计算机研究与发展2024,Vol.61Issue(12) :3088-3097.DOI:10.7544/issn1000-1239.202220133

支持策略更新和即时密文验证的外包属性基加密方案

Outsourced Attribute-Based Encryption Scheme with Policy Updating and Verifiable Ciphertext

苏泽林 张文芳 王小敏
计算机研究与发展2024,Vol.61Issue(12) :3088-3097.DOI:10.7544/issn1000-1239.202220133
  • NETL
  • NSTL
  • 万方数据

支持策略更新和即时密文验证的外包属性基加密方案

Outsourced Attribute-Based Encryption Scheme with Policy Updating and Verifiable Ciphertext

苏泽林 1张文芳 1王小敏1
扫码查看

作者信息

  • 1. 西南交通大学信息科学与技术学院 成都 610756
  • 折叠

摘要

属性基加密提供了全新的基于密码学的访问控制方案,适用于多用户数据共享场景,但由于加密阶段和访问策略更新过程的计算和通信开销较大,且现有的外包属性基加密方案大多数都没有提供面向数据拥有者的密文正确性验证方法,很大程度上限制了属性基加密的实际应用.针对上述问题,提出了一种支持动态策略更新和即时验证密文正确性的属性基外包加密方案,能够在不可信云环境下有效地保护数据的隐私性.方案根据外包加密原理设计策略更新过程,只需要完成少量计算即可生成更新密钥.利用双线性对的运算特性和解密运算结构设计密文验证算法,通过引入验证转换密钥使密文验证效率明显高于解密运算效率.方案根据不同的云环境模型设计了高效验证算法和严格验证算法,分别适用于诚实且好奇和不可信的云环境中.方案在标准模型下被证明满足选择明文攻击安全性.性能分析和效率对比表明,该方案的本地加密、策略更新和密文验证的计算量都有所减少,使得整体方案较现有方案更加轻量化,适用于资源受限设备的数据共享场景.

Abstract

Attribute-based encryption is a new access control scheme based on cryptography,which is suitable for data sharing.However,the large computational and communication costs of encryption and access policy updating limit the practical application of attribute-based encryption.Moreover,most of proposed outsourcing ABE schemes do not provide a ciphertext correctness verification method for data owners.Thus,an outsourced ABE scheme with dynamic policy updating and real-time verification of ciphertext correctness is proposed to further protect data privacy in an untrusted cloud environment.In the scheme,the design of policy updating references outsourced encryption,which reduces the computational cost of generating update key.The design of ciphertext correctness verification algorithm refers to decryption operation and introduces verification transformation key to make ciphertext verification more efficient.According to different cloud environment models,efficient verification algorithm and strict verification algorithm are designed,which are suitable for honest but curious cloud environment and untrustworthy cloud environment respectively.The scheme is secure against chosen plaintext attack under the standard model.Performance analysis and efficiency comparison show that the computation of local encryption,policy updating and ciphertext verification are reduced,and the scheme is more lightweight,which is suitable for the application of computation-constrained devices in access control scenarios.

关键词

属性基加密/策略更新/密文重加密/外包加密/可验证密文

Key words

attribute-based encryption/policy updating/ciphertext re-encryption/outsourced encryption/verifiable ciphertext

引用本文复制引用

出版年

2024
计算机研究与发展
中国科学院计算技术研究所 中国计算机学会

计算机研究与发展

CSTPCD北大核心
影响因子:2.649
ISSN:1000-1239
段落导航相关论文