计算机科学 ›› 2020, Vol. 47 ›› Issue (4): 292-297.doi: 10.11896/jsjkx.190300144
石宇清, 凌捷
SHI Yu-qing, LING Jie
摘要: 属性基加密作为一种一对多的加密机制,能够为云存储提供良好的安全性和细粒度访问控制。但在密文策略属性基加密中,一个解密私钥可能会对应多个用户,因此用户可能会非法共享其私钥以获取不当利益,半可信的属性授权机构亦可能会给非法用户颁发解密私钥。此外,加密消息所产生的指数运算随着访问策略复杂性的增加而增长,其产生的计算开销给通过移动设备进行加密的用户造成了重大挑战。对此,文中提出了一种支持大属性域的用户和属性授权机构可追责的在线/离线密文策略属性基加密方案。该方案是基于素数阶双线性群构造的,通过将用户的身份信息嵌入该用户的私钥中实现可追责性,利用在线/离线加密技术将大部分的加密开销转移至离线阶段。最后,给出了方案在标准模型下的选择性安全和可追责证明。分析表明,该方案的加密开销主要在离线阶段,用于追责的存储开销也极低,其适用于使用资源受限的移动设备进行加密的用户群体。
中图分类号:
[1]SAHAI A,WATERS B.Fuzzy identity-based encryption[M]//Advances in Cryptology-EUROCRYPT2005.Springer-Verlag,2005:457-473. [2]GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security.New York:ACM,2006:89-98. [3]OSTROVSKY R,SAHAI A,WATERS B.Attribute-based encryption with non-monotonic access structures[C]//Procee-dings of the 14th ACM Conference on Computer and Communications Security.New York:ACM,2007:195-203. [4]GOYAL V,JAIN A,PANDEY O,et al.Bounded CiphertextPolicy Attribute Based Encryption [M]//Proceedings of the 35th International Colloquium on Automata,Languages and Programming.Springer-Verlag,2008:579-591. [5]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-policy attribute-based encryption[C]//Proceedings of the 2007 IEEE Symposium on Security and Privacy.IEEE,2007:321-334. [6]WATERS B.Ciphertext-policy attribute-based encryption:anexpressive,efficient,and provably secure realization[M]//Proceedings of PublicKey Cryptography-PKC 2011.Springer-Verlag,2011:53-70. [7]LEWKO A,OKAMOTO T,SAHAI A,et al.Fully secure functional encryption:attribute-based encryption and (hierarchical) inner product encryption[M]//Advances in Cryptology-EUROCRYPT 2010.Springer-Verlag,2010:62-91. [8]OKAMOTO T,TAKASHIMA K.Fully Secure Functional Encryption with General Relations from the Decisional Linear Assumption[M]//Advances in Cryptology-CRYPTO 2010.Sprin-ger-Verlag,2010:191-208. [9]LEWKO A,WATERS B.New proof methods for attributebased encryption:Achieving full security through selective techniques[M]//Advances in Cryptology-CRYPTO 2012.Springer-Verlag,2012:180-198. [10]HERRANZ J,LAGUILLAUMIE F,RAFOLS C.Constant Size Ciphertexts in Threshold Attribute-Based Encryption[M]//Proceedings of PublicKey Cryptography-PKC 2010.Springer-Verlag,2010:19-34. [11]GREEN M,HOHENBERGER S,WATERS B.Outsourcing the Decryption of ABE Ciphertexts[C]//Proceedings of the 20th USENIX Conference on Security.USENIX Association,2011:523-538. [12]HOHENBERGER S,WATERS B.Online/Offline AttributeBased Encryption[M]//PublicKey Cryptography-PKC 2014.Springer-Verlag,2014:293-310. [13]LEWKO A,WATERS B.Unbounded HIBE and AttributeBased Encryption[M]//Advances in Cryptology-EUROCRYP-T2005.Springer-verlag,2011:547-567. [14]ROUSELAKIS Y,WATERS B.Practical constructions and new proof methods for large universe attribute-based encryption[C]//Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security.New York:ACM,2013:463-474. [15]HINEK M J,JIANG S,SAFAVI-NAINI R,et al.Attributebased encryption with key cloning protection[EB/OL].(2008-11-12) [2019-03-13].https://eprint.iacr.org/2008/478. [16]LI J,REN K,KIM K.A2BE:Accountable attribute-based encryption for abuse free access control[EB/OL].(2009-04-14) [2019-03-13].https://eprint.iacr.org/2009/118. [17]LIU Z,CAO Z,WONG D S.White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Any Monotone Access Structures[J].IEEE Transactions on Information Forensics and Security,2013,8(1):76-88. [18]NING J,DONG X,CAO Z,et al.White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Flexible Attributes[J].IEEE Transactions on Information Forensics and Security,2015,10(6):1274-1288. [19]ZHANG X,JIN C,LI C,et al.Ciphertext-Policy Attribute-Based Encryption with User and Authority Accountability[C]//International Conference on Security and Privacy in Communication Networks.Springer,2015:500-518. [20]NING J,DONG X,CAO Z,et al.Accountable Authority Ciphertext-Policy Attribute-Based Encryption with White-Box Traceability and Public Auditing in the Cloud[M]//EuropeanSympo-siumon Research in Computer Security-ESORICS 2015.Sprin-ger,2015:270-289. [21]MA X,YU G.Publicly Accountable Ciphertext-policy Attribute-based Encryption Scheme[J].Computer Science,2017,44(5):160-165. [22]ZHANG K,MA J,ZHANG J,et al.Online/Offline Traceable Attribute-Based Encryption [J].Computer Research andDeve-lopment,2018,55(1):216-224. [23]BEIMEL A.Secure schemes for secret sharing and key distribution[D].Haifa,Israel:Technion-Israel Institute of Technology,1996. [24]BONEH D,FRANKLIN M.Identity-Based Encryption from the Weil Pairing[M]//Advances in Cryptology-CRYPTO 2001.Springer-Verlag,2001:213-229. [25]BONEH D,BOYEN X.Short Signatures Without Random Oracles[M]//Advances in Cryptology-EUROCRYPT 2004.Sprin-ger-Verlag,2004:56-73. [26]GOYAL V.Reducing trust in the PKG in identity based cryptosystems[M]//Advances in Cryptology-CRYPTO 2007.Sprin-ger-Verlag,2007:430-447. [27]GOYAL V,LU S,SAHAI A,et al.Black Box Accountable Authority Identity-Based Encryption[C]//Proceedings of the 2008 ACM Conference on Computer and Communications Security.New York:ACM,2008:427-436. |
[1] | 马潇潇, 黄艳. 大属性可公开追踪的密文策略属性基加密方案 Publicly Traceable Accountable Ciphertext Policy Attribute Based Encryption Scheme Supporting Large Universe 计算机科学, 2020, 47(6A): 420-423. https://doi.org/10.11896/JsJkx.190700131 |
[2] | 江泽涛,黄锦,胡硕,徐智. 云计算下可撤销的全外包CP-ABE方案 Fully-outsourcing CP-ABE Scheme with Revocation in Cloud Computing 计算机科学, 2019, 46(7): 114-119. https://doi.org/10.11896/j.issn.1002-137X.2019.07.018 |
[3] | 翁岸祥,凌捷. 改进的隐藏访问结构的CP-ABE方案 Improved Scheme of CP-ABE with Hidden Access Structure 计算机科学, 2017, 44(Z11): 377-380. https://doi.org/10.11896/j.issn.1002-137X.2017.11A.079 |
[4] | 马潇潇,于刚. 可公开定责的密文策略属性基加密方案 Publicly Accountable Ciphertext-policy Attribute-based Encryption Scheme 计算机科学, 2017, 44(5): 160-165. https://doi.org/10.11896/j.issn.1002-137X.2017.05.028 |
[5] | 丁晓红,秦敬源,王新. 一种属性基加密方案的外包解密方法 Attribute-based Encryption Scheme with Outsourcing Decryption Method 计算机科学, 2016, 43(Z6): 357-360. https://doi.org/10.11896/j.issn.1002-137X.2016.6A.085 |
[6] | 周鹏旭,李成海. 一种高效多授权中心云访问控制方案 High Efficiency Multi-authority Cloud Access Control Scheme 计算机科学, 2016, 43(9): 180-183. https://doi.org/10.11896/j.issn.1002-137X.2016.09.035 |
[7] | 印凯泽,汪海航. 基于CP-ABE的多云存储系统中访问控制模型的研究 Research on Access Control Model in Multi-clouds Storage System Based on CP-ABE 计算机科学, 2016, 43(9): 165-168. https://doi.org/10.11896/j.issn.1002-137X.2016.09.032 |
[8] | 汪海萍,赵晶晶. 隐藏访问结构的密文策略的属性基加密方案 Ciphertext-policy Attribute-based Encryption with Anonymous Access Structure 计算机科学, 2016, 43(2): 175-178. https://doi.org/10.11896/j.issn.1002-137X.2016.02.038 |
[9] | 姜頔,韩益亮. 适用于移动网络的属性基在线/离线签密方案 Attribute-based Online/Offline Signcryption for Mobile Network 计算机科学, 2016, 43(11): 221-225. https://doi.org/10.11896/j.issn.1002-137X.2016.11.043 |
[10] | 任燕. 标准模型下可审计的基于属性的签名方案 Attribute-based Signatures with Auditabiling in Standard Model 计算机科学, 2015, 42(2): 142-146. https://doi.org/10.11896/j.issn.1002-137X.2015.02.031 |
[11] | 方黎明,黄志球,王建东. 标准模型下增强的无需安全信道的带关键词搜索的公钥加密 Secure Channel Free Searchable Encryption in Standard Model 计算机科学, 2015, 42(11): 197-202. https://doi.org/10.11896/j.issn.1002-137X.2015.11.041 |
[12] | 王永涛,封维端,刘孝男,宋璟,郭振洲. 一个消息策略基于属性的密钥协商协议 Message Policy Attribute Based Key Agreement Protocol 计算机科学, 2013, 40(9): 106-110. |
[13] | 明洋,李瑞. 标准模型下高效的基于身份可净化签名方案 Efficient Identity-based Sanitizable Signature Scheme in Standard Model 计算机科学, 2013, 40(5): 158-163. |
[14] | 于刚,韩文报. 高效的基于身份在线/离线签密方案 Efficient Identity Based Online/Offline Signcryption Scheme 计算机科学, 2012, 39(8): 42-46. |
[15] | 冀会芳,韩文报,刘连东. 新的标准模型下基于身份的代理签名方案 New Identity-based Proxy Signature in the Standard Model 计算机科学, 2011, 38(8): 88-91. |
|