信息网络安全 ›› 2023, Vol. 23 ›› Issue (9): 25-36.doi: 10.3969/j.issn.1671-1122.2023.09.003

• 技术研究 • 上一篇    下一篇

面向云安全的基于格的高效属性基加密方案

刘芹1, 王卓冰1, 余纯武2(), 王张宜1   

  1. 1.武汉大学国家网络安全学院,武汉 430079
    2.武汉大学计算机学院,武汉 430079
  • 收稿日期:2023-06-14 出版日期:2023-09-10 发布日期:2023-09-18
  • 通讯作者: 余纯武 E-mail:yuchunwu@whu.edu.cn
  • 作者简介:刘芹(1978—),女,湖北,副教授,博士,CCF会员,主要研究方向为应用密码学、物联网安全和嵌入式安全|王卓冰(1999—),男,湖北,硕士研究生,主要研究方向为密码学|余纯武(1974—),男,湖北,副教授,博士,主要研究方向为密码学、算法设计与分析|王张宜(1978—),男,河南,讲师,博士,主要研究方向为密码学、算法设计与分析
  • 基金资助:
    国家自然科学基金(62272348)

Efficient Attribute-Based Encryption Scheme from Lattices for Cloud Security

LIU Qin1, WANG Zhuobing1, YU Chunwu2(), WANG Zhangyi1   

  1. 1. School of Cyber Science and Engineering, Wuhan University, Wuhan 430079, China
    2. School of Computer Science, Wuhan University, Wuhan 430079, China
  • Received:2023-06-14 Online:2023-09-10 Published:2023-09-18
  • Contact: YU Chunwu E-mail:yuchunwu@whu.edu.cn

摘要:

随着越来越多的企业使用云计算提供的各种数据服务,云安全变得至关重要,而数据的加密和身份访问管理(IAM)是云安全的重要组成部分。密文策略属性基加密(CP-ABE)是一种特殊的公钥加密方案,可以用来解决密文的访问控制问题,适用于身份和访问管理系统。然而现有的属性基加密方案大多不能抵抗量子攻击,并且只能支持单值属性。为了满足身份访问管理中常用的基于属性的访问控制(ABAC)模型的需求,文章基于环上的错误学习问题构造了一个多权威密文策略属性基加密方案。文章所提方案采用键值对形式的属性,并支持析取范式的访问结构,能够实现细粒度的访问控制。同时,该方案允许多个权威去中心化地管理密钥。另外,该方案依赖于evasive LWE假设在多项式环上的变种,该方案被证明具有静态安全性。文章对方案进行了C++语言的实现验证,并进行了性能测试,实验结果表明,该方案具有较高的性能,适合实际应用。

关键词: 格密码学, evasive LWE, 密文策略属性基加密, 身份和访问管理

Abstract:

As more companies adopt cloud computing services, the importance of cloud security has increased significantly. To ensure secure data storage in the cloud, encryption and Identity and Access Management (IAM) are essential components. One solution for access control of encrypted data is Ciphertext-Policy Attribute-Based Encryption (CP-ABE), which can also be used in IAM systems. However, most of existing ABE schemes are not resistant to quantum adversaries, and only support single-valued attributes. To address the demand for IAMs using Attribute-Based Access Control (ABAC) mechanisms, this paper constructed a multi-authority CP-ABE scheme based on the ring learning with error problem. This scheme presented attributes in key-value pairs and supported access structures of Disjunctive Normal Form (DNF) formulas to achieve fine-grained access control. At the same time, this scheme allowed multiple decentralized authorities to manage and distribute keys. Furthermore, relying on a ring variant of evasive LWE assumption, this scheme was proven static secure. This article implemented the CP-ABE scheme in C++, and conducted performance testing. The experimental result shows that this scheme enjoys high efficiency and is suitable for practical application.

Key words: lattice cryptography, evasive LWE, CP-ABE, identity and access management

中图分类号: