信息网络安全 ›› 2020, Vol. 20 ›› Issue (3): 90-97.doi: 10.3969/j.issn.1671-1122.2020.03.012

• 理论研究 • 上一篇    

支持撤销属性和外包解密的CP-ABE方案

刘鹏1,2(), 何倩2, 刘汪洋1, 程序1   

  1. 1.中电科大数据研究院有限公司,贵阳 550018
    2.桂林电子科技大学广西密码学与信息安全重点实验室,桂林 541004
  • 收稿日期:2019-10-20 出版日期:2020-03-10 发布日期:2020-05-11
  • 作者简介:

    作者简介:刘鹏(1990—),男,河南,硕士,主要研究方向为分布式计算、信息安全;何倩(1979—),男,湖南,教授,博士,主要研究方向为云计算、分布式计算和信息安全;刘汪洋(1987—),男,四川,博士,主要研究方向为开放数据、智慧城市;程序(1984—),男,贵州,博士,主要研究方向为开放数据、知识图谱。

  • 基金资助:
    国家自然科学基金[61661015];广西云计算与大数据协同创新基金[YD16801,C77KYS02SX18];广西创新驱动重大专项[AA17202024];广西密码学与信息安全重点实验室基金[CIS201701]

CP-ABE Scheme Supporting Attribute Revocation and Outsourcing Decryption

LIU Peng1,2(), HE Qian2, LIU Wangyang1, CHENG Xu1   

  1. 1. CETC Big Data Research Institute Co.,Ltd., Guiyang 550018, China
    2. Guangxi Key Laboratory of Cryptography and Information Security, Guilin University of Electronic Technology, Guilin 541004, China
  • Received:2019-10-20 Online:2020-03-10 Published:2020-05-11

摘要:

属性基加密机制能够为云环境下的数据分享和管理提供灵活的访问控制方案。然而,传统的属性基加密方案存在解密复杂度高和属性撤销困难的问题,导致属性基加密机制在实际中的应用受限。针对上述问题,文章提出一种支持撤销属性和外包解密的密文策略属性基加密方案,该方案在属性撤销过程只需更新对应的密文组件,有效降低密文更新的计算开销,并且属性撤销过程对用户是透明的,用户不需要参与密文和密钥的更新,减少了属性撤销对用户的影响。同时,引入解密代理将解密过程中计算开销较大的部分外包到服务端,降低用户端解密开销。安全性分析表明,该方案可以抵抗联合共谋以及选择性明文攻击,并通过对比分析得到该方案在密文更新和解密过程的计算开销均具有一定的优势。

关键词: 属性基加密, 访问控制, 属性撤销, 外包解密

Abstract:

The attribute-based encryption mechanism provides a flexible access control scheme for data sharing and management in a cloud environment. However, the traditional attribute-based encryption scheme has the problems of high decryption complexity and difficulty in attribute revocation, which leads to limited application of the attribute-based encryption mechanism in practice. Aiming at the above problems, this paper proposes a ciphertext-policy attribute-based encryption scheme, which only needs to update the corresponding secret in the attribute revocation process. The text component effectively reduces the computational cost of the ciphertext update, and the attribute revocation process is transparent to the user. The user does not need to participate in the ciphertext and the key update, thereby reducing the impact of the attribute revocation on the user. At the same time, the decryption agent is introduced to outsource the part with large computational cost in the decryption process to the server, thereby reducing the decryption overhead of the client. Security analysis shows that this scheme can resist joint collusion and selective plaintext attacks. Finally, through comparative analysis, the scheme has certain advantages in the computational overhead of the ciphertext update and decryption process.

Key words: attribute-based encryption, access control, attribute revocation, outsourcing decryption

中图分类号: