多机构授权下可追踪可隐藏的属性基加密方案

doi:10.3969/j.issn.1671-1122.2020.01.005

摘要/Abstract

摘要：

在单机构授权的属性基加密方案中,授权中心存在风险过于集中、计算载荷过重的问题。但已经存在的加密方案几乎都是在单机构授权下进行密钥追踪、访问策略隐藏的。因此,文章提出了一种在多机构授权下可隐藏策略、可追踪密钥的属性基加密方案。该方案通过把访问结构完全隐式地嵌入到密文中,从而使攻击者无法通过访问结构来获得用户隐私;多机构授权下实现对密钥的追踪,防止用户与单授权机构合谋密钥滥发。该方案在实现多机构授权下参数长度、计算开销没有明显的增加。最后基于DBDH安全模型,证明该方案在标准模型下是可以抵抗选择明文攻击的。

关键词: 访问控制, 属性基加密, 策略隐藏, 可追踪, 多机构授权

Abstract:

In the attribute-based encryption scheme of single-agent authorization, the authorization center is too concentrated and the load is too heavy. However, existing attribute-based encryption schemes fail to combine key tracking, access policy hiding and multi-agency licensing. Therefore, a policy-based encryption scheme with multi-agent authorization that can hide the key can be hidden. The access policy is completely hidden in the ciphertext. The malicious person cannot obtain the user’s privacy through the access structure. The key tracking is implemented under the authorization of multiple organizations. Prevent user collusion and single authority key spam. Moreover, after being tracked under multi-authorization, communication overhead and computational overhead are not significantly increased. Finally, based on the DBDH hypothesis, it is proved that the plaintext attack is safe under the standard model.

Key words: access control, attribute-based encryption, policy hiding, traceability, multi-authority

中图分类号:

TP309

许盛伟, 王飞杰. 多机构授权下可追踪可隐藏的属性基加密方案[J]. 信息网络安全, 2020, 20(1): 33-39.

XU Shengwei, WANG Feijie. Attribute-based Encryption Scheme Traced Under Multi-authority[J]. Netinfo Security, 2020, 20(1): 33-39.

图/表 3

参考文献 18

[1]	SAHAI A, WATERS B.Fuzzy Identity-Based Encryption[C]// ACM. Proceedings of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques. May 22-26, 2005, Aarhus, Denmark. Berlin: Springer Heidelberg, 2005: 457-473.
[2]	GOYAL V, PANDEY O, SAHAI A, et al.Attribute Based Encryption for Fine-Grained Access Control of Encrypted Data[C]// ACM. The 13th ACM Conference on Computer and Communications Security. October 30-November 3, 2006. Chicago, USA. New York: IEEE Press, 2006: 89-98.
[3]	BETHENCOURT J, SAHAI A, WATERS B.Ciphertext Policy Attribute Based Encryption[C]// IEEE. IEEE on Security and Privacy Symposium. June 11-15, 2007. Oakland, California. New York: IEEE Press, 2007: 321-334.
[4]	NISHIDE T, YONEYAMA K, OHTA K.Attribute Based Encryption with Partially Hidden Encryptor-Specified Access Structures[C]// ACM. The 6th International Conference on Applied Cryptography and Network Security. June 3-6, 2008. New York, NY, USA. Berlin: Springer, 2008: 111-129.
[5]	HUR J.Attribute Based Secure Data Sharing with Hidden Policies in Smart Grid[J]. IEEE Transactions on Parallel & Distributed Systems, 2013, 24(11): 2171-2180.
[6]	DU Ruiying, SHEN Jian, CHEN Jing, et al.Cloud Access Control Scheme Based on Policy Hidden Attribute Encryption[J]. Journal of Wuhan University(Science Edition), 2016, 62(3): 242-248.
	杜瑞颖,沈剑,陈晶,等.基于策略隐藏属性加密的云访问控制方案[J].武汉大学学报(理学版),2016,62(3):242-248.
[7]	SASCHA M, KATZENBEISSER S.Hiding the Policy in Cryptographic Access Control[C]// ACM. International Conference on Security & Trust Management. August 29-31, 2009. Vancouver, Canada. Berlin:Springer-Verlag, 2011: 90-105.
[8]	XIE Li, REN Yanli.Efficient Attribute Based Encryption Scheme for Hidden Access Structure[J]. Journal of Xidian University(Natural Science), 2015, 42(3): 97-102.
	解理,任艳丽.隐藏访问结构的高效基于属性加密方案[J].西安电子科技大学学报(自然科学版),2015,42(3):97-102.
[9]	WANG Haiping, ZHAO Jingjing.An Attribute Based Encryption Scheme for Cryptograph Strategy with Hidden Access Structure[J]. Computer Science, 2016, 43(2): 175-178.
	汪海萍,赵晶晶.隐藏访问结构的密文策略的属性基加密方案[J].计算机科学,2016,43(2):175-178.
[10]	LI Jin, REN Kui, ZHU Bo, et al.Privacy Aware Attribute Based Encryption with User Accountability[C]//ACM. 12th International Conference on Information Security. September 7-9, 2009. Pisa, Italy. Berlin: Springer, 2009: 347-362.
[11]	LIU Zhen, CAO Zhenfu, WONG D S.White Box Traceable Ciphertext Policy Attribute Based Encryption Supporting Any Monotone Access Structures[J]. IEEE Transactions on Information Forensics and Security, 2013, 8(1): 76-88.
[12]	YADAV U C.Ciphertext Policy Attribute Based Encryption with Hiding Access Structure[C]// IEEE. International Advance Computing Conference. June 12-13, 2015, Banglore, India. New York:IEEE Press, 2015: 6-10.
[13]	NING Jianting, CAO Zhenfu, DONG Xiaolei, et al.Large Universe Ciphertext-Policy Attribute-Based Encryption with White-Box Traceability[C]// ACM. European Symposium on Research in Computer Security. September 7-11, 2014, Wroclaw, Poland. Berlin: Springer Heidelberg, 2014: 55-72.
[14]	WANG Mei, SUN Lei.A Secure and Traceable Policy Hidden Attribute Base Encryption Scheme[J]. Computer Applications and Software, 2017, 34(2): 267-271.
	王梅,孙磊.一个安全可追踪的策略隐藏属性基加密方案[J].计算机应用与软件,2017,34(2):267-271.
[15]	YAN Xixi, LIU Yuan, LI Zichen, et al.Multi-mechanism Attribute Encryption Scheme with Semi-hidden Strategy and Support for Update[J]. Journal of Xidian University(Natural Science), 2018, 45(2): 122-128.
	闫玺玺,刘媛,李子臣,等.策略半隐藏且支持更新的多机构属性加密方案[J].西安电子科技大学学报(自然科学版), 2018,45(2):122-128.
[16]	ZHONG Hong, ZHU Wenlong, XU Yan, et al.Multi-authority Attribute Based Encryption Access Control Scheme with Policy Hidden for Cloud Storage[J]. Soft Computing, 2016, 22(1): 1-9.
[17]	RAHULAMATHAVAN Y, VELURU S, HAN Jinguang, et al.User Collusion Avoidance Scheme for Privacy Preserving Decentralized Key Policy Attribute Based Encryption[J]. IEEE Transactions on Computers, 2016, 65(9): 2939-2946.
[18]	HAN Jinguang, SUSILO W, MU Yi, et al.Improving Privacy and Security in Decentralized Ciphertext Policy Attribute Based Encryption[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(3): 665-678.

方案	可追踪性	访问结构	策略隐藏	多机构
文献[4]	无	任意门限	部分	否
文献[7]	无	与门	完全	否
文献[10]	可追踪	与门	无	否
文献[11]	可追踪	树状	无	否
文献[13]	可追踪	LSSS	无	否
文献[14]	可追踪	与门	完全	否
文献[15]	无	LSSS	部分	是
文献[16]	无	LSSS	完全	是
本文方案	可追踪	树状	完全	是

方案	公钥	私钥	密文	解密
文献[4]	(2N+1)G+G_T	3(n+1)G	2(N+1)G+G_T	(3n+1)U+(3n+1)G_T
文献[7]	(N+2)G+G_T	(2n+2)G	(2N+3)G+G_T	(2n+1)U+3G_T
文献[10]	(N+3)G+G_T	(2n+1)G	(N+n+1)G+G_T	(2n+1)U
文献[15]	(N+1)G+G_T	(2n+1)G	(2n+1)G+G_T	(2n+1)U
本文方案	(N+1)G+G_T	(2n+1)G	(2n+1)G+G_T	(2n+2)U