高级检索

    支持策略更新和即时密文验证的外包属性基加密方案

    Outsourced Attribute-Based Encryption Scheme with Policy Updating and Verifiable Ciphertext

    • 摘要: 属性基加密提供了全新的基于密码学的访问控制方案,适用于多用户数据共享场景,但由于加密阶段和访问策略更新过程的计算和通信开销较大,且现有的外包属性基加密方案大多数都没有提供面向数据拥有者的密文正确性验证方法,很大程度上限制了属性基加密的实际应用. 针对上述问题,提出了一种支持动态策略更新和即时验证密文正确性的属性基外包加密方案,能够在不可信云环境下有效地保护数据的隐私性. 方案根据外包加密原理设计策略更新过程,只需要完成少量计算即可生成更新密钥. 利用双线性对的运算特性和解密运算结构设计密文验证算法,通过引入验证转换密钥使密文验证效率明显高于解密运算. 方案根据不同的云环境模型设计了高效验证算法和严格验证算法,分别适用于诚实且好奇和不可信的云环境中. 方案在标准模型下被证明满足选择明文攻击安全性. 性能分析和效率对比表明,该方案的本地加密、策略更新和密文验证的计算量都有所减少,使得整体方案较现有方案更加轻量化,适用于资源受限设备的数据共享场景.

       

      Abstract: Attribute-based encryption is a new access control scheme based on cryptography, which is suitable for data sharing. However, the large computational and communication costs of encryption and access policy updating limit the practical application of attribute-based encryption. Moreover, most of proposed outsourcing ABE schemes do not provide a ciphertext correctness verification method for data owners. Thus, an outsourced ABE scheme with dynamic policy updating and real-time verification of ciphertext correctness was proposed to further protect data privacy in an untrusted cloud environment. In the scheme, the design of policy updating references outsourced encryption, which reduces the computational cost of generating update key. The design of ciphertext correctness verification algorithm refers to decryption operation and introduces verification transformation key to make ciphertext verification more efficient. According to different cloud environment models, efficient verification algorithm and strict verification algorithm are designed, which are suitable for honest but curious cloud environment and untrustworthy cloud environment respectively. The scheme was secure against chosen plaintext attack under the standard model. Performance analysis and efficiency comparison show that the computation of local encryption, policy updating and ciphertext verification are reduced, and the scheme is more lightweight, which is suitable for the application of computation-constrained devices in access control scenarios.

       

    /

    返回文章
    返回