支持离线/在线加密及可验证外包解密的CP-WABE方案

doi:10.3969/j.issn.0372-2112.2020.11.008

电子学报 ›› 2020, Vol. 48 ›› Issue (11): 2146-2153.DOI: 10.3969/j.issn.0372-2112.2020.11.008

支持离线/在线加密及可验证外包解密的CP-WABE方案

李航¹, 冯朝胜^1,2, 刘帅南¹, 刘彬¹, 赵开强¹

1. 四川师范大学计算机科学学院, 四川成都 610101;
2. 网络与数据安全四川省重点实验室, 电子科技大学, 四川成都 610054

收稿日期:2020-04-07 修回日期:2020-06-15 出版日期:2020-11-25
- 通讯作者:
- 冯朝胜
- 作者简介:
- 李航男,1997年出生于四川巴中.四川师范大学在读研究生.研究方向为云计算与信息安全.E-mail:hanghanglh@foxmail.com;刘帅南 男,1997年生于安徽宿州,四川师范大学在读研究生.研究方向为云计算与信息安全.E-mail:liushuainan9721@163.com;刘彬男,1996年出生于四川宜宾,四川师范大学在读研究生.研究方向为区块链与云计算.E-mail:liubin10@foxmail.com;赵开强 男,1996年出生于四川巴中,本科毕业于成都信息工程大学,现四川师范大学在读研究生.研究方向为大数据与云计算.E-mail:k92ha0@foxmail.com
- 基金资助:
- 国家自然科学基金 (No.61373163）; 网络与数据安全四川省重点实验室课题 (No.NDS2019-1）; 国防科技重点实验室基金 (No.6142103010709）

A CP-WABE Scheme Supports Offline/Online Encryption and Verifiable Outsourced Decryption

LI Hang¹, FENG Chao-sheng^1,2, LIU Shuai-nan¹, LIU Bin¹, ZHAO Kai-qiang¹

1. Dept of Computer Science, Sichuan Normal University, Chengdu, Sichuan 610101, China;
2. Network and Data Security Key Laboratory of Sichuan Province, University of Electronic Science and Technology of China, Chengdu, Sichuan 610054, China

Received:2020-04-07 Revised:2020-06-15 Online:2020-11-25 Published:2020-11-25
- Corresponding author:
- FENG Chao-sheng
- Supported by:
- National Natural Science Foundation of China (No.61373163); Project of Sichuan Province Key Laboratory of Network and Data Security (No.NDS2019-1); Key Laboratory of national defense science and Technology Foundation (No.6142103010709)

摘要/Abstract

摘要： 已有的支持在线/离线加密和外包解密的基于属性加密的方案可实现细粒度访问控制和数据保密性，但无法实现同一属性之间的层次关系的表达和数据防篡改，并且终端需要在离线加密之前确定用户的访问结构，每次加密都需重新生成中间密文.针对上述问题，本文提出了一种支持离线/在线加密及可验证外包解密的CP-WABE（Ciphertext-Policy Weighted Attribute-Based Encryption）方案.该方案通过权重集合来实现同一属性层次关系的灵活表达，可实现一次离线加密就产生不同访问结构的数据的中间密文，在线仅需要少量开销就可完成加密，同时对外包解密的正确性进行了验证.最后对方案进行了安全性和性能分析，实验仿真也表明了本文对比相关方案更具优势.

关键词: 密文策略基于权重属性加密, 云计算, 权重集合, 离线/在线, 外包

Abstract: Existing attribute-based encryption schemes which support online/offline outsourcing encryption and decryption can realize fine-grained access control and data confidentiality, but it cannot achieve the expression of hierarchical relationships between the same attributes and prevent data from being tampered. Besides, the terminal needs to determine the user's access structure before offline encryption, and the intermediate ciphertext needs to be regenerated every time. Aiming at the above problems, this paper proposes a CP-WABE (Ciphertext-Policy Weighted Attribute-Based Encryption) scheme supports offline/online encryption and verifiable outsourced decryption. The scheme realizes the flexible expression of the hierarchical relation of the same attributes through the weight sets, which can realize the generation of intermediate ciphertext of the data with different access structure after one offline encryption, and complete the online encryption with only a small amount of overhead. At the same time, the correctness of outsourced decryption is verified. Finally, the security and performance of the scheme are analyzed, and the experimental simulation also shows that this paper has more advantages than the related schemes.

Key words: ciphertext-policy weighted attribute-based encryption(CP-WABE), cloud computing, weighted set, offline/online, outsourcing

中图分类号:

TP309.2

李航, 冯朝胜, 刘帅南, 等. 支持离线/在线加密及可验证外包解密的CP-WABE方案[J]. 电子学报, 2020, 48(11): 2146-2153.

LI Hang, FENG Chao-sheng, LIU Shuai-nan, et al. A CP-WABE Scheme Supports Offline/Online Encryption and Verifiable Outsourced Decryption[J]. Acta Electronica Sinica, 2020, 48(11): 2146-2153.

参考文献

[1] Sahai A,Waters B R.Fuzzy identity-based encryption[A].Ronald Cramer.Proceedings of the 24th Annual International Conference on Theory and Applications of Cryptographic Techniques[C].Berlin:Springer,2004.457-473.
[2] Goyal V,Pandey O,Sahai A,et al.Attribute-based encryption for fine-grained access control of encrypted data[A].Computer and Communications Security[C].New York:ACM,2006.89-98.
[3] Bethencourt J,Sahai A,Waters B.Ciphertext-policy attribute-based encryption[A].IEEE Symposium on Security and Privacy[C].Washington:IEEE Computer Society,2007.321-334.
[4] Guo F,Mu Y,Chen Z.Identity-Based online/offline encryption[A].The International Conference on Financial Cryptography and Data Security[C].Berlin,Heidelberg:Springer-Verlag,2008.247-261.
[5] Even S,Goldreich O,Micali S.On-Line/Off-Line digital signatures[A].The Conference on the Theory and Application of Cryptology[C].New York:Springer-Verlag,1989.263-275.
[6] X Liu,J Ma,J Xiong,Q Li,J Ma.Ciphertext-policy weighted attribute encryption for fine-grained access control[A].The 5th International Conference on Intelligent Networking and Collaborative Systems[C].Xi'an,China:2013.51-57.
[7] Hohenberger S,Waters B.Online/Offline attribute-based encryption[A].The International Workshop on Public Key Cryptography[C].Berlin,Heidelberg:Springer-Verlag,2014.293-310.
[8] Rouselakis Y,Waters B.Practical constructions and new proof methods for large universe attribute-based encryption[A].The 2013 ACM SIGSAC Conference on Computer & Communications Security[C].Berlin Germany:ACM,2013.463-474.
[9] Green M,Hohenberger S,Waters B,et al.Outsourcing the decryption of ABE ciphertexts[A].Usenix Security Symposium[C].Berkeley:Usenix Association,2011.34-34.
[10] Yang K,Jia X.DAC-MACS:Effective data access control for multi-authority cloud storage systems[A].Security for Cloud Storage Systems[C].New York:Springer-Verlag,2014.59-83.
[11] Shao J,Lu R,Lin X.Fine-Grained data sharing in cloud computing for mobiledevices[A].The 2015 IEEE Conference on Computer Communications (INFOCOM)[C].Hong Kong:IEEE,2015.2677-2685.
[12] Shulan Wang,Kaitai Liang,Joseph K Liu,Jianyong Chen,Jianping Yu,Weixin Xie.Attribute-Based data sharing scheme revisited in cloud computing[J].IEEE Transactions on Information Forensics & Security,2016,1661-1673.
[13] Xue K,Hong J,Xue Y,et al.CABE:A new comparable attribute-based encryption construction with 0-Encoding and 1-Encoding[J].IEEE Transactions on Computers,2017,1-1.
[14] Wei Li,Wei Ni,Dongxi Liu et al.Unified ciphertext-policy weighted attribute-based encryption for sharing data in cloud computing[J].applied sciences,2018,2519.
[15] 仲红,崔杰,朱文龙,许艳.高效且可验证的多授权机构属性基加密方案[J].软件学报,2018,29(7):2006-2017. Zhong H,Cui J,Zhu WL,Xu Y.Efficient and verifiable muti-authority attribute based encryption scheme[J].Ruan Jian Xue Bao/Journal of Software,2018,29(7):2006-2017.(in Chinese)
[16] Qiuting Tian,Dezhi Han,Yanmei Jiang.Hierarchical authority based weighted attribute encryption scheme[J].Computer Science and Information Systems,2018,16(3):797-813.
[17] C Hahn,H Kwon,J Hur.Trustworthy delegation toward securing mobile healthcare cyber-physical systems[J].IEEE Internet of Things Journal,2019,6(4):6301-6309.
[18] J Xu,Q Wen,W Li,Z Jin.Circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation in cloud computing[J].IEEE Transactions Parallel Distrib.Systtems,2016,27(1):119-129.
[19] S Lin,R Zhang,H Ma,M Wang.Revisiting attribute-based encryption with verifiable outsourced decryption[J].IEEE Transactions Information Forensics Security,2015,10(10):2119-2130.
[20] Yinbin Miao,Qiuyun Tong,Kim-Kwang Raymond Choo,et al.Secure online/offline data sharing framework for cloud-assisted industrial internet of things[J].IEEE Internet of Things Journal,2019,6(5):8681-8691.
[21] H-Y Lin,W-G Tzeng.An efficient solution to the millionaires' problem based on homomorphic encryption[A].Applied Cryptography and Network Security[C].Berlin,Heidelberg:2005.456-466.
[22] B Waters.Ciphertext-policy attribute-based encryption:An expressive,efficient,and provably secure realization[A].The 14th International Conference on Practice and Theory in Public Key Cryptography[C].Edinburgh:2011.53-70.

支持离线/在线加密及可验证外包解密的CP-WABE方案

A CP-WABE Scheme Supports Offline/Online Encryption and Verifiable Outsourced Decryption

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	赵开强, 康萍, 刘彬, 郭真, 冯朝胜, 卿昱. 支持云代理重加密的CP-ABE方案[J]. 电子学报, 2023, 51(3): 728-735.
[2]	刘灵清, 董晨, 刘西蒙, 柳煌达, 连思璜, 陈潇. MEDAguard：基于逻辑加密的微电极点阵生物芯片知识产权保护方案[J]. 电子学报, 2022, 50(2): 440-445.
[3]	罗智勇, 朱梓豪, 谢志强, 孙广路. 面向云计算的花朵差分授粉工作流多目标优化算法研究[J]. 电子学报, 2021, 49(3): 470-476.
[4]	杨贺昆, 冯朝胜, 晋云霞, 王蔺, 罗王平, 邓红辉. 支持可验证加解密外包的CP-ABE方案[J]. 电子学报, 2020, 48(8): 1545-1551.
[5]	晋云霞, 杨贺昆, 冯朝胜, 刘帅南, 李航, 邹莉萍, 万国根. 一种支持解密外包的KP-ABE方案[J]. 电子学报, 2020, 48(3): 561-567.
[6]	卢晶, 段勇, 刘海波. 基于z值的分布式密度峰值聚类算法[J]. 电子学报, 2018, 46(3): 730-738.
[7]	王于丁, 杨家海. DACPCC:一种包含访问权限的云计算数据访问控制方案[J]. 电子学报, 2018, 46(1): 236-244.
[8]	丁嘉宁, 张鹏, 杨嵘, 刘俊朋, 刘庆云, 熊刚. 支持多租户的网络测试床模拟流量标记和溯源模型[J]. 电子学报, 2017, 45(8): 1947-1956.
[9]	杜思军, 徐尚书, 刘俊南, 张俊伟, 马建峰. 云计算中抗共谋攻击的数据位置验证协议[J]. 电子学报, 2017, 45(6): 1321-1326.
[10]	陈振华, 李顺东, 王道顺, 黄琼, 张卫国. 集合成员关系的安全多方计算及其应用[J]. 电子学报, 2017, 45(5): 1109-1116.
[11]	李焱, 郑亚松, 李婧, 朱春鸽, 刘欣然. 云环境下面向跨域作业的调度方法[J]. 电子学报, 2017, 45(10): 2416-2424.
[12]	陶晓玲, 韦毅, 王勇. 一种基于分层多代理的云计算负载均衡方法[J]. 电子学报, 2016, 44(9): 2106-2113.
[13]	陈凯, 许海铭, 徐震, 林东岱, 刘勇. 适用于移动云计算的抗中间人攻击的SSP方案[J]. 电子学报, 2016, 44(8): 1806-1813.
[14]	梁俊杰, 李凤华, 刘琼妮, 尹利. MapReduce框架下的优化高维索引与KNN查询[J]. 电子学报, 2016, 44(8): 1873-1880.
[15]	肖鹏, 刘洞波, 屈喜龙. 云计算中基于能耗比例模型的虚拟机调度算法[J]. 电子学报, 2015, 43(2): 305-311.