ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2015, Vol. 52 ›› Issue (10): 2270-2280.doi: 10.7544/issn1000-1239.2015.20150497

所属专题: 2015网络安全与隐私保护研究进展

• 信息安全 • 上一篇    下一篇

自适应安全的外包CP-ABE方案研究

王皓1,2,郑志华1,2,吴磊1,2,王伊蕾3   

  1. 1(山东师范大学信息科学与工程学院 济南 250014); 2(山东省分布式计算机软件新技术重点实验室 济南 250014); 3(鲁东大学信息与电气工程学院 山东烟台 264025) (wanghao@sdnu.edu.cn)
  • 出版日期: 2015-10-01
  • 基金资助: 
    基金项目:国家自然科学基金项目(61272434,61502218);山东省自然科学基金项目(ZR2013FQ021);山东省优秀中青年科学家科研奖励基金项目(BS2014DX016)

Adaptively Secure Outsourcing Ciphertext-Policy Attribute-Based Encryption

Wang Hao1,2, Zheng Zhihua1,2, Wu Lei1,2, Wang Yilei3   

  1. 1(School of Information Science and Engineering, Shandong Normal University, Jinan 250014);2(Shandong Provincial Key Laboratory for Novel Distributed Computer Software Technology, Jinan 250014);3(School of Information and Electrical Engineering, Ludong University, Yantai, Shandong 264025)
  • Online: 2015-10-01

摘要: 属性基加密(attribute-based encryption, ABE)体制是身份基加密(identity-based encryption, IBE)体制的一种扩展,在ABE体制中,密钥产生中心根据用户拥有的属性为用户颁发密钥,加密者可以针对某个访问策略对消息进行加密,当且仅当用户拥有的属性满足相应的访问策略时,能够成功解密. 由于ABE体制可以实现对密文灵活的访问控制,因此有着良好的应用前景,尤其适用于保障云存储环境中信息的机密性. 然而,计算效率较低却一直是阻碍各类ABE方案被实际应用的主要问题. 针对这一问题,研究了借助外部资源降低ABE方案本地计算量的思想和方法,给出了外包ABE方案的形式化定义,并根据实际的敌手环境、安全目标制定了相应的安全模型. 随后,利用合数阶双线性群构造了一个具体的外包密文策略属性基加密(ciphertext-policy ABE, CP-ABE)方案,并利用双系统加密技术在标准模型下证明其满足自适应安全性.

关键词: 密文策略属性基加密, 外包, 自适应安全, 标准模型, 双系统加密

Abstract: Attribute-based encryption (ABE) is a type of public key encryption that allows users to encrypt and decrypt messages based on users attributes. In such a system, the decryption of a ciphertext is possible only if the set of the attributes of the user key matches the access policy of the ciphertext. Given its expressiveness, ABE is currently being considered for many network applications, especially for cloud storage and cloud computing. However, one of the main drawbacks of ABE is that the running time of encryption and decryption grows with the complexity of the access formula or the number of attributes. In practice, this makes encryption and decryption be possible bottlenecks for a lot of applications. In this work, we introduce outsourcing ABE system to mitigate this problem. In the outsourcing ABE system, users can outsource a part of the storage and computing tasks to some semi-honest servers. It is significant for mobile devices to save storage and computational resources. Then, we propose a specific outsourcing ciphertext-policy ABE (CP-ABE) scheme using the composite order bilinear groups. In our scheme, the local computation of (online) encryption and decryption can reach constant level. Finally, we prove its adaptive security in the standard model using the methodology of dual system encryption.

Key words: ciphertext-policy ABE (CP-ABE), outsourcing, adaptively secure, standard model, dual system encryption

中图分类号: