针对密文检索系统中多源数据加密带来的海量密钥存储管理问题,提出了以密钥状态散列树作为密钥派生结构的密钥存储管理方案.该方案借助根密钥及密钥派生树进行密钥计算,且只需要存储根密钥和树结构,大大降低了密钥存储开销;另外,该方案可以根据撤销状态值进行密钥撤销管理,解决了派生树密钥撤销及结构更新难题.安全分析表明,部分数据密钥的泄露并不会泄露其他数据机密性,且基于实际数据集的性能分析表明所提密钥管理方案在实际应用中是可行的.%To solve the problem of massive keys storage caused by multi-source data encryption in ciphertext retrieval system, a key storage scheme based on keyed hash tree with state was proposed. The scheme computes encryption key according to the root key and key derivation tree, and just needs to store the root key and the tree structure, which greatly reduces the key storage costs. In addition, the scheme manages key revocation according to the revocation state value, thereby solving the problem of key revocation and structure update. Strict security analysis shows that the partial data key disclosure does not leak the data confidentiality of remaining data, and the performance analysis using real-world dataset shows that the proposed key storage management scheme is acceptable in ciphertext retrieval system.
展开▼
