电子学报 ›› 2020, Vol. 48 ›› Issue (11): 2146-2153.DOI: 10.3969/j.issn.0372-2112.2020.11.008

• 学术论文 • 上一篇    下一篇

支持离线/在线加密及可验证外包解密的CP-WABE方案

李航1, 冯朝胜1,2, 刘帅南1, 刘彬1, 赵开强1   

  1. 1. 四川师范大学计算机科学学院, 四川成都 610101;
    2. 网络与数据安全四川省重点实验室, 电子科技大学, 四川成都 610054
  • 收稿日期:2020-04-07 修回日期:2020-06-15 出版日期:2020-11-25
    • 通讯作者:
    • 冯朝胜
    • 作者简介:
    • 李航 男,1997年出生于四川巴中.四川师范大学在读研究生.研究方向为云计算与信息安全.E-mail:hanghanglh@foxmail.com;刘帅南 男,1997年生于安徽宿州,四川师范大学在读研究生.研究方向为云计算与信息安全.E-mail:liushuainan9721@163.com;刘彬 男,1996年出生于四川宜宾,四川师范大学在读研究生.研究方向为区块链与云计算.E-mail:liubin10@foxmail.com;赵开强 男,1996年出生于四川巴中,本科毕业于成都信息工程大学,现四川师范大学在读研究生.研究方向为大数据与云计算.E-mail:k92ha0@foxmail.com
    • 基金资助:
    • 国家自然科学基金 (No.61373163); 网络与数据安全四川省重点实验室课题 (No.NDS2019-1); 国防科技重点实验室基金 (No.6142103010709)

A CP-WABE Scheme Supports Offline/Online Encryption and Verifiable Outsourced Decryption

LI Hang1, FENG Chao-sheng1,2, LIU Shuai-nan1, LIU Bin1, ZHAO Kai-qiang1   

  1. 1. Dept of Computer Science, Sichuan Normal University, Chengdu, Sichuan 610101, China;
    2. Network and Data Security Key Laboratory of Sichuan Province, University of Electronic Science and Technology of China, Chengdu, Sichuan 610054, China
  • Received:2020-04-07 Revised:2020-06-15 Online:2020-11-25 Published:2020-11-25
    • Corresponding author:
    • FENG Chao-sheng
    • Supported by:
    • National Natural Science Foundation of China (No.61373163); Project of Sichuan Province Key Laboratory of Network and Data Security (No.NDS2019-1); Key Laboratory of national defense science and Technology Foundation (No.6142103010709)

摘要: 已有的支持在线/离线加密和外包解密的基于属性加密的方案可实现细粒度访问控制和数据保密性,但无法实现同一属性之间的层次关系的表达和数据防篡改,并且终端需要在离线加密之前确定用户的访问结构,每次加密都需重新生成中间密文.针对上述问题,本文提出了一种支持离线/在线加密及可验证外包解密的CP-WABE(Ciphertext-Policy Weighted Attribute-Based Encryption)方案.该方案通过权重集合来实现同一属性层次关系的灵活表达,可实现一次离线加密就产生不同访问结构的数据的中间密文,在线仅需要少量开销就可完成加密,同时对外包解密的正确性进行了验证.最后对方案进行了安全性和性能分析,实验仿真也表明了本文对比相关方案更具优势.

关键词: 密文策略基于权重属性加密, 云计算, 权重集合, 离线/在线, 外包

Abstract: Existing attribute-based encryption schemes which support online/offline outsourcing encryption and decryption can realize fine-grained access control and data confidentiality, but it cannot achieve the expression of hierarchical relationships between the same attributes and prevent data from being tampered. Besides, the terminal needs to determine the user's access structure before offline encryption, and the intermediate ciphertext needs to be regenerated every time. Aiming at the above problems, this paper proposes a CP-WABE (Ciphertext-Policy Weighted Attribute-Based Encryption) scheme supports offline/online encryption and verifiable outsourced decryption. The scheme realizes the flexible expression of the hierarchical relation of the same attributes through the weight sets, which can realize the generation of intermediate ciphertext of the data with different access structure after one offline encryption, and complete the online encryption with only a small amount of overhead. At the same time, the correctness of outsourced decryption is verified. Finally, the security and performance of the scheme are analyzed, and the experimental simulation also shows that this paper has more advantages than the related schemes.

Key words: ciphertext-policy weighted attribute-based encryption(CP-WABE), cloud computing, weighted set, offline/online, outsourcing

中图分类号: