据库是促进国家大数据战略与数据要素市场发展中构建数据开放、共享及治理体系的重要手段,而可搜索加密作为实现隐私数据库的重要密码技术,仍存在缺乏灵活检索机制及抗量子安全等问题,也难以适配关系数据库中的结构化查询语言(SQL)查询机制. 在对可搜索加密技术现状分析基础上,本文设计了可适配关系数据库SQL查询语言的隐私数据库架构,客户端引入隐私SQL引擎将索引和数据字段转变为密文状态;用户发起查询请求时,该引擎可依据查询策略生成查询凭证,隐私数据库进而依据凭证对密态索引进行密码化检索,匹配成功的密态数据字段可由用户私钥进行解密. 进一步,本文在格密码体制下利用理想格上短整数解(R-SIS)和带误差学习(R-LWE)困难问题,设计了检索策略的属性基可搜索加密(RP-ABSE)方案用以支持上述隐私数据库密码系统的构建. 该方案将查询策略与查询凭证相绑定,确保密文数据的索引可依据查询策略进行细粒度密码化检索;同时,引入小策略矩阵(SPM)来优化安全查询策略生成,降低索引匹配过程中累积误差. 由安全性证明可知,查询凭证满足在选择策略攻击下的不可伪造性(EU-CPA),所提系统满足在带有策略和标识查询的选择明文攻击下的语义安全性(IND-PIQ-CPA).

     

    Abstract: In the era of national big data strategies and burgeoning data markets, privacy-preserving databases play a crucial role in establishing an environment that is open, shared, and governed. Central to the construction of such databases is searchable encryption (SE), a fundamental cryptographic technology that enables efficient searching within encrypted data without the need for decryption. Among various SE schemes, attribute-based SE (ABSE) provides advantages in access control, data authenticity, and retrieval efficiency. However, a substantial limitation of most current ABSE implementations is their inability to support flexible SQL query methods in relational databases, as well as more granular query policies. Moreover, the reliance on traditional algebraic structures, such as bilinear pairing, renders these systems susceptible to quantum computing attacks. To address these challenges, this study presents a novel architecture for privacy-preserving databases that accommodates the SQL query language used in relational databases. This architecture is divided into two parts: clients and cloud outsourcing services. Within this framework, all data are in a ciphertext form outside of client access, and the data table in the cloud-based privacy-preserving database comprises four types of fields: public, encrypted index, encrypted data, and confidential fields. Upon receiving an SQL query from a user, the privacy-preserving SQL engine translates it into a private SQL language. This enables cryptographic retrieval of the encrypted index fields by converting the SQL query policy into several query credentials linked with the policy. These credentials facilitate the retrieval of encrypted data fields from the database, matching their index with the policy. The retrieved encrypted data fields can then be decrypted using the user’s private key at the client’s end for confirming the user’s identity. To provide cryptographic support for this privacy-preserving database architecture, we propose a retrieval-policy ABSE (RP-ABSE) scheme built upon a key-policy attribute-based encryption framework. The security of RP-ABSE is underpinned by a hard problem over an ideal lattice, particularly short integer solutions and learning with error problems. A notable advancement in this scheme is the binding of the secure query policy to the query credentials rather than the encrypted index fields. This binding ensures that encrypted data can be cryptographically retrieved by different query policies, eliminating the need for updating the encrypted data when query policies change. Simultaneously, we introduce a small policy matrix to optimize the generation of secure query policies and mitigate cumulative errors during the index matching process. Ultimately, this study proves that the query credential satisfies unforgeability under chosen policy attacks and that the RP-ABSE scheme achieves semantic security under chosen plaintext attacks involving policy and identity queries. Therefore, the proposed privacy-preserving database architecture offers crucial technique support for the development of data market mechanisms and data governance systems.

     

/

返回文章
返回