Multi-Authority Policy-Hidden Attribute-Based Encryption Scheme for Edge Intelligent Controllers

doi:10.3969/j.issn.1671-1122.2026.05.006

Abstract

Abstract:

For the data access control problem of edge intelligent controllers in industrial Internet of things scenarios under edge computing, this paper proposed a multi-authority policy-hidden attribute-based encryption scheme for edge intelligent controllers. This scheme achieved multi-authority key generation through the collaboration of a central authorization authority, a key generation center, and the edge intelligent controllers. It also employed a one-way anonymous key agreement protocol to achieve full policy hiding. To improve encryption efficiency, the scheme integrated online/offline techniques and employed outsourced decryption technology, delegating most of the ciphertext computation tasks to edge servers, thereby reducing the computational overhead for users. In addition, the scheme also featured user tracking functionality, allowing the tracking and revocation of malicious user based on the decryption key. Analysis results show that the proposed scheme exhibits high performance in user key generation and file encryption/decryption, and its security is validated under the q-DBDHE assumption.

Key words: edge intelligent controllers, attribute-based encryption, multi-authority, policy-hidden

CLC Number:

TP309

SHANG Wenli, LI Jihao, DING Lei, CHEN Xiaobin. Multi-Authority Policy-Hidden Attribute-Based Encryption Scheme for Edge Intelligent Controllers[J]. Netinfo Security, 2026, 26(5): 736-746.

Figures/Tables 7

References 24

[1]	SISINNI E, SAIFULLAH A, HAN Song, et al. Industrial Internet of Things: Challenges, Opportunities, and Directions[J]. IEEE Transactions on Industrial Informatics, 2018, 14(11): 4724-4734. doi: 10.1109/TII.2018.2852491 URL
[2]	GUO Rui, WEI Xin, CHEN Li. An Outsourceable and Policy-Hidden Attribute-Based Encryption Scheme in the IIoT System[J]. Netinfo Security, 2023, 23(3): 1-12.
	郭瑞, 魏鑫, 陈丽. 工业物联网环境下可外包的策略隐藏属性基加密方案[J]. 信息网络安全, 2023, 23(3): 1-12.
[3]	YANG Chaowei, HUANG Qunying, LI Zhenlong, et al. Big Data and Cloud Computing: Innovation Opportunities and Challenges[J]. International Journal of Digital Earth, 2017, 10(1): 13-53. doi: 10.1080/17538947.2016.1239771 URL
[4]	CAO Zhong, CHEN Zhuo, SHANG Wenli, et al. Efficient Revocable Anonymous Authentication Mechanism for Edge Intelligent Controllers[J]. IEEE Internet of Things Journal, 2023, 10(12): 10357-10367. doi: 10.1109/JIOT.2023.3237609 URL
[5]	ZHANG Ke, LONG Jiahuan, WANG Xiaofen, et al. Lightweight Searchable Encryption Protocol for Industrial Internet of Things[J]. IEEE Transactions on Industrial Informatics, 2021, 17(6): 4248-4259. doi: 10.1109/TII.2020.3014168 URL
[6]	LI Li, ZHU Jiangwen, YANG Chunyan. Overview of Research on the Revocable Mechanism of Attribute-Based Encryption[J]. Netinfo Security, 2023, 23(4): 39-50.
	李莉, 朱江文, 杨春艳. 基于属性加密的可撤销机制研究综述[J]. 信息网络安全, 2023, 23(4): 39-50.
[7]	BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-Policy Attribute-Based Encryption[C]//IEEE. 2007 IEEE Symposium on Security and Privacy (SP’07). New York: IEEE, 2007: 321-334.
[8]	CHASE M. Multi-Authority Attribute Based Encryption[C]//Springer. The 4th Theory of Cryptography. Heidelberg: Springer, 2007: 515-534.
[9]	LEWKO A, WATERS B. Decentralizing Attribute-Based Encryption[C]//Springer. Annual International Conference on the Theory and Applications of Cryptographic Techniques. Heidelberg: Springer, 2011: 568-588.
[10]	FAN Kai, XU Huiyue, GAO Longxiang, et al. Efficient and Privacy Preserving Access Control Scheme for Fog-Enabled IoT[J]. Future Generation Computer Systems, 2019, 99: 134-142. doi: 10.1016/j.future.2019.04.003
[11]	SARMA R, KUMAR C, BARBHUIYA F A. MACFI: A Multi-Authority Access Control Scheme with Efficient Ciphertext and Secret Key Size for Fog-Enhanced IoT[EB/OL]. (2022-02-03)[2025-04-23]. https://www.sciencedirect.com/science/article/abs/pii/S1383762121002393.
[12]	LI Li, CHEN Jie, ZHU Jiangwen. Multi-Authority Revocable Ciphertext-policy Attribute-Based Encryption Data Sharing Scheme[J]. Computer Science, 2025, 52(9): 388-395.
	李莉, 陈介, 朱江文. 多权威可撤销密文策略属性基加密数据共享方案[J]. 计算机科学, 2025, 52(9): 388-395.
[13]	NISHIDE T, YONEYAMA K, OHTA K. Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures[C]//Springer. Applied Cryptography and Network Security (ACNS 2008). Heidelberg: Springer, 2008: 111-129.
[14]	LAI Junzuo, DENG R H, LI Yingjiu. Expressive CP-ABE with Partially Hidden Access Structures[C]//ACM. The 7th ACM Symposium on Information, Computer and Communications Security. New York: ACM, 2012: 18-19.
[15]	YANG Kan, HAN Qi, LI Hui, et al. An Efficient and Fine-Grained Big Data Access Control Scheme with Privacy-Preserving Policy[J]. IEEE Internet of Things Journal, 2017, 4(2): 563-571. doi: 10.1109/JIOT.2016.2571718 URL
[16]	ZHONG Hong, ZHU Wenlong, XU Yan, et al. Multi-Authority Attribute-Based Encryption Access Control Scheme with Policy Hidden for Cloud Storage[J]. Soft Computing, 2018, 22(1): 243-251. doi: 10.1007/s00500-016-2330-8 URL
[17]	LUO Wei, LYU Ziyi, YANG Laipu, et al. FOC-PH-CP-ABE: An Efficient CP-ABE Scheme with Fully Outsourced Computation and Policy Hidden in the Industrial Internet of Things[J]. IEEE Sensors Journal, 2024, 24(18): 28971-28981. doi: 10.1109/JSEN.2024.3432276 URL
[18]	LIU Zhen, CAO Zhenfu, WONG D S. White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting any Monotone Access Structures[J]. IEEE Transactions on Information Forensics and Security, 2013, 8(1): 76-88. doi: 10.1109/TIFS.2012.2223683 URL
[19]	LIU Zhenhua, DUAN Shuhong, ZHOU Peilin, et al. Traceable-Then-Revocable Ciphertext-Policy Attribute-Based Encryption Scheme[J]. Future Generation Computer Systems, 2019, 93: 903-913. doi: 10.1016/j.future.2017.09.045
[20]	HAN Dezhi, PAN Nannan, LI K C. A Traceable and Revocable Ciphertext-Policy Attribute-Based Encryption Scheme Based on Privacy Protection[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 19(1): 316-327. doi: 10.1109/TDSC.2020.2977646 URL
[21]	XIONG Hu, ZHAO Yanan, PENG Li, et al. Partially Policy-Hidden Attribute-Based Broadcast Encryption with Secure Delegation in Edge Computing[J]. Future Generation Computer Systems, 2019, 97: 453-461. doi: 10.1016/j.future.2019.03.008 URL
[22]	ZHANG Shaobo, WANG Yuechao, LUO Entao, et al. A Traceable and Revocable Decentralized Multi-Authority Privacy Protection Scheme for Social Metaverse[EB/OL]. (2023-07-01)[2025-04-23]. https://www.sciencedirect.com/science/article/abs/pii/S1383762123000784.
[23]	GUO Zhenzhen, WANG Gaoli, LI Yingxin, et al. Attribute-Based Data Sharing Scheme Using Blockchain for 6G-Enabled VANETs[J]. IEEE Transactions on Mobile Computing, 2024, 23(4): 3343-3360. doi: 10.1109/TMC.2023.3273222 URL
[24]	KATE A, ZAVERUCHA G, GOLDBERG I. Pairing-Based Onion Routing[C]//Springer. The 7th International Symposium. Heidelberg: Springer, 2007: 95-112.

方案	多授权	策略隐藏	可追踪	用户撤销	离线/ 在线计算	外包解密
文献[2]方案	×	部分隐藏	√	√	×	√
文献[10] 方案	√	全隐藏	×	√	×	√
文献[12] 方案	√	×	×	√	×	√
文献[20] 方案	×	部分隐藏	√	√	×	×
文献[22] 方案	√	部分隐藏	√	√	×	×
本文方案	√	全隐藏	√	√	√	√

符号	定义
${{E}_{{{G}_{1}}}}/{{E}_{{{G}_{T}}}}$	${{G}_{1}}$/${{G}_{T}}$中的指数运算时间
${{M}_{{{G}_{1}}}}/{{M}_{{{G}_{T}}}}$	${{G}_{1}}$/${{G}_{T}}$间的乘法运算时间
$P$	双线性配对运算时间
$m$	用户属性数量
$l$	访问策略的属性数量
n	用户满足访问策略的属性数量
$r$	撤销列表覆盖集合的长度
$\left\| A \right\|$	属性授权机构数量

方案	密钥生成	加密	解密
文献[2]方案	(m+7)E_G₁+ (m+2)M_G₁	(4l+3r+2)E_G₁+ E_GT+lM_G₁	(2r+1)E_G₁+E_GT+ (3n+3)P+ 7M_G₁+2nM_GT
文献[10]方案	(3m+2)E_G₁+ mE_GT+mP+ (m+1)M_G₁	(5l+1)E_G₁+(l+ 1)E_GT+2lM_G₁+ (\|A\|+1)M_GT	E_GT+M_GT
文献[12]方案	(2m+2)E_G₁+M_G₁	(4l+1)E_G₁+ E_GT+lM_G₁	E_GT+M_GT
文献[20]方案	(m+6)E_G₁+ (m+1)M_G₁	(4l+r+2)E_G₁+ E_GT+lM_G₁+M_GT	2E_G₁+(n+1)E_GT+ (3n+2)P+2M_G₁+ (2n+3)M_GT
文献[22]方案	5mE_G₁+2mM_G₁	(6l+r)E_G₁+2lE_GT+ (2l+1)M_GT	3nE_G₁+nE_GT+ 3nP+3nM_G₁+ (3n+1)M_GT
本文方案	(2m+3)E_G₁	2lE_G₁+lP+M_GT	E_GT+2M_GT