【同态加密】通过同态加密实现可搜索的加密：综合分析

Keywords: 

MSC:94A60; 68P25

1.简介

云基础设施的快速增长和广泛采用彻底改变了我们存储和访问信息的方式。从Dropbox和Google Drive等个人数据备份和文件共享服务，到企业级数据管理和可扩展的基础设施解决方案，云存储对我们的日常生活产生了深远影响，尤其是在医疗[1，2]和教育[3，4]等领域。根据Netwrix发表的一份报告[5]，80%的组织将敏感数据存储在云中。它提供的优势包括高数据可用性、从任何地方方便访问、降低基础设施成本、无限存储空间和成本效益[6]。然而，随着云的采用，托管给云服务器的敏感信息面临潜在的漏洞，如未经授权的访问、数据泄露和内部威胁，安全问题也随之加剧。Netwrix的报告[5]还发现，55%的医疗保健组织在去年经历了涉及第三方实体的数据泄露，这是所有行业中第二高的百分比，仅次于金融部门，金融部门58%的公司经历了类似的泄露。这两个部门严重依赖能够访问其敏感数据的第三方实体，这对网络犯罪分子极具吸引力。此外，他们的研究结果表明，攻击变得更加复杂，更难发现。

为了解决这些问题，确保用户敏感数据的隐私变得至关重要。实现隐私的最常见方式是通过加密，即数据在存储到云中之前进行加密，从而提供端到端的数据隐私。然而，在高效搜索和检索以加密形式存储的数据时，传统的加密方案带来了挑战，限制了加密存储解决方案的可用性。天真的方法，例如下载所有密文、解密它们和搜索明文，是不切实际的。因此，为了应对这些挑战，出现了安全搜索、私人信息检索（PIR）和可搜索加密（SE）等创新概念。安全搜索解决了执行搜索操作的需要，同时保持数据的隐私和机密性[7]。PIR与安全搜索密切相关，使用户能够从数据库中检索特定数据，而无需透露他们正在访问的项目[8]。另一方面，SE是一种加密技术，允许对加密数据进行安全高效的搜索操作[9]。需要注意的是，“安全搜索”和“可搜索加密”这两个术语有时可以互换使用，模糊了这两个概念之间的区别。在实践中，这些术语之间的界限可能是不稳定的，不同的研究人员和从业者使用它们来指代相关的技术和机制。此外，PIR通常被认为是安全搜索或SE方法中的一个组件，因为它可以从数据库中检索私人数据。在这项工作中，我们主要使用“可搜索加密”一词，而“安全搜索”则在我们觉得需要区分的时候使用。

SE可以使用几种不同的加密技术以及这些技术的组合来实现。两种最流行的SE方案是可搜索对称加密（SSE）和带关键字搜索的公钥加密（PEKS），正如名称所示，它们分别依赖于安全对称加密方案或安全非对称加密方案。通常使用的其他技术是基于属性的加密（ABE），以便对SE方案执行细粒度访问控制，以及保序加密（OPE），以便有效地允许对搜索结果进行排序。然而，在SE领域中有一种值得注意的方法，那就是利用同态加密（HE），这是一种允许直接对加密数据执行计算的加密技术[10]。这一特性使其非常适合于隐私保护技术，在保持机密性的同时，可以直接对加密数据进行搜索操作。研究人员越来越关注这种方法，因为它为安全搜索提供了一个有吸引力的框架，而不需要昂贵的设置程序[11]。

已经提出了许多利用同态特性提供隐私保护技术的方法，特别是在SE的背景下。然而，缺乏专门的研究来分析这一领域的进展。另一方面，至关重要的是，科学界要全面了解最先进的技术，并为该学科的进一步探索确定有希望的方向。

在这项工作中，我们旨在对高等教育在SE中的应用进行深入分析。

Figure 1. A conceptual overview of a cloud-based SE system.

• 数据所有者（DO）负责数据加密及其外包给云服务器的实体是数据所有者，在相关文献中也称为“客户端”[9]。通常，数据由对其拥有合法控制权和所有权的DO生成。然而，在某些情况下，另一个实体，即数据提供商，可能负责生成数据。使用索引来帮助搜索过程的SE方法，也称为基于索引的SE方案，通常要求数据提供商（无论是否是数据所有者）加密索引并与云共享。
• 数据用户（DU）想要搜索DO保存的加密数据的实体被称为数据用户。理想情况下，它只能在DO已经给予许可的情况下进行搜索。因此，DU负责向云服务器发送搜索请求，云服务器处理该请求，然后检索结果。值得注意的是，在某些系统中，DO也可以充当DU。
• 云服务器（CS）云服务器是负责安全存储加密数据并向授权DU提供SE服务的实体。它在接收DO的加密文档后执行三项主要任务：存储数据、搜索数据和保持搜索数据结构的最新状态。CS执行搜索的方式取决于所使用的SE方案。对于基于索引的SE，CS通过将搜索请求与加密索引进行比较来进行搜索，然后将结果发送给授权的DU。然而，对于不基于索引的SE方案，搜索加密数据的过程通常需要扫描整个文档，这将在本节稍后讨论。

SE系统的体系结构通常包括四个涉及先前描述的实体的过程。根据SE方案的具体设计和要求，每个步骤中使用的具体算法可能有所不同。

考虑到各种因素，例如是否存在基于索引的搜索机制，以及它是对称的还是非对称的SE方案，对每个过程的以下描述已经尽可能广泛。

• Setup（）算法根据输入的安全参数生成各种系统参数（P）和所需密钥（K）(𝜆)。非对称SE必须生成公钥和私钥，而对称SE只需要一个密钥。通常，系统所有者运行此算法。
• Encryption（）加密算法使用上一个进程K中生成的密钥对数据进行加密，并输出一条消息𝑀′通过使用加密算法E对原始数据M进行加密而获得。如果SE方案是基于索引的，则关键字W的输入集合也将使用（一个或多个）输入密钥K来加密，那么它可以用于生成加密关键字的索引I。DO然后应用该算法将加密的索引I与加密的消息相关联𝑀′以便创建可搜索的密文(𝑆𝐶)。然后可以将SC上传到CS。如果SE方法是基于扫描的（意味着服务器将直接扫描加密的数据），则可以跳过前面的步骤，并且消息𝑀′可以直接存储在CS上而不生成SC。
• TokenGen（）搜索查询的创建由授权用户使用此算法完成，也称为Trapdoor。它需要一个输入加密密钥K和一个输入查询𝑄=𝑘1.𝑘2，…，𝑘𝑚并生成搜索令牌𝑇𝑄算法的具体实现取决于SE方案是基于索引还是基于扫描。对于基于索引的方案，该算法使用加密密钥K加密查询Q中的每个关键字，并生成索引𝐼=𝑤′1.𝑤′2，…，𝑤′𝑚的加密关键字。搜索令牌𝑇𝑄然后由I构造。对于基于扫描的方案，该算法生成扫描令牌𝑇𝑆.使用所选择的搜索查询Q和扫描令牌𝑇𝑆，搜索令牌𝑇𝑄然后创建。一旦构建，搜索令牌𝑇𝑄被发送到服务器，服务器使用它来搜索加密数据库中的相关数据。DU可能是唯一可以执行查询的人，具体取决于场景。
• Search（）CS使用搜索算法在加密数据中搜索与搜索查询匹配的数据。在基于索引的方案中，搜索算法应用搜索令牌𝑇𝑄到可搜索的密文𝑆𝐶以标识与查询匹配的加密关键字集和相应索引。然后，它将相应的加密数据检索到DU。在基于扫描的方案中，搜索算法应用搜索令牌𝑇𝑄和扫描令牌𝑇𝑠以识别具有与搜索查询的关键字匹配的关键字的可搜索数据段的集合。一旦发现任何匹配，服务器就向DU发送搜索结果。

3.同态加密

HE方案背后的主要思想是允许在加密数据上执行计算，而无需首先对其进行解密。这个概念是由Rivest等人[30]引入的，最初被称为“隐私同态”。因此，HE方案是加密函数是同态的任何加密方案。形式上讲，设M表示明文的集合，C表示密文的集合。Let⊙𝑀和⊙𝐶分别是M和C中的运算。如果对于任何加密密钥k加密函数E满足以下性质，

∀𝑚1,𝑚2∈𝑀,𝐸(𝑚1⊙𝑀𝑚2)←𝐸(𝑚1)⊙𝐶𝐸(𝑚2),

其中← 意思是“可以直接从”[31]获得。即在（1）中，𝐸(𝑚1⊙𝑀𝑚2）

可以直接从𝐸(𝑚1） ⊙𝐶𝐸(𝑚2）

而不必执行任何解密。

根据系统允许的操作类型和数量，HE方案可以分为三类：部分同态加密（PHE）、部分同态加密和全同态加密（FHE）。

3.1.部分同态加密

Rivest等人的工作发表后，密码学研究人员开始寻找允许直接对加密数据执行多个操作的HE方案。尽管如此，在接下来的二十年里，大多数尝试都产生了只允许一种操作类型的方案，即PHE方案。在这些方案中，同态性质仅通过一个运算（如加法或乘法）来满足，而不对该运算的执行次数施加任何限制。

众所周知的RSA公钥密码系统[32]是一种PHE方案，它只支持通常的乘积运算，并且是确定性的，这意味着当一个人使用相同的密钥加密相同的明文时，总是会得到相同的密文。

几年后的1982年，Goldwasser和Micali[33]发表了第一个概率PHE方案，这激发了随后几十年发表的大多数PHE方案的灵感，如Benaloh[34]，这是Goldwasser等人方案的推广，Naccache和Stern[35]，这是Benaloh方案的改进。

Elgamal[36]介绍了一种PHE，它也只允许通常的乘积，Paillier[37]发表了一种只允许通常和的PHE。后一种方案是使用HE的SE方案中最常用的方案，如第5节所示。

3.2.某种同态加密

2005年，Boneh等人[38]发表了第一个能够执行两种运算的HE方案：加法和乘法。然而，尽管加法可以无限次执行，但它只允许一次乘法。这是一种被称为SWHE的HE方案，因为同态性质被满足的次数有限，而不是一次运算。

在引入最初的高等教育计划后不久，就出现了一些关于SWHE计划的建议。尽管由于其局限性，它们不如PHE计划具有吸引力，但对PHE的广泛研究导致了更完整的计划的开发，这些计划是实现FHE计划的垫脚石。事实上，许多研究人员认为Boneh等人[38]提出的方案是FHE方案发展的重要组成部分。

4.利用HE的SE方案的分析

在本节中，我们回顾和分析了第1节中所述的筛选过程中产生的23项研究工作。我们只考虑了清楚如何使用HE的拟议方案。该分析的目的是研究它们的功能，考虑图2中所示的特征，并确定这些特征中的哪些利用了HE和所使用的HE类型。表3列出了选定的作品，并概述了它们的功能。它还确定了使用HE实现的特性。该表是一个完整的资源，用于识别和访问本研究中分析的作品，确保透明度并促进未来的参考。

Table 3. Categorization of selected SE schemes that utilize HE.

我们的分析分为以下几类：搜索结构、搜索功能和其他功能。我们没有专门讨论“用户的多样性”这一类别，因为每当我们分析所选作品时，都会提到这一功能。需要注意的是，提供密码结构的详细解释超出了本工作的范围，可以在参考作品中找到。

4.1.搜索结构

SE方案的搜索结构可以包括对整个数据库的顺序扫描，也可以包括基于索引的方法，其中创建索引以促进搜索过程，如第2节所述。在本分析中，我们将重点关注基于顺序扫描的SE方案，因为所有其他方案都是基于索引的，它们将在下一节中讨论。此外，重要的是要记住，安全搜索的概念与SE的概念相似，因此，这两种方法都将包含在本分析中。请注意，安全搜索方法通常包括验证数据库中的所有文档，以找到与查询匹配的文档，这类似于顺序扫描过程。

Akavia等人的工作[7]是第一篇介绍对FHE加密数据进行安全搜索的方法的论文。作者声称，这是通过使用一个多项式来实现的，该多项式的次数相对于数据数组中的条目数量是对数的（而不是线性的）。

他们的安全搜索协议的核心是计算第一个查询匹配的草图，这是使用他们称之为SPiRiT的方法完成的。此方法返回与加密数据数组中的查找值匹配的第一条信息。任何标准的语义安全FHE都可以用于他们提出的方案，前提是明文模参数是素数p，在这种情况下同态运算是加法和乘法模p。他们声称只有一轮通信，并且通信开销只会随着输入和输出大小的增加而增加。

2020年，Wen等人[66]提出了一种用于安全搜索方案的搜索方法，该方法适用于单个用户设置，名为LEAF。这种方法使用了三种新方法：定位、提取和重建。定位技术用于将原始数据库数组划分为长度相等的较小间隔，并识别包含匹配项的第一个数组。返回包含匹配项的加密间隔索引。然后使用提取来找到包含第一个匹配项目的区间，以便在该区间上进行后续搜索操作，并使用重建来组合来自这两种技术的信息，以便在不需要解密任何内容的情况下正确定位我们想要的数据。值得一提的是，这些作者声称安全搜索大致由两个步骤组成，即匹配和搜索。在匹配步骤中，服务器将客户端的加密搜索查询与所有加密数据库项进行比较，返回第二个0和1的加密数组，1表示数据库中与查询匹配的项。搜索步骤将所有1的索引和相应的项目返回给客户端。因此，他们的工作集中在搜索步骤上。FHE在该方案中用于加密敏感数据和搜索查询。事实上，该方案的主要目标之一是通过减少必要的计算次数，即乘法次数，优化FHE在安全搜索中的使用。此外，作者还提出了该方案的一个变体，名为LEAF+，它使用了懒惰自举。从好的方面来说，自举步骤可以控制算法的计算深度，并且数据库越大，优化效果就越大。另一方面，当数据库的大小很小时，这种变体将是无效的，因为它带来了许多额外的乘法运算和计算深度。

5. Research Trends and Discussion

The research on SE schemes enhanced by HE properties has significantly increased in recent years. This trend aligns with the broader adoption of HE in various domains. In this section, we aim to provide an overview of the current trends in this research area as well as highlight their significant implications on the design of the studied approaches. Specifically, we will discuss the types of HE schemes used in SE, the application of HE in search structures, in search functionalities, and in other types of functionalities. Finally, we will also discuss the ability to allow multi-users, even though achieving this functionality does not directly rely on HE.

6. Conclusions and Future Work

In this work, we have provided a comprehensive analysis of the research trends on searchable encryption (SE) schemes that utilize homomorphic encryption (HE). This analysis serves as a valuable tool for researchers, enabling them to gain insights into this specific area of research and make well-informed decisions regarding future research directions.

We focused our study on the types of HE schemes used, their application to enhance search structures, to allow several functionalities such as ranked, conjunctive, disjunctive, range, and phrase search, as well as verifiability, dynamic updates, and the ability to add and revoke users. This analysis was conducted on a carefully selected set of 23 works, following a well-defined research methodology.

Our findings revealed that HE usage in SE schemes has increased in recent years, with 75% of the selected works published within the last three years. The most commonly used type of HE schemes in SE is PHE, which accounted for the majority of the analyzed schemes. The popularity of PHE schemes, particularly the widespread adoption of Paillier’s cryptosystem, can be attributed to its simplicity, proven security properties, and availability in several open-source libraries, making it easily accessible for researchers.

When considering the usage of HE in search structures, we found that building the index using HE is the most prevalent approach. This is not surprising, since SE schemes that rely on sequential scans are not suitable for large databases. Additionally, we analyzed the types of indexes used in these schemes and observed that normal indexes are the most common choice, followed by inverted indexes and tree indexes.

Regarding the usage of HE in search functionalities, we found that ranked search is the most prevalent functionality. Relevance scores are computed using homomorphic properties and are often based on TF-IDF ranking. Multi-keyword queries are widely supported, either for ranked search or for conjunctive/disjunctive queries. However, fuzzy keyword search functionality was not found in any of the analyzed works.

In future research, there is a need to explore and improve upon various functionalities when searching over encrypted data using HE schemes. Although dynamic updates consistently take advantage of homomorphic properties, other functionalities such as authorizing and revoking users, verifiability, and delegation of search capability require further development. Among the analyzed works, only one study [72] utilized a HE scheme to achieve verifiability, while none of the articles addressed the ability to authorize and revoke users. However, we found two works that, although not employing HE schemes directly, utilized a cryptographic primitive called homomorphic message authentication to facilitate verifiability, namely the work of Zhang et al. [62], and the work of Wan et al. [82]. Furthermore, Zhang et al.’s work utilized this primitive to enable the authorization and revocation of users’ access. Therefore, considering the potential benefits and the limited exploration in this area, it is worth further exploring and investigating the utilization of homomorphic message authentication and similar cryptographic primitives for achieving verifiability, and the ability to add and revoke users.

Although FHE schemes were present in nearly half of the studied articles, we believe that the percentage could be significantly higher given the recent advancements in FHE schemes. For example, the TFHE scheme, introduced in 2020 [44], is an FHE scheme worth exploring. Leveraging other encryption schemes alongside HE, such as attribute-based encryption used for user access control (e.g., it is used in the work of Boucenna et al. [68]), or OPE for facilitating ciphertext comparison (e.g., it is used in FASE [54]), could lead to the development of more sophisticated schemes.

In our study, we also concluded that the studied articles cover several important search functionalities. However, there were some notable omissions, particularly in the areas of fuzzy keyword search and occurrence queries. Fuzzy keyword search is one of the most desirable functionalities in real-life applications, making it crucial to explore HE schemes that can support this functionality. One approach, as suggested by Dong et al. [83], involves using Hamming distances. Additionally, occurrence queries were not addressed in any of the studied schemes, but we observed that most articles allowing ranked searches could easily accommodate occurrence queries since they already require information such as TF to rank documents.

Finally, it is important for future research to focus on reducing the reliance on retrieval protocols like PIR. The emphasis should be on developing SE schemes that operate effectively with a minimum number of communication rounds, aiming to minimize the overall overhead.

Overall, our work provides a comprehensive summary of the latest research trends in SE enhanced by HE. We emphasize critical components related to the HE schemes most frequently employed, possible search structures, and search functionalities. This contribution significantly advances the scientific understanding in this domain, enabling researchers to explore state-of-the-art methodologies, leverage existing knowledge, and explore new research directions.

Author Contributions

Conceptualization, I.A. and I.C.; Data curation, I.A. and I.C.; Formal analysis, I.C.; Investigation, I.A. and I.C.; Methodology, I.A.; Visualization, I.C.; Project administration, I.A.; Supervision, I.A.; Validation, I.A.; Writing—original draft, I.A and I.C.; Writing—review and editing, I.A. and I.C. All authors have read and agreed to the published version of the manuscript.

Funding

This work was partially supported by the Norte Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, through the European Regional Development Fund (ERDF), within project “Cybers SeC IP” (NORTE-01-0145-FEDER-000044).

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

All the data are already provided in the manuscript, with quoted reference.

Conflicts of Interest

The authors declare no conflict of interest.

Abbreviations

References

1. Suguna, M.; Ramalakshmi, M.; Cynthia, J.; Prakash, D. A Survey on Cloud and Internet of Things Based Healthcare Diagnosis. In Proceedings of the 2018 4th International Conference on Computing Communication and Automation (ICCCA), Greater Noida, India, 14–15 December 2018; pp. 1–4. [Google Scholar]
2. Moumtzoglou, A.; Kastania, A.N.; Ghosh, R.; Papapanagiotou, I.; Boloor, K. A Survey on Research Initiatives for Healthcare Clouds. In Cloud Computing Applications for Quality Health Care Delivery; IGI Global: Hershey, PA, USA, 2014; pp. 1–18. [Google Scholar]
3. Agrawal, S. A Survey on Recent Applications of Cloud Computing in Education: COVID-19 Perspective. J. Phys. Conf. Ser. 2021, 1828, 012076. [Google Scholar] [CrossRef]
4. González-Martínez, J.A.; BoteLorenzo, M.L.; Gómez Sánchez, E.; Cano Parra, R. Cloud computing and education: A state-of-the-art survey. Comput. Educ. 2015, 80, 132–151. [Google Scholar] [CrossRef]
5. Netwrix. Cloud Data Security Report; Technical Report; Netwrix: Frisco, TX, USA, 2022. [Google Scholar]
6. Yang, P.; Xiong, N.N.; Ren, J. Data Security and Privacy Protection for Cloud Storage: A Survey. IEEE Access 2020, 8, 131723–131740. [Google Scholar] [CrossRef]
7. Akavia, A.; Feldman, D.; Shaul, H. Secure Search on Encrypted Data via Multi-Ring Sketch. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, 15–19 October 2018; ACM: New York, NY, USA, 2018; pp. 985–1001. [Google Scholar]
8. Xu, W.; Wang, B.; Lu, R.; Qu, Q.; Chen, Y.; Hu, Y.; Maglaras, L. Efficient Private Information Retrieval Protocol with Homomorphically Computing Univariate Polynomials. Sec. Commun. Netw. 2021, 2021, 5553256. [Google Scholar] [CrossRef]
9. Sharma, D. Searchable encryption: A survey. Inf. Secur. J. 2023, 32, 76–119. [Google Scholar] [CrossRef]
10. Acar, A.; Aksu, H.; Uluagac, A.; Conti, M. A survey on homomorphic encryption schemes: Theory and implementation. Acm Comput. Surv. 2018, 51, 1–35. [Google Scholar] [CrossRef]
11. Choi, S.G.; Dachman-Soled, D.; Gordon, S.D.; Liu, L.; Yerukhimovich, A. Compressed Oblivious Encoding for Homomorphically Encrypted Search. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, CCS’21, Virtual, Republic of Korea, 15–19 November 2021; ACM: New York, NY, USA, 2021; pp. 2277–2291. [Google Scholar]
12. Song, D.X.; Wagner, D.; Perrig, A. Practical techniques for searches on encrypted data. In Proceedings of the Proceeding 2000 IEEE Symposium on Security and Privacy, S&P 2000, Berkeley, CA, USA, 14–17 May 2000; pp. 44–55. [Google Scholar]
13. Bösch, C.; Hartel, P.; Jonker, W.; Peter, A. A Survey of Provably Secure Searchable Encryption. Acm. Comput. Surv. 2014, 47, 18:1–18:51. [Google Scholar] [CrossRef]
14. Wang, Y.; Wang, J.; Chen, X. Secure searchable encryption: A survey. J. Commun. Inf. Netw. 2016, 1, 52–65. [Google Scholar] [CrossRef][Green Version]
15. Han, F.; Qin, J.; Hu, J. Secure searches in the cloud: A survey. Future Gener. Comput. Syst. 2016, 62, 66–75. [Google Scholar] [CrossRef]
16. Dowsley, R.; Michalas, A.; Nagel, M.; Paladi, N. A survey on design and implementation of protected searchable data in the cloud. Comput. Sci. Rev. 2017, 26, 17–30. [Google Scholar] [CrossRef][Green Version]
17. Poh, G.S.; Chin, J.J.; Yau, W.C.; Choo, K.K.R.; Mohamad, M.S. Searchable Symmetric Encryption: Designs and Challenges. Acm Comput. Surv. 2017, 50, 40:1–40:37. [Google Scholar] [CrossRef]
18. Pham, H.; Woodworth, J.; Amini Salehi, M. Survey on secure search over encrypted data on the cloud. Concurr. Comput. Pract. Exp. 2019, 31, e5284. [Google Scholar] [CrossRef][Green Version]
19. Handa, R.; Krishna, C.R.; Aggarwal, N. Searchable encryption: A survey on privacy-preserving search schemes on encrypted outsourced data. Concurr. Comput. Pract. Exp. 2019, 31, e5201. [Google Scholar] [CrossRef]
20. Andola, N.; Gahlot, R.; Yadav, V.; Venkatesan, S.; Verma, S. Searchable encryption on the cloud: A survey. J. Supercomput. 2022, 78, 9952–9984. [Google Scholar] [CrossRef]
21. Noorallahzade, M.; Alimoradi, R.; Gholami, A. A Survey on Public Key Encryption with Keyword Search: Taxonomy and Methods. Int. J. Math. Math. Sci. 2022, 2022, 3223509. [Google Scholar] [CrossRef]
22. Zhang, R.; Xue, R.; Liu, L. Searchable Encryption for Healthcare Clouds: A Survey. IEEE Trans. Serv. Comput. 2018, 11, 978–996. [Google Scholar] [CrossRef]
23. Bader, J.; Michala, A. Searchable Encryption with Access Control in Industrial Internet of Things (IIoT). Wirel. Commun. Mob. Comput. 2021, 2021, 5555362. [Google Scholar] [CrossRef]
24. How, H.B.; Heng, S.H. Blockchain-Enabled Searchable Encryption in Clouds: A Review. J. Inf. Secur. Appl. 2022, 67, 103183. [Google Scholar] [CrossRef]
25. Pillai, B.; Lal, N. Blockchain-based Asymmetric Searchable Encryption: A Comprehensive Survey. Int. J. Eng. Trends Technol. 2022, 70, 355–365. [Google Scholar] [CrossRef]
26. Boneh, D.; Kushilevitz, E.; Ostrovsky, R.; Skeith, W.E. Public Key Encryption That Allows PIR Queries. In Advances in Cryptology—CRYPTO 2007, Proceedings of the 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, 19–23 August 2007; Menezes, A., Ed.; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Gremany, 2007; pp. 50–67. [Google Scholar]
27. Liu, J.; Zhao, B.; Qin, J.; Zhang, X.; Ma, J. Multi-Keyword Ranked Searchable Encryption with the Wildcard Keyword for Data Sharing in Cloud Computing. Comput. J. 2023, 66, 184–196. [Google Scholar] [CrossRef]
28. Zheng, J.; Zhang, J.; Zhang, X.; Li, H. Symmetric searchable encryption scheme that supports phrase search. Microsyst. Technol. 2021, 27, 1721–1727. [Google Scholar] [CrossRef]
29. Boneh, D.; Waters, B. Conjunctive, Subset, and Range Queries on Encrypted Data. In Theory of Cryptography, Proceedings of the Fourth Theory of Cryptography Conference, Amsterdam, The Netherlands, 21–24 February 2007; Vadhan, S.P., Ed.; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Gremany, 2007; pp. 535–554. [Google Scholar]
30. Rivest, R.L.; Adleman, L.; Dertouzos, M.L. On Data Banks and Privacy Homomorphisms. Found. Secur. Comput. Acad. Press 1978, 4, 169–179. [Google Scholar]
31. Silva, I. Fully Homomorphic Encryption and Its Application to Private Search. Master’s Thesis, University of Porto, Porto, Portugal, 2022. [Google Scholar]
32. Rivest, R.L.; Shamir, A.; Adleman, L. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 1978, 21, 120–126. [Google Scholar] [CrossRef][Green Version]
33. Goldwasser, S.; Micali, S. Probabilistic encryption & how to play mental poker keeping secret all partial information. In Proceedings of the Fourteenth Annual ACM Symposium on Theory of Computing, STOC’82, New York, NY, USA, 5–7 May 1982; pp. 365–377. [Google Scholar]
34. Benaloh, J. Dense probabilistic encryption. In Proceedings of the Workshop on Selected Areas of Cryptography; Clarkson University: Potsdam, NY, USA, 1994; pp. 120–128. [Google Scholar]
35. Naccache, D.; Stern, J. A new public key cryptosystem based on higher residues. In Proceedings of the 5th ACM Conference on Computer and Communications Security, San Francisco, CA, USA, 2–5 November 1998; pp. 59–66. [Google Scholar]
36. Elgamal, T. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 1985, 31, 469–472. [Google Scholar] [CrossRef]
37. Paillier, P. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In Proceedings of the Advances in Cryptology—EUROCRYPT ’99, Santa Barbara, CA, USA, 15–19 August 1999; Stern, J., Ed.; Lecture Notes in Computer Science. Springer: Berlin/Heidelberg, Germany, 1999; pp. 223–238. [Google Scholar]
38. Boneh, D.; Goh, E.J.; Nissim, K. Evaluating 2-DNF Formulas on Ciphertexts. In Proceedings of the Theory of Cryptography; Kilian, J., Ed.; Lecture Notes in Computer Science. Springer: Berlin/Heidelberg, Germany, 2005; pp. 325–341. [Google Scholar]
39. Gentry, C. A Fully Homomorphic Encryption Scheme. Ph.D. Thesis, Stanford University, Stanford, CA, USA, 2009. [Google Scholar]
40. Marcolla, C.; Sucasas, V.; Manzano, M.; Bassoli, R.; Fitzek, F.; Aaraj, N.; Marcolla, C. Survey on Fully Homomorphic Encryption, Theory, and Applications. Proc. IEEE 2022, 110, 1572–1609. [Google Scholar] [CrossRef]
41. Fan, J.; Vercauteren, F. Somewhat Practical Fully Homomorphic Encryption. Paper 2012/144. Cryptol. Eprint Arch. 2012, 2012, 144. [Google Scholar]
42. Brakerski, Z.; Gentry, C.; Vaikuntanathan, V. (Leveled) fully homomorphic encryption without bootstrapping. In Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, ITCS’12, New York, NY, USA, 8–10 January 2012; pp. 309–325. [Google Scholar]
43. Cheon, J.H.; Kim, A.; Kim, M.; Song, Y. Homomorphic Encryption for Arithmetic of Approximate Numbers. In Proceedings of the Advances in Cryptology—ASIACRYPT 2017; Takagi, T., Peyrin, T., Eds.; Lecture Notes in Computer Science. Springer: Cham, Switzerland, 2017; pp. 409–437. [Google Scholar]
44. Chillotti, I.; Gama, N.; Georgieva, M.; Izabachène, M. TFHE: Fast Fully Homomorphic Encryption Over the Torus. J. Cryptol. 2020, 33, 34–91. [Google Scholar] [CrossRef]
45. Scholl, P.; Smart, N.P. Improved Key Generation for Gentry’s Fully Homomorphic Encryption Scheme. In Proceedings of the Cryptography and Coding; Chen, L., Ed.; Lecture Notes in Computer Science. Springer: Berlin/Heidelberg, Germany, 2011; pp. 10–22. [Google Scholar]
46. Gentry, C.; Halevi, S. Implementing Gentry’s Fully-Homomorphic Encryption Scheme. In Proceedings of the Advances in Cryptology—EUROCRYPT 2011; Paterson, K.G., Ed.; Lecture Notes in Computer Science. Springer: Berlin/ Heidelberg, Germany, 2011; pp. 129–148. [Google Scholar]
47. van Dijk, M.; Gentry, C.; Halevi, S.; Vaikuntanathan, V. Fully Homomorphic Encryption over the Integers. In Proceedings of the Advances in Cryptology—EUROCRYPT 2010; Gilbert, H., Ed.; Lecture Notes in Computer Science. Springer: Berlin/ Heidelberg, Germany, 2010; pp. 24–43. [Google Scholar]
48. Brakerski, Z.; Vaikuntanathan, V. Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages. In Proceedings of the Advances in Cryptology—CRYPTO 2011; Rogaway, P., Ed.; Lecture Notes in Computer Science. Springer: Berlin/ Heidelberg, Germany, 2011; pp. 505–524. [Google Scholar]
49. López-Alt, A.; Tromer, E.; Vaikuntanathan, V. On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, New York, NY, USA, 19–22 May 2012; pp. 1219–1234. [Google Scholar]
50. Challa, R. Homomorphic Encryption: Review and Applications. Lect. Notes Data Eng. Commun. Technol. 2020, 37, 273–281. [Google Scholar]
51. Alloghani, M.; Alani, M.M.; Al-Jumeily, D.; Baker, T.; Mustafina, J.; Hussain, A.; Aljaaf, A.J. A systematic review on the status and progress of homomorphic encryption technologies. J. Inf. Secur. Appl. 2019, 48, 102362. [Google Scholar] [CrossRef]
52. Malik, H.; Tahir, S.; Tahir, H.; Ihtasham, M.; Khan, F. A homomorphic approach for security and privacy preservation of Smart Airports. Future Gener. Comput. Syst. 2023, 141, 500–513. [Google Scholar] [CrossRef]
53. Iqbal, Y.; Tahir, S.; Tahir, H.; Khan, F.; Saeed, S.; Almuhaideb, A.M.; Syed, A.M. A Novel Homomorphic Approach for Preserving Privacy of Patient Data in Telemedicine. Sensors 2022, 22, 4432. [Google Scholar] [CrossRef] [PubMed]
54. Liu, G.; Yang, G.; Bai, S.; Wang, H.; Xiang, Y. FASE: A Fast and Accurate Privacy-Preserving Multi-Keyword Top-k Retrieval Scheme Over Encrypted Cloud Data. IEEE Trans. Serv. Comput. 2022, 15, 1855–1867. [Google Scholar] [CrossRef]
55. Gan, Q.; Wang, X.; Huang, D.; Li, J.; Zhou, D.; Wang, C. Towards Multi-Client Forward Private Searchable Symmetric Encryption in Cloud Computing. IEEE Trans. Serv. Comput. 2022, 15, 3566–3576. [Google Scholar] [CrossRef]
56. Wang, Y.; Sun, S.F.; Wang, J.; Liu, J.K.; Chen, X. Achieving Searchable Encryption Scheme With Search Pattern Hidden. IEEE Trans. Serv. Comput. 2022, 15, 1012–1025. [Google Scholar] [CrossRef]
57. Andola, N.; Prakash, S.; Yadav, V.K.; Venkatesan, S.; Verma, S. A secure searchable encryption scheme for cloud using hash-based indexing. J. Comput. Syst. Sci. 2022, 126, 119–137. [Google Scholar] [CrossRef]
58. Yin, F.; Lu, R.; Zheng, Y.; Tang, X.; Jiang, Q. Achieve Efficient and Privacy-Preserving Compound Substring Query over Cloud. Sec. Commun. Netw. 2021, 2021, 7941233. [Google Scholar] [CrossRef]
59. Prakash, A.J.; Elizabeth, B.L. Pindex: Private multi-linked index for encrypted document retrieval. PLoS ONE 2021, 16, e0256223. [Google Scholar] [CrossRef]
60. Tosun, T.; Savaş, E. FSDS: A practical and fully secure document similarity search over encrypted data with lightweight client. J. Inf. Secur. Appl. 2021, 59, 102830. [Google Scholar] [CrossRef]
61. Hou, J.; Liu, Y.; Hao, R. Privacy-Preserving Phrase Search over Encrypted Data. In Proceedings of the 4th International Conference on Big Data Technologies, ICBDT’21, Beijing, China, 26–28 May 2022; Association for Computing Machinery: New York, NY, USA, 2022; pp. 154–159. [Google Scholar]
62. Zhang, J.; Shen, S.; Huang, D. A Secure Ranked Search Model Over Encrypted Data in Hybrid Cloud Computing. In Cyber Security, Proceedings of the 17th China Annual Conference, CNCERT 2020, Beijing, China, 12 August 2020; Lu, W., Wen, Q., Zhang, Y., Lang, B., Wen, W., Yan, H., Li, C., Ding, L., Li, R., Zhou, Y., Eds.; Springer: Singapore, 2020; pp. 29–36. [Google Scholar]
63. Elizabeth, B.; Prakash, A. Verifiable top-k searchable encryption for cloud data. Sadhana-Acad. Proc. Eng. Sci. 2020, 45, 9. [Google Scholar] [CrossRef]
64. Li, Y.; Zhou, F.; Xu, Z.; Ge, Y. An Efficient Two-Server Ranked Dynamic Searchable Encryption Scheme. IEEE Access 2020, 8, 86328–86344. [Google Scholar] [CrossRef]
65. Yang, Y.; Liu, X.; Deng, R.H.; Weng, J. Flexible Wildcard Searchable Encryption System. IEEE Trans. Serv. Comput. 2020, 13, 464–477. [Google Scholar] [CrossRef]
66. Wen, R.; Yu, Y.; Xie, X.; Zhang, Y. LEAF: A Faster Secure Search Algorithm via Localization, Extraction, and Reconstruction. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, CCS’20, New York, NY, USA, 9–13 November 2020; pp. 1219–1232. [Google Scholar]
67. Yang, Y.; Liu, X.; Deng, R.H. Multi-User Multi-Keyword Rank Search Over Encrypted Data in Arbitrary Language. IEEE Trans. Dependable Secur. Comput. 2020, 17, 320–334. [Google Scholar] [CrossRef]
68. Boucenna, F.; Nouali, O.; Kechid, S.; Tahar Kechadi, M. Secure Inverted Index Based Search over Encrypted Cloud Data with User Access Rights Management. J. Comput. Sci. Technol. 2019, 34, 133–154. [Google Scholar] [CrossRef]
69. Guo, C.; Zhuang, R.; Jie, Y.; Choo, K.K.; Tang, X. Secure range search over encrypted uncertain IoT outsourced data. IEEE Internet Things J. 2019, 6, 1520–1529. [Google Scholar] [CrossRef]
70. Shen, M.; Ma, B.; Zhu, L.; Du, X.; Xu, K. Secure phrase search for intelligent processing of encrypted data in cloud-based iot. IEEE Internet Things J. 2019, 6, 1998–2008. [Google Scholar] [CrossRef][Green Version]
71. Elizabeth, B.; Prakash, A.; Uthariaraj, V. TSED: Top-k ranked searchable encryption for secure cloud data storage. Adv. Intell. Syst. Comput. 2018, 645, 113–121. [Google Scholar]
72. Wu, D.; Gan, Q.; Wang, X. Verifiable Public Key Encryption with Keyword Search Based on Homomorphic Encryption in Multi-User Setting. IEEE Access 2018, 6, 42445–42453. [Google Scholar] [CrossRef]
73. Halevi, S.; Shoup, V. Algorithms in HElib. In Advances in Cryptology—CRYPTO 2014, Proceedings of the 34th Annual Cryptology Conference, Santa Barbara, CA, USA, 17–21 August 2014; Garay, J.A., Gennaro, R., Eds.; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2014; pp. 554–571. [Google Scholar]
74. Dworkin, M.; Barker, E.; Nechvatal, J.; Foti, J.; Bassham, L.; Roback, E.; Dray, J. Advanced Encryption Standard (AES); Federal Inf. Process. Stds. (NIST FIPS), National Institute of Standards and Technology: Gaithersburg, MD, USA, 2001.
75. Bresson, E.; Catalano, D.; Pointcheval, D. A Simple Public-Key Cryptosystem with a Double Trapdoor Decryption Mechanism and Its Applications. In Advances in Cryptology—ASIACRYPT 2003, Proceedings of the 9th International Conference on the Theory and Application of Cryptology and Information Security, Taipei, Taiwan, 30 November–4 December 2003; Laih, C.S., Ed.; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2003; pp. 37–54. [Google Scholar]
76. Krawczyk, D.H.; Bellare, M.; Canetti, R. HMAC: Keyed-Hashing for Message Authentication; RFC 2104; RFC Editor: 1997.
77. Boucenna, F.; Nouali, O.; Kechid, S. Concept-based Semantic Search over Encrypted Cloud Data. In Proceedings of the 12th International Conference on Web Information Systems and Technologies, Rome, Italy, 23–25 April 2016; pp. 235–242. [Google Scholar]
78. Cao, N.; Wang, C.; Li, M.; Ren, K.; Lou, W. Privacy-Preserving Multi-Keyword Ranked Search over Encrypted Cloud Data. IEEE Trans. Parallel Distrib. Syst. 2014, 25, 222–233. [Google Scholar] [CrossRef][Green Version]
79. Whissell, J.S.; Clarke, C.L.A. Improving document clustering using Okapi BM25 feature weighting. Inf. Retr. 2011, 14, 466–487. [Google Scholar] [CrossRef]
80. Liu, G.; Yang, G.; Wang, H.; Xiang, Y.; Dai, H. A Novel Secure Scheme for Supporting Complex SQL Queries over Encrypted Databases in Cloud Computing. Secur. Commun. Netw. 2018, 2018, e7383514. [Google Scholar] [CrossRef]
81. Menezes, A.J.; Vanstone, S.A.; Oorschot, P.C.V. Handbook of Applied Cryptography, 1st ed.; CRC Press, Inc.: Boca Raton, FL, USA, 1996. [Google Scholar]
82. Wan, Z.; Deng, R. VPSearch: Achieving Verifiability for Privacy-Preserving Multi-Keyword Search over Encrypted Cloud Data. IEEE Trans. Dependable Secur. Comput. 2018, 15, 1083–1095. [Google Scholar] [CrossRef]
83. Dong, Q.; Guan, Z.; Wu, L.; Chen, Z. Fuzzy keyword search over encrypted data in the public key setting. In Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Springer: Berlin/Heidelberg, Germany, 2013; Volume 7923 LNCS, pp. 729–740. [Google Scholar]

参考:

• https://github.com/intel/pailliercryptolib
• https://github.com/data61/python-paillier
• https://python-paillier.readthedocs.io/en/develop/
• https://www.secrss.com/articles/49072