关键词: 云存储, 属性基加密, 混合访问策略, 完全外包计算, 可验证性

Abstract: Attribute-based encryption (ABE) is a promising cryptographic primitive which significantly enhances the versatility of access control mechanisms in the cloud storage environment. However, the computation cost of most ABE schemes is considerably expensive during key generation, encryption and decryption phases. And the computation cost, which grows with the complexity of the access policy or the attribute set, is becoming critical barriers in applications running on resource-limited devices. Aiming at tackling the challenge above, a fully outsourced ciphertext-policy attribute-based encryption scheme with verifiability is proposed in this paper. The proposed scheme can achieve outsourced key generation, encryption and decryption simultaneously. In the proposed scheme, heavy computations are outsourced to public cloud service providers, and no complex operations are left for the attribute authority, data owner and data user. At the same time, the scheme can verify the correctness of the computing result in an efficient way, which is very important. The proposed scheme is proven to be indistinguishable against chosen plaintext attack secure under the random oracle model and is provided with verifiable proof. Finally, the results of theoretical analysis and experimental simulation show that the proposed scheme has advantages in function and efficiency, and it is more suitable for practical applications.

Key words: cloud storage, attribute-based encryption, hybrid access policy, fully outsourced computation, verifiability