计算机科学 ›› 2017, Vol. 44 ›› Issue (5): 160-165.doi: 10.11896/j.issn.1002-137X.2017.05.028

• 信息安全 • 上一篇    下一篇

可公开定责的密文策略属性基加密方案

马潇潇,于刚   

  1. 郑州信息科技职业学院 郑州450046,中国人民解放军信息工程大学数学工程与先进计算国家重点实验室 郑州450001;华东师范大学计算机科学与软件工程学院 上海200062
  • 出版日期:2018-11-13 发布日期:2018-11-13
  • 基金资助:
    本文受国家自然科学基金(61371083),中国博士后科学基金(2016M591629),河南省高等学校重点科研项目(16A420006)资助

Publicly Accountable Ciphertext-policy Attribute-based Encryption Scheme

MA Xiao-xiao and YU Gang   

  • Online:2018-11-13 Published:2018-11-13

摘要: 属性基加密利用属性集和访问结构之间的匹配关系实现用户解密权限的控制,从功能上高效灵活地解决了“一对多”的密数据共享问题,在云计算、物联网、大数据等细粒度访问控制和隐私保护领域有光明的应用前景。然而,在属性基加密系统中(以密文策略属性基加密为例),一个属性集合会同时被多个用户拥有,即一个解密私钥会对应多个用户,因此用户敢于共享其解密私钥以非法获利。此外,半可信的中心存在为未授权用户非法颁发私钥的可能。针对属性基加密系统中存在的两类私钥滥用问题,通过用户和中心分别对私钥进行签名的方式,提出一个密文策略属性基加密方案。该方案支持追踪性和公开定责性,任何第三方可以对泄露私钥的原始持有者的身份进行追踪,审计中心可以利用公开参数验证私钥是用户泄露的还是半可信中心非法颁发的。最后,可以证明方案的安全性基于其依赖的加密方案、签名方案。

关键词: 属性基加密,可追踪性,可公开定责性,不可否认性

Abstract: Ciphertext-policy attribute-based encryption (ABE) enables fine-grained access control of decryption privilege by using the matching relation between the attribute set and the access structure,and is a promising one-to-many encryption primitive which has a bright application prospect in cloud computing,big data etc.However,an attribute set may be owned by many users in ABE, i.e. one decryption key may belong to many users.Thus,malicious users dare to leak their decryption privileges to others for profits.Furthermore,a semi-trust authority may illegally generate decryption keys to unauthorized users.To solve these two kinds of key abuses in ABE,we proposed a publicly accountable ciphertext-policy attribute-based encryption scheme by embedding both signatures of user and authority into the secret key.The proposed scheme can achieve traceability and accountability,in which anybody can trace the identity of a leaked decryption key,and an auditor can verify whether the leaked key is shared by a malicious user or is illegally generated by a semi-trust authority.At last,the security of the proposed scheme can be proved based on the security of its atomic encryption and signature schemes.

Key words: Attribute-based encryption,Traceability,Public accountability,Nonrepudiation

[1] SAHAI A,WATERS B.Fuzzy identity based encryption [C]∥Advances in Cryptology-EUROCRYPT 2005,LNCS 3494.Springer-Verlag,2005:457-473.
[2] GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based encryption for fine-grained access control of encrypted data [C]∥Proceedings of the 13th ACM Conference on Computer and Communications Security.ACM,2006:89-98.
[3] OSTROVSKY R,SAHAI A,WATERS B.Attribute-based en-cryption with non-monotonic access structures[C]∥Procee-dings of ACM Conference on Computer and Communication Security-CCS 2007.ACM Press,2007:195-203.
[4] LEWKO A,OKAMOTO T,SAHAI A,et al.Fully secure functional encryption:attribute-based encryption and (hierarchical) inner product encryption [C]∥Advances in Cryptology-EUROCRYPT 2010,LNCS 6110.Springer-Verlag,2010:62-91.
[5] OKAMOTO T,TAKASHIMA K.Fully secure functional encryption with general relations from the decisional linear assumption[C]∥Advances in Cryptology-CRYPTO 2010.Sprin-ger-Verlag,2010:191-208.
[6] HERRANZ J,LAGUILLAUMIE F,RAFOLS C.Constant-size ciphertext in threshold attribute-based encryption [C]∥Proceedings of Public Key Cryptology-PKC 2010,LNCS 6056.Springer-Verlag,2010:19-34.
[7] WATERS B.Ciphertext-policy attribute-based encryption:Anexpressive,efficient,and provably secure realization [C]∥Public Key Cryptography- PKC 2011.Springer Berlin Heidelberg,2011:53-70.
[8] YAMADA S,ATTRAPADUNG N,H ANAOKA G,et al.Generic constructions for chosen ciphertext secure attribute based encryption [C]∥Proceedings of Public Key Cryptology- PKC 2011,LNCS 6571.Springer-Verlag,2011:71-89.
[9] LEWKO A,WATERS B.New proof methods for attribute-based encryption:achieving full security through selective techniques [C]∥Advances in Cryptology-CRYPTO 2012,LNCS 7417.Springer-Verlag,2012:180-198.
[10] HOHENBERGER S,WATERS B.Attribute based encryption:with fast decryption [C]∥Proceedings of Public Key Cryptology-PKC 2013.Springer-Verlag,2013:162-179.
[11] ROUSELAKIS Y,WATERS B.Practical constructions and new proof methods for large universe attribute-based encryption [C]∥Proceedings of the 2013 ACM SIGSAC Conference on Computer &Communications Security.ACM,2013:463-474.
[12] NARUSE T,MOHRI M,SHIRAISHI Y.Attribute-based en-cryption with attribute revocation and grant function using proxy re-encryption and attribute key for updating[M]∥Future Information Technology.2014:119-125.
[13] QIAN H,LI J,ZHANG Y,et al.Privacy Preserving PersonalHealth Record Using Multi-Authority Attribute-Based Encryption with Revocation[J].International Journal of Information Security,2015,14(6):487-497.
[14] ZHANG K,GONG J,TANG S,et al.Practical and Efficient Attribute-Based Encryption with Constant-Size Ciphertexts in Outsourced Verifiable Computation[C]∥Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security.ACM,2016:269-279.
[15] SHI Y,ZHENG Q,LIU J,et al.Directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation[J].Information Sciences,2015,295:221-231.
[16] HINEK M J,JIANG S,SAFAVI-NAINI R,et al.Attribute-based encryption with key cloning protection [J].Bulltein of the Korean Mathematical Society,2008,2008(4):803-819.
[17] YU S,REN K,LOU W,et al.Defending against key abuse attacks in KP-ABE enabled broadcast systems [C]∥Security and Privacy in Communication Networks.Springer Berlin Heidelberg,2009:311-329.
[18] LI J,REN K,KIM K.A2BE:Accountable attribute-based en-cryption for abuse free access control[EB/OL].[2009-03-11].http://eprint.iacr.org/2009/118.
[19] KATZ J,SCHRODER D.Tracing insider attacks in the context of predicate encryption schemes[EB/ OL].https:// www.usukita.org/node/1779.
[20] LIU Z,CAO Z,WONG D S.White-box traceable ciphertext-po-licy attribute-based encryption supporting any monotone access structures[J].IEEE Transactions on Information Forensics and Security,2013,8(1):76-88.
[21] NING J,DONG X,CAO Z,et al.White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Flexible Attributes[J].IEEE Transactions on Information Forensics and Security,2015,10(6):1274-1288.
[22] ZHANG X,JIN C,WEN Z,et al.Attribute-Based Encryptionwithout Key Escrow[C]∥Cloud Computing and Security 2015,LNCS 9483.Springer-Verlag,2015:74-87.
[23] BONEH D,LYNN B,SHACHAM H.Short signatures from the Weil pairing [C]∥Advances in Cryptology—ASIACRYPT 2001.Springer Berlin Heidelberg,2001:514-532.
[24] POINTCHEVAL D,STERN J.Security arguments for digital signatures and blind signature[J].Journal of Cryptology,2000,13(3):361-396.

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!