Attribute-based Encryption Scheme without Key Escrow Supporting Attribute Revocation in Cloud Environment

doi:10.3969/j.issn.1671-1122.2020.08.008

Abstract

Abstract:

In order to solve the problem of key escrow and the efficiency of attribute revocation in ABE, this paper proposes an attribute-based encryption revocation scheme that supports decryption outsourcing and no key escrow. In the scheme, if a user’s attribute is revoked, the attribute authority first generates a sibling intractable function based on the latest attribute update key and broadcasts it to users who have not revoked the attribute. Then the users update their own private key by using the sibling intractable function. Finally, the attribute authority updates the ciphertext in the cloud server according to the attribute update key to realize the attribute revocation. In the process of attribute revocation, this scheme reduces the computation and communication of the attribute authority, and uses semi-honest cloud server to perform partial decryption to reduce the computation of the user, and introduces the central authority and the attribute authority to jointly generate the user’s private key to solve the key escrow problem. The security proof and performance analysis show that, the scheme is based on the assumption of q-Parallel BDHE to achieve the chosen plaintext security under the standard model, which has higher computational efficiency than similar schemes.

Key words: attribute revocation, key escrow, decrypt outsourcing, sibling intractable function

CLC Number:

TP309

SONG Shuo, ZHANG Xinglan. Attribute-based Encryption Scheme without Key Escrow Supporting Attribute Revocation in Cloud Environment[J]. Netinfo Security, 2020, 20(8): 62-70.

Figures/Tables 2

References 21

[1]	YU Shucheng, WANG Cong, REN Kui, et al. Attribute-based Data Sharing with Attribute Revocation[EB/OL]. http://www.researchgate.net/publication/221609318_Attribute_based_data_sharing_with_attribute_revocation, 2020-4-19.
[2]	HUR J, NOH D K. Attribute-based Access Control with Efficient Revocation in Data Outsourcing Systems[J]. IEEE Transactions on Parallel and Distributed Systems, 2011,22(7):1214-1221.
[3]	LI Xuejun, ZHANG Dan, LI Hui. Efficient Revocable Attribute-based Encryption Scheme[J]. Journal on Communications, 2019,40(6):32-39.
[4]	IBRAIMI L, PETKOVIC M, NIKOVA S, et al. Mediated Ciphertext- policy Attribute-based Encryption and Its Applications[C]// Springer. The 10th International Workshop on Information Security Applications, WISA 2009, August 25-27, 2009, Busan, Korea. Heidelberg: Springer, 2009: 309-323.
[5]	ZHANG Wenfang, CHEN Zhen, LIU Xudong, et al. CP-ABE Scheme Supporting Fine-grained Attribute Direct Revocation[J]. Journal of Software, 2019,30(9):2760-2771.
	张文芳, 陈桢, 刘旭东, 等. 支持细粒度属性直接撤销的CP-ABE方案[J]. 软件学报, 2019,30(9):2760-2771.
[6]	GAO Jiaxin, SUN Jiameng, QIN Jing. Traceable Outsourcing Attribute-based Encryption with Attribute Revocation[J]. Journal of Computer Research and Development, 2019,56(10):2160-2169.
	高嘉昕, 孙加萌, 秦静. 支持属性撤销的可追踪外包属性加密方案[J]. 计算机研究与发展, 2019,56(10):2160-2169.
[7]	LIANG Xiaohui, CAO Zhenfu, LIN Huang, et al. Provably Secure and Efficient Bounded Ciphertext Policy Attribute Based Encryption[C]// ACM. The 4th International Symposium on ACM Symposium on Information, Computer and Communications Security Computer(4th ASIACCS 2009), March 10-12, 2009, Sydney, Australia. New York: ACM, 2009: 343-352.
[8]	WANG Guangbo, LIU Haitao, WANG Chenlu, et al. Revocable Attribute-based Encryption in Cloud Storage[J]. Journal of Computer Research and Development, 2018,55(6):1190-1200.
	王光波, 刘海涛, 王晨露, 等. 云存储环境下可撤销属性加密[J]. 计算机研究与发展, 2018,55(6):1190-1200.
[9]	SUN Lei, ZHAO Zhiyuan, WANG Jianhua, et al. Attribute-based Encryption Scheme Supporting Attribute Revocation in Cloud Storage Environment[J]. Journal on Communications, 2019,40(5):47-56.
	孙磊, 赵志远, 王建华, 等. 云存储环境下支持属性撤销的属性基加密方案[J]. 通信学报, 2019,40(5):47-56.
[10]	LI Jiguo, YAO Wei, HAN Jinguang, et al. User Collusion Avoidance CP-ABE With Efficient Attribute Revocation for Cloud Storage[J]. IEEE Systems Journal, 2018,12(2):1767-1777.
[11]	QI Fang, LI Yanmei, TANG Zhe. Revocable and Traceable Key-policy Attribute-based Encryption Scheme[J]. Journal on Communications, 2018,39(11):63-69.
[12]	CHASE M, CHOW S S M. Improving Privacy and Security in Multi-Authority Attribute-Based Encryption[C]// ACM. ACM Conference on Computer and Communications Security(CCS 2009), November 9-13, 2009, Chicago, Illinois, USA. New York: ACM, 2009: 121-130.
[13]	ZHANG Xing, WEN Zilong, SHEN Qingni, et al. Accountable Attribute-based Encryption Scheme Without Key Escrow[J]. Journal of Computer Research and Development, 2015,52(10):2293-2303.
	张星, 文子龙, 沈晴霓, 等. 可追责并解决密钥托管问题的属性基加密方案[J]. 计算机研究与发展, 2015,52(10):2293-2303.
[14]	ZHAO Zhiyuan. Research on Ciphertext-policy Attribute-based Encryption Schemes for Cloud Storage[D]. Zhengzhou: Information Engineering University, 2018.
	赵志远. 面向云存储的密文策略属性基加密方案研究[D]. 郑州:信息工程大学, 2018.
[15]	DEHASPE L, RAEDT L. D. Mining Association Rules in Multiple Relations[C]// Springer. International Workshop on Inductive Logic Programming, September 17-20, 1997, Prague, Czech Republic. Heidelberg: Springer, 1997: 125-132.
[16]	JUNBEOM H. Improving Security and Efficiency in Attribute-based Data Sharing[J]. IEEE Transactions on Knowledge and Data Engineering, 2013,25(10):2271-2282.
[17]	CHOW S S M. Removing Escrow from Identity-based Encryption[J]. Lecture Notes in Computer Science Proc, 2009,5443:256-276.
[18]	BELENKIY M, CAMENISCH J, CHASE M, et al. Randomizable Proofs and Delegatable Anonymous Credentials[C]// Springer. Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, August 16-20, 2009, Santa Barbara, CA, USA. Heidelberg: Springer, 2009: 108-125.
[19]	ZHANG Kai, MA Jianfeng, LI Hui, et al. Multi-authority Attribute-based Encryption with Efficient Revocation[J]. Journal on Communications, 2017,38(3):83-91.
	张凯, 马建峰, 李辉, 等. 支持高效撤销的多机构属性加密方案[J]. 通信学报, 2017,38(3):83-91.
[20]	LIAN Huijie, WANG Qingxian, WANG Guangbo. Large Universe Ciphertext-policy Attribute-based Encryption with Attribute Level User Revocation in Cloud Storage[J]. The International Arab Journal of Information Technology, 2020,17(1):107-117.
[21]	MA Haiying, WANG Zhanjun, GUAN Zhijin. Efficient Ciphertext-policy Attribute-based Online/Offline Encryption with User Revocation[J]. Security and Communication Networks, 2019,19:1-11.

方案	密钥长度/bit	密文长度/bit	加密计算量	解密计算量		访问策略	属性即时撤销	无密钥托管
方案	密钥长度/bit	密文长度/bit	加密计算量	云服务器	用户	访问策略	属性即时撤销	无密钥托管
文献[3]	(\|S\|+ 5)\|G\|	(2\|T\|+ 3)\|G\|	(3\|T\|+ 2)E	(2\|D\|+ 1)P	E	LSSS	√	√
文献[5]	(\|S\|+ 2)\|G\|	(2\|T\|+ 2)\|G\|	(2\|T\|+ 2)E	×	(2\|D\|+ 1)P	访问树	√	√
文献[8]	(\|S\|+ 4)\|G\|	(2\|T\|+ 2)\|G\|	(3\|T\|+ 2)E	(6\|D\|+ 4)P	(2\|D\|+ 1)P	LSSS	√	×
文献[9]	(2\|S\|+ 3)\|G\|	(\|T\|+ 2)\|G\|	(2\|T\|+ 2)E	(3\|D\|+ 1)P	E	LSSS	√	×
文献[10]	(3\|S\|+ 1)\|G\|	(2\|T\|+ 2)\|G\|	(3\|T\|+ 2)E	3\|D\|P	P	访问树	√	×
文献[19]	(2\|S\|+ 1)\|G\|	(4\|T\|+ 1)\|G\|	(6\|T\|+ 1)E	3\|D\|P+ 2\|D\|E	E	LSSS	×	√
文献[20]	(2\|S\|+ 3)\|G\|	(3\|T\|+ 3)\|G\|	(7\|T\|+ 5)E	(3\|D\|+ 2)P	P	LSSS	√	×
文献[21]	(2\|S\|+ 2)\|G\|	(5\|T\|+ 2)\|G\|	(5\|T\|+ 6)E	×	(3\|D\|+ 8)P	LSSS	×	×
本文方案	(\|S\|+ 2)\|G\|	(2\|T\|+ 2)\|G\|	(4\|T\|+ 2)E	2\|D\|P	P	LSSS	√	√