面向云安全的基于格的高效属性基加密方案

doi:10.3969/j.issn.1671-1122.2023.09.003

信息网络安全 ›› 2023, Vol. 23 ›› Issue (9): 25-36.doi: 10.3969/j.issn.1671-1122.2023.09.003

面向云安全的基于格的高效属性基加密方案

刘芹¹, 王卓冰¹, 余纯武²(), 王张宜¹

1.武汉大学国家网络安全学院，武汉 430079
2.武汉大学计算机学院，武汉 430079

收稿日期:2023-06-14 出版日期:2023-09-10 发布日期:2023-09-18
通讯作者: 余纯武 E-mail:yuchunwu@whu.edu.cn
作者简介:刘芹（1978—），女，湖北，副教授，博士，CCF会员，主要研究方向为应用密码学、物联网安全和嵌入式安全|王卓冰（1999—），男，湖北，硕士研究生，主要研究方向为密码学|余纯武（1974—），男，湖北，副教授，博士，主要研究方向为密码学、算法设计与分析|王张宜（1978—），男，河南，讲师，博士，主要研究方向为密码学、算法设计与分析
基金资助:
国家自然科学基金(62272348)

Efficient Attribute-Based Encryption Scheme from Lattices for Cloud Security

LIU Qin¹, WANG Zhuobing¹, YU Chunwu²(), WANG Zhangyi¹

1. School of Cyber Science and Engineering, Wuhan University, Wuhan 430079, China
2. School of Computer Science, Wuhan University, Wuhan 430079, China

Received:2023-06-14 Online:2023-09-10 Published:2023-09-18
Contact: YU Chunwu E-mail:yuchunwu@whu.edu.cn

摘要/Abstract

摘要：

随着越来越多的企业使用云计算提供的各种数据服务，云安全变得至关重要，而数据的加密和身份访问管理（IAM）是云安全的重要组成部分。密文策略属性基加密（CP-ABE）是一种特殊的公钥加密方案，可以用来解决密文的访问控制问题，适用于身份和访问管理系统。然而现有的属性基加密方案大多不能抵抗量子攻击，并且只能支持单值属性。为了满足身份访问管理中常用的基于属性的访问控制（ABAC）模型的需求，文章基于环上的错误学习问题构造了一个多权威密文策略属性基加密方案。文章所提方案采用键值对形式的属性，并支持析取范式的访问结构，能够实现细粒度的访问控制。同时，该方案允许多个权威去中心化地管理密钥。另外，该方案依赖于evasive LWE假设在多项式环上的变种，该方案被证明具有静态安全性。文章对方案进行了C++语言的实现验证，并进行了性能测试，实验结果表明，该方案具有较高的性能，适合实际应用。

关键词: 格密码学, evasive LWE, 密文策略属性基加密, 身份和访问管理

Abstract:

As more companies adopt cloud computing services, the importance of cloud security has increased significantly. To ensure secure data storage in the cloud, encryption and Identity and Access Management (IAM) are essential components. One solution for access control of encrypted data is Ciphertext-Policy Attribute-Based Encryption (CP-ABE), which can also be used in IAM systems. However, most of existing ABE schemes are not resistant to quantum adversaries, and only support single-valued attributes. To address the demand for IAMs using Attribute-Based Access Control (ABAC) mechanisms, this paper constructed a multi-authority CP-ABE scheme based on the ring learning with error problem. This scheme presented attributes in key-value pairs and supported access structures of Disjunctive Normal Form (DNF) formulas to achieve fine-grained access control. At the same time, this scheme allowed multiple decentralized authorities to manage and distribute keys. Furthermore, relying on a ring variant of evasive LWE assumption, this scheme was proven static secure. This article implemented the CP-ABE scheme in C++, and conducted performance testing. The experimental result shows that this scheme enjoys high efficiency and is suitable for practical application.

Key words: lattice cryptography, evasive LWE, CP-ABE, identity and access management

中图分类号:

TP309

刘芹, 王卓冰, 余纯武, 王张宜. 面向云安全的基于格的高效属性基加密方案[J]. 信息网络安全, 2023, 23(9): 25-36.

LIU Qin, WANG Zhuobing, YU Chunwu, WANG Zhangyi. Efficient Attribute-Based Encryption Scheme from Lattices for Cloud Security[J]. Netinfo Security, 2023, 23(9): 25-36.

图/表 5

参考文献 21

[1]	HU V C, FERRAIOLO D, KUHN R, et al. Guide to Attribute Based Access Control (ABAC) Definition and Considerations[EB/OL]. (2019-08-02)[2023-05-10]. https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.800-162.pdf.
[2]	SAHAI A, WATERS B. Fuzzy Identity-Based Encryption[C]// IACR. 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin: Springer, 2005: 457-473.
[3]	CHEN L, MOODY D, LIU Yikai. Post-Quantum Cryptography[EB/OL]. (2022-06-05)[2023-05-10]. https://csrc.nist.gov/projects/post-quantum-cryptography.
[4]	DATTA P, KOMARGOSKI I, WATERS B. Decentralized Multi-Authority ABE for NC1 from Computational-BDH[J]. Journal of Cryptology, 2023, 36(6): 1-31. doi: 10.1007/s00145-022-09441-3
[5]	BONEH D, GENTRY C, GORBUNOV S, et al. Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE and Compact Garbled Circuits[C]// IACR. 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin: Springer, 2014: 533-556.
[6]	BRAKERSKI D, VAIKUNTANATHAN V. Lattice-Inspired Broadcast Encryption and Succinct Ciphertext-Policy ABE[EB/OL]. (2021-04-26)[2023-05-10]. https://eprint.iacr.org/2020/191.
[7]	WEE H. Optimal Broadcast Encryption and CP-ABE from Evasive Lattice Assumptions[C]// IACR. 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin: Springer, 2022: 217-241.
[8]	DATTA P, KOMARGODSKI I, WATERS B. Decentralized Multi-Authority ABE for DNFs from LWE[C]// IACR. 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin: Springer, 2021: 177-209.
[9]	WATERS B, WEE H, WU D. Multi-Authority ABE from Lattices without Random Oracles[C]// IACR. Theory of Cryptography:20th International Conference. Berlin: Springer, 2022: 651-679.
[10]	BEIMEL A. Secure Schemes for Secret Sharing and Key Distribution[D]. Israel: Israel Institute of Technology, 1996.
[11]	LYUBASHEVSKY V, MICCIANCIO D. Generalized Compact Knapsacks are Collision Resistant[C]// EATCS. Automata, Languages and Programming:33rd International Colloquium. Berlin: Springer, 2006: 144-155.
[12]	LYUBASHEVSKY V, PEIKERT C, Regev O. On Ideal Lattices and Learning with Errors over Rings[J]. Journal of the ACM, 2013, 60(6): 1-35.
[13]	STEHLÉ D, STEINFELD R, TANAKA K, et al. Efficient Public-Key Encryption Based on Ideal Lattices[C]// IACR. 15th International Conference on the Theory and Application of Cryptology and Information Security. Berlin: Springer, 2009: 617-635.
[14]	PEIKERT C, ROSEN A. Efficient Collision-Resistant Hashing from Worstcase Assumptions on Cyclic Lattices[C]// IACR. Theory of Cryptography: Third Theory of Cryptography Conference. Berlin: Springer, 2006: 145-166.
[15]	AJTAI M. Generating Hard Instances of Lattice Problems[C]// ACM. STOC96:ACM Symposium on Theory of Computing. New York: ACM, 1996: 99-108.
[16]	AJTAI M. Generating Hard Instances of the Short Basis Problem[C]// EATCS. Automata, Languages and Programming:26th International Colloquium. Berlin: Springer, 1999: 1-9.
[17]	MICCIANCIO D, PEIKERT C. Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller[C]// IACR. 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin: Springer, 2012: 700-718.
[18]	GENISE N, MICCIANCIO D. Faster Gaussian Sampling for Trapdoor Lattices with Arbitrary Modulus[C]// IACR. 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin: Springer, 2018: 174-203.
[19]	BERT P, FOUQUE P, ROUX-LANGLOS A, et al. Practical Implementation of Ring-SIS/LWE Based Signature and IBE[C]// Springer. Post-Quantum Cryptography 9th International Conference. Berlin: Springer, 2018: 271-291.
[20]	CARLOS A, BARRIER J, GUELTON S, et al. NFLlib: NTT-Based Fast Lattice Library[C]// Springer EMC Corporation. RSA Conference 2016. Berlin: Springer, 2016: 341-356.
[21]	YANG Yang, SUN Jianguo, LIU Zechao, et al. Practical Revocable and Multi-Authority CP-ABE Scheme from RLWE for Cloud Computing[J]. Journal of Information Security and Applications, 2022, 65(2): 1-12.

面向云安全的基于格的高效属性基加密方案

Efficient Attribute-Based Encryption Scheme from Lattices for Cloud Security

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 5

参考文献 21

相关文章 2

编辑推荐

Metrics

本文评价

[1]	俞惠芳, 乔一凡, 孟茹. 面向区块链金融的抗量子属性基门限环签密方案[J]. 信息网络安全, 2023, 23(7): 44-52.
[2]	. 云计算中基于密文策略属性基加密的数据访问控制协议[J]. , 2014, 14(7): 57-.