ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2017, Vol. 54 ›› Issue (12): 2818-2824.doi: 10.7544/issn1000-1239.2017.20170902

• 信息安全 • 上一篇    下一篇



  1. (武汉光电国家实验室(华中科技大学) 武汉 430074) (
  • 出版日期: 2017-12-01
  • 基金资助: 

Optimization for Broadcast Encryption in Cloud Using Extended Public Key

Li Chunhua, Wang Hua, Zhang Yanzhe, Zhou Ke   

  1. (Wuhan National Laboratory for Optoelectronics (Huazhong University of Science and Technology), Wuhan 430074)
  • Online: 2017-12-01

摘要: 基于广播加密的云存储系统受到研究者的关注.然而,基本的广播加密方案不能适应云存储环境中用户和权限的动态变更情况.针对广播加密中密钥管理分发开销大的问题,提出一种扩展公钥的广播加密优化方法,通过保留初始产生公钥时使用的部分私有参数,当用户加入或撤离系统时,使用保留的私有参数产生新的公钥来加密数据.这样,合法用户仍可以使用之前已分发的私钥解密新公钥加密的数据,从而避免了用户动态变化时公钥的频繁变化和密钥的重复分发.通过引入懒惰回收机制,降低了权限变更和密钥定期更新带来的开销.测试结果表明:采用优化方案后,增加用户数量和权限撤销时,系统性能得到较大提高.

关键词: 云存储, 广播加密, 扩展公钥, 密钥管理, 优化

Abstract: Security issues have been a major hurdle for the application of cloud storage. As data encryption is the mainstream method to ensure confidentiality, users always share their data by means of key's management and distribution. However, how to manage massive keys and distribute them securely and efficiently is a challenge in cloud storage. In recent years, broadcast encryption scheme has been paid more attention by researchers to mitigate above problems for cloud data sharing. Since current schemes take insufficient account of changes of users and users's privilege, they do not perform well in cloud. To reduce the overhead of key distribution, an optimization method is proposed for public-key based broadcast encryption in this paper. First, the scope of public keys is expanded to two or more times and the initial related parameters used for generating public keys are kept simultaneously. These parameters can ensure private keys distributed previously still available when they are employed to generate the new public keys for new valid users, thus greatly decreases the cost of redistributing private keys. Second, lazy revocation is adopted to reduce the cost of updating keys. Experimental results show that our optimized method outperforms the existing schemes while adding new users and revoking users' privilege in cloud.

Key words: cloud storage, broadcast encryption, extended public key, key management, optimization