Key-Policy Attribute-Based Encryption Based on SM9 and Its Fast Decryption
Attribute-Based Encryption(ABE)is a public-key encryption technology that shares data by specifying an access policy.Based on the different access policy locations,Attribute-Based Encryption falls into two categories:Key-Policy ABE(KP-ABE)and Ciphertext-Policy ABE(CP-ABE).In KP-ABE,the data owner encrypts data by specifying a set of attributes,and authorized recipients use keys associated with the access policy to access the data.In CP-ABE,the data owner encrypts the data by specifying an access policy,and the authorized receiver uses keys associated with a set of attributes to access the data.Compared to traditional"one to-one"data sharing mode,ABE provides more fine-grained"one-to-many"data sharing capability,and is suitable for multi-user data security sharing applications in new information systems such as cloud computing,blockchain,and the Internet of Things.SM9 Identity-Based Encryption is one of the series of domestically designed Identity-Based Cryptographic algorithms used to ensure data confidentiality.It has become an international standard in 2021.However,SM9 Identity-Based Encryption only provides"one-to-one"data sharing mode.Based on the SM9 Identity-Based Encryption,this article combines the constructive ideas of the classic KP-ABE,uses Linear Secret Sharing Scheme(LSSS)to represent the access strategy,and proposes a KP-ABE based on SM9.The key/ciphertext structure in the proposed scheme is similar to that in SM9 and can be effectively integrated with existing information systems that use SM9.However,similar to most classic KP-ABE schemes,this scheme suffers from frequent and time-consuming decryption oper-ations.Therefore,based on the aforementioned scheme,a fast decryption method for KP-ABE based on SM9 is proposed.The new method has the following characteristics:(1)the new meth-od reduces the number of pairing operations used in decryption from the original 2|I|to 2 by increasing the length of the key,where|I|represents the number of rows in the linear secret sharing matrix used in decryption;(2)the new method uses public key aggregation technology to reduce the number of group elements in the ciphertext from the original(2+|S|)to 3,where S represents the set of attributes used in encryption;(3)the new method has dynamic self-adapta-bility,and users can make personalized trade-offs between key length and decryption time accord-ing to actual needs.For example,in devices with limited storage space,users can shorten the key length by increasing decryption time;In devices with limited computing power,users can reduce decryption time by increasing the length of the key.These features make the proposed new method more suitable for lightweight devices with limited computing,broadband,and storage resources.Finally,security analysis shows that the proposed scheme has the security against Chosen-Plaintext Attack under the(q,k+1)-DBDHI assumption,and can achieve the security against Chosen-Ciphertext Attack through FO conversion technology.Performance evaluation shows when the size of the attribute universe is 100 and the number of policy attributes is 50,the decryption time of the fast decryption method is 0.95s,which is a 69.2%reduction compared to the previous decryption time of 3.09 s.
NETL
NSTL
万方数据
