ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2019, Vol. 56 ›› Issue (2): 442-452.doi: 10.7544/issn1000-1239.2019.20170883

• 信息安全 • 上一篇    

面向云存储的支持完全外包属性基加密方案

赵志远1,王建华1,2,徐开勇1,郭松辉1   

  1. 1(中国人民解放军信息工程大学 郑州 450001); 2(空军电子技术研究所 北京 100195) (zzy_taurus@foxmail.com)
  • 出版日期: 2019-02-01
  • 基金资助: 
    国家“九七三”重点基础研究发展计划基金项目(2013CB338000);国家重点研发计划项目(2016YFB0501900)

Fully Outsourced Attribute-Based Encryption with Verifiability for Cloud Storage

Zhao Zhiyuan1, Wang Jianhua1,2, Xu Kaiyong1, Guo Songhui1   

  1. 1(PLA Information Engineering University, Zhengzhou 450001); 2(Electronic Technology Institute of Air Force, Beijing 100195)
  • Online: 2019-02-01

摘要: 广泛应用于云存储环境的属性基加密方案在密钥生成、数据加密和解密阶段需要大量计算资源,且计算量与属性集合或访问策略复杂度呈线性增长关系,该问题对于资源受限的用户变得更加严重.为解决上述问题,提出一种支持可验证的完全外包密文策略属性基加密方案.该方案可以同时实现密钥生成、数据加密和解密阶段的外包计算功能,并且能够验证外包计算结果的正确性.该方法可以有效减轻云存储系统中属性授权机构、数据拥有者和数据用户的计算负担.然后,在随机预言机模型下证明了所提方案的选择明文攻击的不可区分安全性,提供了所提方案的可验证性证明.最后,理论分析与实验验证结果表明所提方案在功能性和效率方面具有优势,更加适合实际应用情况.

关键词: 云存储, 属性基加密, 混合访问策略, 完全外包计算, 可验证性

Abstract: Attribute-based encryption (ABE) is a promising cryptographic primitive which significantly enhances the versatility of access control mechanisms in the cloud storage environment. However, the computation cost of most ABE schemes is considerably expensive during key generation, encryption and decryption phases. And the computation cost, which grows with the complexity of the access policy or the attribute set, is becoming critical barriers in applications running on resource-limited devices. Aiming at tackling the challenge above, a fully outsourced ciphertext-policy attribute-based encryption scheme with verifiability is proposed in this paper. The proposed scheme can achieve outsourced key generation, encryption and decryption simultaneously. In the proposed scheme, heavy computations are outsourced to public cloud service providers, and no complex operations are left for the attribute authority, data owner and data user. At the same time, the scheme can verify the correctness of the computing result in an efficient way, which is very important. The proposed scheme is proven to be indistinguishable against chosen plaintext attack secure under the random oracle model and is provided with verifiable proof. Finally, the results of theoretical analysis and experimental simulation show that the proposed scheme has advantages in function and efficiency, and it is more suitable for practical applications.

Key words: cloud storage, attribute-based encryption, hybrid access policy, fully outsourced computation, verifiability

中图分类号: