计算机科学

计算机科学 ›› 2025, Vol. 52 ›› Issue (10): 412-422.doi: 10.11896/jsjkx.240600137

• 信息安全 • 上一篇    下一篇

格上具有多功能的属性基加密

郭丽峰, 杨杰莹, 马添军, 张夏蕾   

  1. 山西大学计算机与信息技术学院 太原 030006
  • 收稿日期:2024-06-24 修回日期:2024-08-03 出版日期:2025-10-15 发布日期:2025-10-14
  • 通讯作者: 郭丽峰(lfguo@sxu.edu.cn)
  • 基金资助:
    山西省自然科学基金(202203021221012)

Multi-functional Attribute Based Encryption from Lattices

GUO Lifeng, YANG Jieying, MA Tianjun, ZHANG Xialei   

  1. College of Computer and Information Technology,Shanxi University,Taiyuan 030006,China
  • Received:2024-06-24 Revised:2024-08-03 Online:2025-10-15 Published:2025-10-14
  • About author:GUO Lifeng,born in 1975,Ph.D,professor,postgraduate supervisor,is a member of CCF(No.Q22710M).Her main research interests include privacy protection technologies for digital encryption,signature and blockchain.
  • Supported by:
    Natural Science Foundation of Shanxi Province(202203021221012).

PDF (PC)

1

摘要: 格上属性基加密具有抗量子攻击的特性,并且将访问控制策略嵌入密文或者密钥,可实现属性的细粒度访问控制。但是由于属性基加密固有的弱点,相同属性的用户可能会泄露密钥。为避免密钥泄露,属性基加密方案需实现追踪并撤销特定用户解密权限的功能。然而,非法用户仍可能通过收集大量密文数据,试图恢复过去会话的密钥。为有效抵御这种攻击,方案必须实现前向安全。针对当前格密码领域的需求与挑战,提出基于判定性误差学习问题(Decisional Learning with Error,DLWE)可证明安全的格上具有多功能的属性基加密(Multi-functional Attribute based Encryption from Lattices)方案。使用完全二叉树追踪解密密钥中与用户相关的身份矩阵(即完全二叉树叶子节点的值),以便追踪恶意用户;引入用户撤销机制,允许属性权威在不重新为用户生成密钥的情况下,及时且有效地撤销用户的权限;采用标签穿刺的方法,确保即使当前密钥泄漏,过去密文仍然保持安全,实现前向安全。此外,由于格上采样算法的不确定性,目前格上的属性基加密实验难以实现,因此通过理论分析验证所提方案的安全性和正确性。该方案不仅优化了空间存储效率,还弥补了格密码中属性基加密方案功能单一导致的不足。

关键词: 格密码, 属性基加密, 可追踪, 前向安全, 用户撤销

Abstract: Attribute based encryption from lattices has the property of resisting quantum attacks,and achieves fine-grained access control of attributes by cleverly embedding access control policies into ciphertext or keys.However,due to the inherent weaknesses of attribute based encryption,users with the same attribute may leak the key.To avoid key leakage,attribute based encryption schemes need to implement the function of tracking and revoking specific user decryption permissions.However,illegal users may still attempt to recover the keys of past sessions by collecting large amounts of encrypted data.To effectively resist such attacks,the scheme must implement forward security.In response to the current demands and challenges in the field of lattices cryptography,this paper proposes a multi-functional attribute based encryption scheme based on the Decisional Learning with Errors(DLWE) problem from lattices that can prove security.The scheme uses a complete binary tree to track the identity matrices related to the users in the decryption key(such as the values of the leaf nodes of the complete binary tree) in order to track malicious users.Introducing a user revocation mechanism that allows attribute authority to revoke user permissions in a timely and effective manner without generating new keys for the users.Using tag puncturing method to ensure that even if the current key is leaked,the past ciphertext remains secure and achieves forward security.In addition,due to the uncertainty of the upsampling algorithm from lattice,it is currently difficult to achieve experiments on attribute based encryption from lattice.Therefore,the security and correctness of the scheme are verified through theoretical analysis.The scheme not only optimizes space storage efficiency,but also compensates for the shortcomings caused by the lack of functions of attribute based encryption schemes on lattice cryptography.

Key words: Lattice,Attribute based encryption,Traceable,Forward security,User revocation

中图分类号: 

  • TP309
[1]REGEV O.On Lattices,Learning with Errors,Random Linear Codes,and Cryptography[J].Journal of the ACM,2009,56(6):1-40.
[2]BOYEN X.Attribute-based Functional Encryption on Lattices[C]//Theory of cryptography conference.Berlin:Springer,2013:122-142.
[3]KUCHTA V,MARKOWITCH O.Multi-authority Distributed Attribute-based Encryption with Application to Searchable Encryption on Lattices[C]//Paradigms in Cryptology-Mycrypt 2016.Springer,2017:409-435.
[4]SINGAMANENI K K,BUDATI A K,BIKKU T.An Efficient Q-KPABE Framework to Enhance Cloud-Based IoT Security and Privacy[J/OL].Wireless Personal Communications.(2024).https://doi.org/10.1007/s11277-024-10908-8.
[5]SUN L,ZHAO Z,WANG J,et al.Attribute-based Encryption Scheme Supporting Attribute Revocation in Cloud Storage Environment[J].Journal on Communication/Tongxin Xuebao,2019,40(5):47-56.
[6]HAN D Z,PAN N N,KUAN C L.A Traceable and RevocableCiphertext-Policy Attribute-based Encryption Scheme Based on Privacy Protection[J].IEEE Transactions on Dependable and Secure Computing,2020,19(1):316-327.
[7]WANG S,ZHANG X,ZHANG Y.Efficient Revocable andGrantable Attribute-based Encryption from Lattices with Fine-Grained Access Control[J].IET Information Security,2018,12(2):141-149.
[8]CHEN J,LIM H W,LING S,et al.Revocable Identity-based Encryption from Lattices[C]//Information Security and Privacy:17th Australasian Conference.Springer,2012:390-403.
[9]WANG Y.Lattice Ciphertext Policy Attribute-based Encryption in the Standard Model[J].Interational Journal of Network Security,2014,16(6):444-451.
[10]YANG K,WU G,DONG C,et al.Attribute Based Encryption with Efficient Revocation from Lattices[J].Interational Journal of Network Security,2020,22(1):161-170.
[11]ZHAO S,JIANG R,BHARGAVA B.RL-ABE:A Revocable Lattice Attribute-based Encryption Scheme based on R-LWE Problem in Cloud Storage[J].IEEE Transactions on Services Computing,2020,15(2):1026-1035.
[12]LUO F,AL-KUWARI S,WANG H,et al.Revocable Attribute-based Encryption from Standard Lattices[J].Computer Stan-dards & Interfaces,2023,84:103698.
[13]HUANG B,GAO J,LI X.Efficient Lattice-based revocable attribute-based Encryption Against Decryption Key Exposure for Cloud File Sharing[J].Journal of Cloud Computing,2023,12(1):37.
[14]GUO L,WANG L,MA X,et al.New Traceable and Revocable Attribute Based Encryption on Lattices[C]//2023 International Conference on Networking and Network Applications(NaNA).IEEE,2023:359-364.
[15]GREE N,MATTHEW D,IAN M.Forward Secure Asyn-chronous Messaging from Puncturable Encryption[C]//2015 IEEE Symposium on Security and Privacy.IEEE,2015:305-320.
[16]PHUONG T V X,NING R,XIN C,et al.Puncturable Attri-bute-based Encryption for Secure Data Delivery in Internet of Things[C]//IEEE INFOCOM 2018-IEEE Conference on Computer Communications.IEEE,2018:1511-1519.
[17]DUTTA P,SUSILO W,DUONG D H,et al.Puncturable Identity-based and Attribute-based Encryption from Lattices[J].Theoretical Computer Science,2022,929(11):18-38.
[18]YANG M,WANG H,HE D.Puncturable Attribute-based Encryption from Lattices for Classified Document Sharing[J].IEEE Transactions on Information Forensics and Security,2024,929(11):4028-4042.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发