ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2019, Vol. 56 ›› Issue (10): 2160-2169.doi: 10.7544/issn1000-1239.2019.20190323

所属专题: 2019密码学与智能安全研究专题

• 信息安全 • 上一篇    下一篇

支持属性撤销的可追踪外包属性加密方案

高嘉昕,孙加萌,秦静   

  1. (山东大学数学学院 济南 250100) (gaojiaxin507@163.com)
  • 出版日期: 2019-10-16
  • 基金资助: 
    国家自然科学基金项目(61772311)

Traceable Outsourcing Attribute-Based Encryption with Attribute Revocation

Gao Jiaxin, Sun Jiameng, Qin Jing   

  1. (School of Mathematics, Shandong University, Jinan 250100)
  • Online: 2019-10-16

摘要: 属性基加密是一种能够对云服务器中数据实现细粒度访问控制的新型公钥加密方法,但是属性基加密中密钥分配、数据加密和解密过程的计算开销过大,给资源受限的用户造成很大的计算负担.为解决该问题,构造了一个将密钥分配与解密工作外包给云服务器的支持属性撤销的属性加密方案,同时该方案可验证外包计算的正确性.该方案使用线上/线下加密,既有效保护用户数据的隐私性,又减少用户的计算开销,提升方案运行效率;其次方案中使用树形访问策略,以提供更加细粒度的访问控制;同时利用重加密的方法实现细粒度的属性撤销,通过生成重加密密钥更新属性与密文,间接撤销单个属性;最后将用户身份嵌入密钥,达到用户可追踪的性质,并在标准模型下证明该方案是选择明文的不可区分安全性.

关键词: 属性加密, 外包计算, 属性撤销, 云存储, 可验证性

Abstract: Attribute-based encryption (ABE) is a new type of public key encryption method that can implement fine-grained access control on data in cloud servers, but the computational overhead of key distribution, data encryption and data decryption processes in attribute-based encryption is too expensive, which causes a large computational burden on the user with limited computing resources. In order to solve this problem, this paper constructs an attribute-based encryption scheme which supports key attribute revocation, outsource key distribution and data decryption work to the cloud server, at the same time, the proposed scheme can verify the correctness of outsourcing computation by using Hash functions; the scheme uses online/offline encryption and transfers lots of computation to the offline, which can effectively protect the privacy of user data, reduce the amount of user computing, and promote the operation efficiency of the solution; in addition, we use the tree access policy to provide more fine-grained access control; and the method of re-encryption realizes fine-grained attribute revocation, revoking a single attribute indirectly by generating a re-encryption key to update attributes and ciphertext; Finally, the user identity is embedded into the key to achieve the user traceability property. The proposed scheme is proved to be indistinguishable against chosen-plaintext attack(IND-CPA) security under the standard model.

Key words: attribute-based encryption (ABE), outsourcing computation, attribute revocation, cloud storage, verifiability

中图分类号: