属性可撤销且密文长度恒定的属性基加密方案

doi:10.3969/j.issn.0372-2112.2018.10.012

电子学报 ›› 2018, Vol. 46 ›› Issue (10): 2391-2399.DOI: 10.3969/j.issn.0372-2112.2018.10.012

属性可撤销且密文长度恒定的属性基加密方案

赵志远, 朱智强, 王建华, 孙磊

信息工程大学, 河南郑州 450001

收稿日期:2017-07-12 修回日期:2018-03-08 出版日期:2018-10-25
- 作者简介:
- 赵志远,男,1989年生于吉林磐石.解放军信息工程大学三院博士生.研究方向为云计算安全、公钥密码学.E-mail:zzy_taurus@foxmail.com;朱智强,男,1961年生于吉林长春.武汉大学博士.现为解放军信息工程大学三院教授,硕士生导师.研究方向为云计算、信息安全.
- 基金资助:
- 国家973重点基础研究发展计划 (No.2013CB338000）; 国家重点研发计划 (No.2016YFB0501900）

Attribute-Based Encryption with Attribute Revocation and Constant-Size Ciphertext

ZHAO Zhi-yuan, ZHU Zhi-qiang, WANG Jian-hua, SUN Lei

Information Engineering University, Zhengzhou, Henan 450001, China

Received:2017-07-12 Revised:2018-03-08 Online:2018-10-25 Published:2018-10-25
- Supported by:
- National Program on Key Basic Research Project of China (973 Program) (No.2013CB338000); National Key Research and Development Program of China (No.2016YFB0501900)

摘要/Abstract

摘要： 密文策略属性基加密（ciphertext-policy attribute-based encryption，CP-ABE）类似于基于角色访问控制，可以为云存储系统提供灵活细粒度的访问控制.但大多数CP-ABE方案中，密文长度与访问策略复杂度成正相关，系统属性同时被多个用户共享而导致属性难以被撤销.针对上述问题，本文提出一种支持属性撤销且密文长度恒定的属性基加密方案.该方案中每个用户的属性群密钥不能通用，可以有效抵抗撤销用户与未撤销用户的合谋攻击.为减少属性授权机构和数据拥有者的计算负担，属性撤销过程所需的计算量外包给数据服务管理者；同时该方案采用支持多值属性和通配符的"AND"门策略，实现了密文长度恒定.所提方案基于决策性q-BDHE（q-bilinear Diffie-Hellman exponent）假设对方案进行了选择明文攻击的安全性证明.最后对方案进行了理论分析与实验验证，分析结果表明本文方案可以有效抵制用户合谋攻击，增加了方案的安全性.同时所提方案在功能和计算效率方面具有一定优势，适用于实际应用情况.

关键词: 属性基加密, 属性撤销, 合谋攻击, 密文长度恒定

Abstract: Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is similar to role-based access control, which provides flexible and fine-grained access control for cloud storage systems. However, in most of existing CP-ABE schemes, the ciphertext length is positively related to the complexity of the access structure. And the attribute level user revocation is an important challenge because the system attributes are shared by multiple users at the same time. To solve this problem, this paper presents an CP-ABE scheme that supports the attribute level user revocation and constant-size ciphertext. The attribute group key for each user in the scheme is different, so this scheme can effectively resist collusion attacks between the revoked users and the existing users. To reduce the computational burden of the attribute authority and the data owner, the amount of computation required for the attribute revocation process is outsourced to the data service manager. At the same time, the scheme adopts the AND-Gate strategy supporting multi-valued attributes and wildcards, and the ciphertext length is constant. The scheme is proved selectively secure based on Decisional q-Bilinear Diffie-Hellman Exponent (q-BDHE) assumption. Finally, the functionality and efficiency of the proposed scheme are analyzed and verified. The experimental results show that the proposed scheme can safely implement attribute level user revocation. At the same time, the proposed scheme has some advantages in terms of function and computational efficiency. It is suitable for practical application.

Key words: attribute-based encryption, attribute revocation, collusion attacks, constant-size ciphertext

中图分类号:

TP309

赵志远, 朱智强, 王建华, 等. 属性可撤销且密文长度恒定的属性基加密方案[J]. 电子学报, 2018, 46(10): 2391-2399.

ZHAO Zhi-yuan, ZHU Zhi-qiang, WANG Jian-hua, et al. Attribute-Based Encryption with Attribute Revocation and Constant-Size Ciphertext[J]. Acta Electronica Sinica, 2018, 46(10): 2391-2399.

参考文献

[1] BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-policy attribute-based encryption[A].Proceedings of the IEEE Symposium on Security and Privacy[C].Washington:IEEE Computer Society,2007.321-334.
[2] 刘梦君,刘树波,等.基于LSSS共享矩阵无授权策略的属性密码解密效率提高方案[J].电子学报,2015,43(6):1065-1072. LIU Meng-jun,LIU Shu-bo,et al.Optimizing the decryption efficiency in LSSS matrix-based attribute-based encryption without given policy[J].Acta Electronica Sinica,2015,43(6):1065-1072.(in Chinese)
[3] SOOKHAK M,YU F R,et al.Attribute-based data access control in mobile cloud computing:Taxonomy and open issues[J].Future Generation Computer Systems,2017,72(C):273-287.
[4] EMURA K,MIYAJI A,et al.A ciphertext-policy attribute-based encryption scheme with constant ciphertext length[A].Proceedings of the International Conference on Information Security Practice and Experience[C].Berlin:Springer,2009.13-23.
[5] GE A,ZHANG R,et al.Threshold ciphertext policy attribute-based encryption with constant size ciphertexts[A].Proceedings of the Australasian Conference on Information Security and Privacy[C].Berlin:Springer,2012.336-349.
[6] ZHANG Y,ZHENG D,et al.Computationally efficient ciphertext-policy attribute-based encryption with constant-size ciphertexts[A].Proceedings of the International Conference on Provable Security[C].Berlin:Springer,2014.259-273.
[7] ODELU V,DAS A K,et al.Pairing-based CP-ABE with constant-size ciphertexts and secret keys for cloud environment[J].Computer Standards & Interfaces,2016,54(P1):3-9.
[8] PIRRETTI M,TRAYNOR P,et al.Secure attribute-based systems[A].Proceedings of the ACM Conference on Computer and Communications Security[C].New York:ACM,2006.99-112.
[9] RAFAELI S,HUTCHISON D.A survey of key management for secure group communication[J].ACM Computing Surveys,2003,35(3):309-329.
[10] HUR J,NOH D K.Attribute-based access control with efficient revocation in data outsourcing systems[J].IEEE Transactions on Parallel and Distributed Systems,2011,22(7):1214-1221.
[11] SHIRAISHI Y,NOMURA K,et al.Attribute revocable attribute-based encryption with forward secrecy for fine-grained access control of shared data[J].IEICE Transactions on Information and Systems,2017,100(10):2432-2439.
[12] LI Ji-guo,YAO Wei,et al.User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage[J].IEEE Systems Journal,2017,PP(99):1-11.
[13] 闫玺玺,叶青,刘宇.云环境下支持隐私保护和用户撤销的属性基加密方案[J].信息网络安全,2017(6):14-21. YAN Xi-xi,YE Qing,LIU Yu.Attribute-based encryption scheme supporting privacy preserving and user revocation in the cloud environment[J].Netinfo Security,2017(6):14-21.(in Chinese)
[14] 张应辉,郑东,等.密文长度恒定且属性直接可撤销的基于属性的加密[J].密码学报,2014,1(5):465-480. ZHANG Ying-hui,ZHENG Dong,et al.Attribute directly-revocable attribute-based encryption with constant ciphertext length[J].Journal of Cryptologic Research,2014,1(5):465-480.(in Chinese)
[15] 冯登国,陈成.属性密码学研究[J].密码学报,2014,1(1):1-12. FENG Deng-guo,CHEN Cheng.Research on attribute-based cryptography[J].Journal of Cryptologic Research,2014,1(1):1-12.(in Chinese)

属性可撤销且密文长度恒定的属性基加密方案

Attribute-Based Encryption with Attribute Revocation and Constant-Size Ciphertext

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 5

编辑推荐

Metrics

[1]	佘维, 霍丽娟, 刘炜, 张志鸿, 宋轩, 田钊. 一种可隐藏敏感文档和发送者身份的区块链隐蔽通信模型[J]. 电子学报, 2022, 50(4): 1002-1013.
[2]	晋云霞, 杨贺昆, 冯朝胜, 刘帅南, 李航, 邹莉萍, 万国根. 一种支持解密外包的KP-ABE方案[J]. 电子学报, 2020, 48(3): 561-567.
[3]	王于丁, 杨家海. DACPCC:一种包含访问权限的云计算数据访问控制方案[J]. 电子学报, 2018, 46(1): 236-244.
[4]	周彦伟, 杨波, 张文政. 新型的多路径匿名通信系统[J]. 电子学报, 2017, 45(5): 1234-1239.
[5]	陈丹伟, 邵菊, 樊晓唯, 陈林铃, 何利文. 基于MAH-ABE的云计算隐私保护访问控制[J]. 电子学报, 2014, 42(4): 821-827.