计算机科学

计算机科学 ›› 2020, Vol. 47 ›› Issue (4): 292-297.doi: 10.11896/jsjkx.190300144

• 信息安全 • 上一篇    下一篇

用户和属性授权机构可追责的在线/离线属性基加密方案

石宇清, 凌捷   

  1. 广东工业大学计算机学院 广州510006
  • 收稿日期:2019-03-27 出版日期:2020-04-15 发布日期:2020-04-15
  • 通讯作者: 凌捷(jling@gdut.edu.cn)
  • 基金资助:
    广东省重点领域研发计划项目(2019B010139002);广州市科技计划项目(201902020006,201902020007,201902010034)

Online/Offline Attribute-based Encryption with User and Attribute Authority Accountability

SHI Yu-qing, LING Jie   

  1. Faculty of Computers,Guangdong University of Technology,Guangzhou 510006,China
  • Received:2019-03-27 Online:2020-04-15 Published:2020-04-15
  • Contact: LING Jie,born in 1964,Ph.D,professor,is a member of China Computer Federation.His main research interests include cryptography,information security and intelligent video processing.
  • About author:SHI Yu-qing,born in 1994,postgra-duate,is a member of China Computer Federation.His main research interests include cryptography and information security.
  • Supported by:
    This work was supported by the Key Area Research and Development Program of Guangdong Province(2019B010139002) and Science and Technology Plan Project of Guangzhou(201902020006,201902020007,201902010034)

PDF (PC)

554

摘要: 属性基加密作为一种一对多的加密机制,能够为云存储提供良好的安全性和细粒度访问控制。但在密文策略属性基加密中,一个解密私钥可能会对应多个用户,因此用户可能会非法共享其私钥以获取不当利益,半可信的属性授权机构亦可能会给非法用户颁发解密私钥。此外,加密消息所产生的指数运算随着访问策略复杂性的增加而增长,其产生的计算开销给通过移动设备进行加密的用户造成了重大挑战。对此,文中提出了一种支持大属性域的用户和属性授权机构可追责的在线/离线密文策略属性基加密方案。该方案是基于素数阶双线性群构造的,通过将用户的身份信息嵌入该用户的私钥中实现可追责性,利用在线/离线加密技术将大部分的加密开销转移至离线阶段。最后,给出了方案在标准模型下的选择性安全和可追责证明。分析表明,该方案的加密开销主要在离线阶段,用于追责的存储开销也极低,其适用于使用资源受限的移动设备进行加密的用户群体。

关键词: 标准模型, 大属性域, 可追责, 在线/离线, 属性基加密

Abstract: As a one-to-many encryption mechanism,attribute-based encryption can provide good plaintext security and fine-grained access control for cloud storage.However,in ciphertext-policy attribute-based encryption,one decryption private key may correspond to multiple users,so users may illegally share their private keys for improper benefits,and semi-trusted attribute authority may issue decryption private keys to illegal users.In addition,the exponential computation generated by encrypting messages grows as the complexity of access policies increases,and the computational overhead generated poses a significant challenge to users who encrypt via mobile devices.Aiming at the above problems,this paper proposed an online/offline ciphertext-policy attribute-based encryption scheme with user and attribute authority accountability that supports large universe of attributes,the scheme is constructed based on prime order bilinear groups.By embedding the user’s identity information into the user’s private key to achieve accountability,and uses the online/offline encryption technology to move most of the encryption overhead to the offline phase.Lastly,the selective security and accountable proof of the scheme in the standard model was given.The analysis shows that the encryption overhead of the scheme is mainly in the offline phase,and the storage cost for tracking is also extremely low,which is suitable for users who use resource-limited mobile devices for encryption.

Key words: Accountable, Attribute-based encryption, Large universe, Online/offline, Standard model

中图分类号: 

  • TP309
[1]SAHAI A,WATERS B.Fuzzy identity-based encryption[M]//Advances in Cryptology-EUROCRYPT2005.Springer-Verlag,2005:457-473.
[2]GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security.New York:ACM,2006:89-98.
[3]OSTROVSKY R,SAHAI A,WATERS B.Attribute-based encryption with non-monotonic access structures[C]//Procee-dings of the 14th ACM Conference on Computer and Communications Security.New York:ACM,2007:195-203.
[4]GOYAL V,JAIN A,PANDEY O,et al.Bounded CiphertextPolicy Attribute Based Encryption [M]//Proceedings of the 35th International Colloquium on Automata,Languages and Programming.Springer-Verlag,2008:579-591.
[5]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-policy attribute-based encryption[C]//Proceedings of the 2007 IEEE Symposium on Security and Privacy.IEEE,2007:321-334.
[6]WATERS B.Ciphertext-policy attribute-based encryption:anexpressive,efficient,and provably secure realization[M]//Proceedings of PublicKey Cryptography-PKC 2011.Springer-Verlag,2011:53-70.
[7]LEWKO A,OKAMOTO T,SAHAI A,et al.Fully secure functional encryption:attribute-based encryption and (hierarchical) inner product encryption[M]//Advances in Cryptology-EUROCRYPT 2010.Springer-Verlag,2010:62-91.
[8]OKAMOTO T,TAKASHIMA K.Fully Secure Functional Encryption with General Relations from the Decisional Linear Assumption[M]//Advances in Cryptology-CRYPTO 2010.Sprin-ger-Verlag,2010:191-208.
[9]LEWKO A,WATERS B.New proof methods for attributebased encryption:Achieving full security through selective techniques[M]//Advances in Cryptology-CRYPTO 2012.Springer-Verlag,2012:180-198.
[10]HERRANZ J,LAGUILLAUMIE F,RAFOLS C.Constant Size Ciphertexts in Threshold Attribute-Based Encryption[M]//Proceedings of PublicKey Cryptography-PKC 2010.Springer-Verlag,2010:19-34.
[11]GREEN M,HOHENBERGER S,WATERS B.Outsourcing the Decryption of ABE Ciphertexts[C]//Proceedings of the 20th USENIX Conference on Security.USENIX Association,2011:523-538.
[12]HOHENBERGER S,WATERS B.Online/Offline AttributeBased Encryption[M]//PublicKey Cryptography-PKC 2014.Springer-Verlag,2014:293-310.
[13]LEWKO A,WATERS B.Unbounded HIBE and AttributeBased Encryption[M]//Advances in Cryptology-EUROCRYP-T2005.Springer-verlag,2011:547-567.
[14]ROUSELAKIS Y,WATERS B.Practical constructions and new proof methods for large universe attribute-based encryption[C]//Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security.New York:ACM,2013:463-474.
[15]HINEK M J,JIANG S,SAFAVI-NAINI R,et al.Attributebased encryption with key cloning protection[EB/OL].(2008-11-12) [2019-03-13].https://eprint.iacr.org/2008/478.
[16]LI J,REN K,KIM K.A2BE:Accountable attribute-based encryption for abuse free access control[EB/OL].(2009-04-14) [2019-03-13].https://eprint.iacr.org/2009/118.
[17]LIU Z,CAO Z,WONG D S.White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Any Monotone Access Structures[J].IEEE Transactions on Information Forensics and Security,2013,8(1):76-88.
[18]NING J,DONG X,CAO Z,et al.White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Flexible Attributes[J].IEEE Transactions on Information Forensics and Security,2015,10(6):1274-1288.
[19]ZHANG X,JIN C,LI C,et al.Ciphertext-Policy Attribute-Based Encryption with User and Authority Accountability[C]//International Conference on Security and Privacy in Communication Networks.Springer,2015:500-518.
[20]NING J,DONG X,CAO Z,et al.Accountable Authority Ciphertext-Policy Attribute-Based Encryption with White-Box Traceability and Public Auditing in the Cloud[M]//EuropeanSympo-siumon Research in Computer Security-ESORICS 2015.Sprin-ger,2015:270-289.
[21]MA X,YU G.Publicly Accountable Ciphertext-policy Attribute-based Encryption Scheme[J].Computer Science,2017,44(5):160-165.
[22]ZHANG K,MA J,ZHANG J,et al.Online/Offline Traceable Attribute-Based Encryption [J].Computer Research andDeve-lopment,2018,55(1):216-224.
[23]BEIMEL A.Secure schemes for secret sharing and key distribution[D].Haifa,Israel:Technion-Israel Institute of Technology,1996.
[24]BONEH D,FRANKLIN M.Identity-Based Encryption from the Weil Pairing[M]//Advances in Cryptology-CRYPTO 2001.Springer-Verlag,2001:213-229.
[25]BONEH D,BOYEN X.Short Signatures Without Random Oracles[M]//Advances in Cryptology-EUROCRYPT 2004.Sprin-ger-Verlag,2004:56-73.
[26]GOYAL V.Reducing trust in the PKG in identity based cryptosystems[M]//Advances in Cryptology-CRYPTO 2007.Sprin-ger-Verlag,2007:430-447.
[27]GOYAL V,LU S,SAHAI A,et al.Black Box Accountable Authority Identity-Based Encryption[C]//Proceedings of the 2008 ACM Conference on Computer and Communications Security.New York:ACM,2008:427-436.
[1] 马潇潇, 黄艳.
大属性可公开追踪的密文策略属性基加密方案
Publicly Traceable Accountable Ciphertext Policy Attribute Based Encryption Scheme Supporting Large Universe
计算机科学, 2020, 47(6A): 420-423. https://doi.org/10.11896/JsJkx.190700131
[2] 江泽涛,黄锦,胡硕,徐智.
云计算下可撤销的全外包CP-ABE方案
Fully-outsourcing CP-ABE Scheme with Revocation in Cloud Computing
计算机科学, 2019, 46(7): 114-119. https://doi.org/10.11896/j.issn.1002-137X.2019.07.018
[3] 翁岸祥,凌捷.
改进的隐藏访问结构的CP-ABE方案
Improved Scheme of CP-ABE with Hidden Access Structure
计算机科学, 2017, 44(Z11): 377-380. https://doi.org/10.11896/j.issn.1002-137X.2017.11A.079
[4] 马潇潇,于刚.
可公开定责的密文策略属性基加密方案
Publicly Accountable Ciphertext-policy Attribute-based Encryption Scheme
计算机科学, 2017, 44(5): 160-165. https://doi.org/10.11896/j.issn.1002-137X.2017.05.028
[5] 丁晓红,秦敬源,王新.
一种属性基加密方案的外包解密方法
Attribute-based Encryption Scheme with Outsourcing Decryption Method
计算机科学, 2016, 43(Z6): 357-360. https://doi.org/10.11896/j.issn.1002-137X.2016.6A.085
[6] 周鹏旭,李成海.
一种高效多授权中心云访问控制方案
High Efficiency Multi-authority Cloud Access Control Scheme
计算机科学, 2016, 43(9): 180-183. https://doi.org/10.11896/j.issn.1002-137X.2016.09.035
[7] 印凯泽,汪海航.
基于CP-ABE的多云存储系统中访问控制模型的研究
Research on Access Control Model in Multi-clouds Storage System Based on CP-ABE
计算机科学, 2016, 43(9): 165-168. https://doi.org/10.11896/j.issn.1002-137X.2016.09.032
[8] 汪海萍,赵晶晶.
隐藏访问结构的密文策略的属性基加密方案
Ciphertext-policy Attribute-based Encryption with Anonymous Access Structure
计算机科学, 2016, 43(2): 175-178. https://doi.org/10.11896/j.issn.1002-137X.2016.02.038
[9] 姜頔,韩益亮.
适用于移动网络的属性基在线/离线签密方案
Attribute-based Online/Offline Signcryption for Mobile Network
计算机科学, 2016, 43(11): 221-225. https://doi.org/10.11896/j.issn.1002-137X.2016.11.043
[10] 任燕.
标准模型下可审计的基于属性的签名方案
Attribute-based Signatures with Auditabiling in Standard Model
计算机科学, 2015, 42(2): 142-146. https://doi.org/10.11896/j.issn.1002-137X.2015.02.031
[11] 方黎明,黄志球,王建东.
标准模型下增强的无需安全信道的带关键词搜索的公钥加密
Secure Channel Free Searchable Encryption in Standard Model
计算机科学, 2015, 42(11): 197-202. https://doi.org/10.11896/j.issn.1002-137X.2015.11.041
[12] 王永涛,封维端,刘孝男,宋璟,郭振洲.
一个消息策略基于属性的密钥协商协议
Message Policy Attribute Based Key Agreement Protocol
计算机科学, 2013, 40(9): 106-110.
[13] 明洋,李瑞.
标准模型下高效的基于身份可净化签名方案
Efficient Identity-based Sanitizable Signature Scheme in Standard Model
计算机科学, 2013, 40(5): 158-163.
[14] 于刚,韩文报.
高效的基于身份在线/离线签密方案
Efficient Identity Based Online/Offline Signcryption Scheme
计算机科学, 2012, 39(8): 42-46.
[15] 冀会芳,韩文报,刘连东.
新的标准模型下基于身份的代理签名方案
New Identity-based Proxy Signature in the Standard Model
计算机科学, 2011, 38(8): 88-91.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发