CN105635135B

CN105635135B - A kind of encryption system and access control method based on property set and relationship predicate

Info

Publication number: CN105635135B
Application number: CN201511000960.9A
Authority: CN
Inventors: 朱岩; 路红英
Original assignee: University of Science and Technology Beijing USTB
Current assignee: University of Science and Technology Beijing USTB
Priority date: 2015-12-28
Filing date: 2015-12-28
Publication date: 2019-01-25
Anticipated expiration: 2035-12-28
Also published as: CN105635135A

Abstract

The invention discloses a kind of encryption system and access control method based on property set and relationship predicate.The method include the steps that 1) according to given security parameter k, the public key mpk and master key msk of output safety encryption system；2) for each given attribute collection, the public key pk of the property set is generated by msk_iWith private key sk_i, and by pk_iIt is added in mpk, sk_iIt is added in msk；Wherein, the attribute with same nature or mark are located in same data set；It 3) is that the user generates a private key sk according to the identity attribute value list of user's input^(k)；4) data resource M is encrypted according to mpk and access strategy, obtains ciphertext C_Π；5) the identity attribute value list that system is inputted according to the user judges whether the user is able to access that data resource M, if it is possible to access, then according to the private key for user of the user to C_ΠIt is decrypted.The present invention substantially increases safety and the access efficiency of access control.

Description

A kind of encryption system and access control method based on property set and relationship predicate

Technical field:

The present invention relates to information technology field, in particular to a kind of encryption system and visit based on property set and relationship predicate Ask control method.

Background technique:

With the development of network technology, more and more new network forms and system are emerged in large numbers one after another, comprising: Internet of Things, Mobile Internet, cloud computing, service calculate etc., its main feature is that data increasingly it is many and diverse it is huge, open be growing, data flowing Property increase, this also results in the secret protection of some new network security problems, especially user data and information and asks with sharing Topic.On the one hand the network that we open promotes the exchange and shared more convenient, another aspect of information, uncontrolled information friendship It changes and necessarily brings the illegal acts such as a series of data abuse, infringement with shared.

Traditional network technology especially encrypts the needs that existing network is no longer satisfied with authentication techniques, mainly Open increase, so that traditional protection boundary disappears；Meanwhile the increase of data sharing range, classical cryptosystem also without Method meets the needs of a wide range of information sharing.It follows that traditional cryptography technology can not solve the problems, such as previous security.Cause How this, realize that the secret protection of data and effective information are shared simultaneously, have become internet core in the urgent need to address Problem.

Access control is the important means realized user data confidentiality and carry out secret protection.In order to solve above-mentioned ask Topic, the novel cipher access control technology that one kind being referred to as " encryption of attribute base " have been suggested.So-called attribute base encrypts Refer to that a kind of identification presentation by user is an attribute set, and encryption data is then associated with access control structure, a use Can family decrypt ciphertext, depending on the access control structure corresponding with user identity of attribute set associated by ciphertext whether Match.Specifically, the encryption of attribute base has the property that

1) expression of one group " attribute " main body that accesses is used；

2) authorization judgement is carried out using the flexible policy of Attribute Oriented；

3) by supporting the encryption method of property policy to realize data protection；

4) authorization is realized by distributing user attribute key；

5) pass through the judgement of attribute key and ciphertext access strategy matched whether realizing decryption.

Attribute base encryption essence is a kind of access mandate and authentication service technology, guarantees that unauthorized user is not eligible for accessing Specific data.The encryption of attribute base belongs to public-key cryptography scheme, towards decryption object be a group, rather than single use Family, public key of the combinations of attributes of its use groups as group, all users send data to group and use identical public key.

For example, the access strategy of attribute base encryption is (" Peking University " OR " University of Science & Technology, Beijing ") AND " 2015 Year " AND " academic degrees committee " AND (NOT " biological institute " AND NOT " chemical institute ")

The encryption of existing attribute base is all that access strategy is generated using character string, all properties be all it is isolated, cannot Relationship between defined attribute, while supporting AND, OR and simple NOT logic.It is using stringent string matching that it, which is realized, Mode, i.e. user only possess one group of character string as attribute-bit.

By upper example it is found that the encryption of existing attribute base has the following problems:

1) " attribute set " concept for not supporting kind attributes to constitute, but all properties are all made of string representation；

2) " belonging to " and " being not belonging to " operation for not supporting collection to close, only supports to be equal to operation.

Encrypt the existing above problem for current attribute base, the invention proposes a kind of supports " attribute set " concept with Attribute set operation in cryptography.Specific patent content is described as follows:

1) concept of property set is supported, i.e. the attribute value of same type constitutes a set；

2) the not scale of limitations set, such as global all city composition " city " collection, each city is known as an attribute Value, can be indicated with character string, number etc.；

3) operation such as " belonging to ", " being not belonging to ", " being equal to ", " being not equal to " between rendezvous value is supported.

The present invention is a kind of vast improvement to existing attribute base encryption function.For example, in previous example, we can be with Establish the set of following attribute value:

Big scientific name :=..., " Peking University ", " University of Science & Technology, Beijing ", " Tsinghua University " ... ... },

Department :=..., " biological institute ", " chemical institute ", " Information Institute " ... ... },

Time :=..., 2013,2014,2015,2016 ... ... },

Role :=..., " professoriate ", " academic board ", " academic degrees committee " ... ... }.

With this corresponding, we can be for any resource (including file, memory space, network channel, process etc.) again Defining above-mentioned security strategy is

(big scientific name ∈ { " Peking University ", " University of Science & Technology, Beijing " } the AND time=2015AND role=" degree committee member Meeting " AND department{ " biological institute ", " chemical institute " }).

Pass through above-mentioned definition, it is assumed that a user has following identity attribute: { big scientific name :=" University of Science & Technology, Beijing ", year Part :=2015, role :=" academic degrees committee ", department :=" Information Institute " }, this indicates that the user held a post in north in 2015 The mathematics institute of capital University of Science and Technology, and be academic degrees committee committee member.Obviously, the identity of the user can pass through above-mentioned safe plan Therefore certification slightly will be allowed access by the resource of above-mentioned strategy encryption.

Obviously, our method can generate simpler clearly security policy expression, meanwhile, AND/OR operates number 3 are reduced to by original 5, attribute value, which compares, has been reduced to 4 by original 6.Therefore, also have in calculation amount significant It reduces.In view of in network application new in recent years safety problem and demand increasingly attract extensive attention, institute's invention device for Solution necessarily leads to huge progradation for the development of internet and the communication technology.

Summary of the invention:

For the technical problems in the prior art, the purpose of the present invention is to provide one kind to be based on property set and relationship The encryption system and access control method of predicate.

The technical solution of the present invention is as follows:

A kind of encryption system access control method based on property set and relationship predicate, the steps include:

According to given security parameter k, the public key mpk and master key msk of output safety encryption system；

2) for each given attribute collection A_i={ v_i1,...,v_im, the public key of the property set is generated by master key msk pk_iWith private key sk_i, and by public key pk_iIt is added in public key mpk, private key sk_iIt is added in master key msk；Wherein, have identical Property qualitative attribution or mark be located at same data set in, each property set have a unique name, each category in property set Property or mark be known as an attribute value, v_imFor ith attribute collection A_iIn m-th of attribute value；

3) the identity attribute value list Φ={ v inputted according to user_ij∈A_iIt is that the user generates a private key for user sk^(k)；

4) one access strategy ∏ is set for data resource M；According to the public key mpk and access strategy Π in step 2) to this Data resource M is encrypted, and ciphertext C is obtained_Π；Wherein, several subset S are contained in access strategy Π_iWith corresponding binary crelation meaning WordAndS_iFor A_iSubset；

5) when a user requires access data resource M, identity attribute that secure encryption system is inputted according to the user Value list judges whether the user is able to access that data resource M, if it is possible to access, then according to the private key for user pair of the user Ciphertext C_ΠIt is decrypted, exports plaintext M；Otherwise output is empty.

Further, the private key for user sk is generated^(k)Method are as follows: for user u_k, firstly generate the main private of the user Key usk^(k)；Then for the user in identity attribute value list Φ={ v_ij∈A_iIn any attribute value v_ij∈A_i, generation pair The user property value key vsk answered_ij, obtain the private key for userA_iFor the user u_kCategory Property collection.

Further, judge the method whether user is able to access that the access strategy ∏ of data resource M are as follows: by the use The input of the identity attribute value list Φ of family input and the access strategy ∏ of the data resource as binary crelation predicate, if two The judgement output result of first relationship predicate is very, then to judge whether the user is able to access that data resource M, otherwise can not visit It asks.

Further, for the logic NOT in access strategy, binary crelation is converted by logic NOT using Moore's Law and is called Negative Predicate " not " in word obtains the access strategy of Boolean algebra logical expressions.

Further, the ciphertextIt is comprising binary crelationIt is raw At sub- ciphertext.

A kind of encryption system based on property set and relationship predicate, which is characterized in that including system key generation module, belong to Property set key production module, user key generation module, encrypting module and deciphering module；Wherein,

The system key generation module, for according to given security parameter k, the public key of output safety encryption system Mpk and master key msk；

The attribute set key production module, for each given attribute collection A_i={ v_i1,...,v_im, pass through master key Msk generates the public key pk of the property set_iWith private key sk_i, and by public key pk_iIt is added in public key mpk, private key sk_iIt is close to be added to master In key msk；Wherein, the attribute with same nature or mark are located in same data set, and each property set has a unique name Claim, each attribute or mark in property set are known as an attribute value, v_imFor ith attribute collection A_iIn m-th of attribute value；

The user key generation module, identity attribute value list Φ={ v for being inputted according to user_ij∈A_iIt is to be somebody's turn to do User generates a private key for user sk^(k)；

The encrypting module, for being carried out according to the access strategy ∏ and public key mpk of data resource M to data resource M Encryption, obtains ciphertext C_Π；Wherein, several subset S are contained in access strategy Π_iWith corresponding binary crelation predicate AndS_iFor A_iSubset；

The deciphering module, for judging whether the user can visit according to the identity attribute value list of access user's input Ask the data resource M to be accessed, if it is possible to access, then according to the private key for user of the user to ciphertext C_ΠIt is decrypted, it is defeated Plaintext M out；Otherwise output is empty.

The present invention relates to a kind of encryption systems based on attribute set, referred to as property set encryption system.The one of the system A feature is can to support the concept of property set, i.e., the attribute with same nature or mark are integrated into a set.Each Property set has a unique name, referred to as " attribute-name ".The property set of unlimited element number can be supported in system.In attribute Each attribute or mark in collection are referred to as one " attribute value ".In general, we use capital U={ e₁,...,e_nIndicate to belong to Property collection, e_iIndicate attribute value.

Feature of this invention is that providing a kind of safe member relation determination method.This method is able to use a kind of password Mode determines the member relation between given set S and element e, and this member relation includes: relation belonging to, no Relation belonging to.This member relation uses binary predicateIt is indicated, whereinAlso mean that e ∈ S orJudgement.Method description will be carried out using above-mentioned expression below.

Specifically, as shown in Figure 1, the present invention coupleSafe member relation determination method include the following steps:

1. attribute value key production module: giving any attribute set U_i={ e₁,...,e_n, it is raw according to security parameter κ At public key pk_i, private key sk_i, the serial number of footmark i expression set or key.

2. subset indicates generation module: the random subset S={ e of given set U₁,...,e_m, by public key pk_iGathered The safety of S indicates C_S。

3. element extraction module: a property element e in given U set is as input, from private key sk_iMiddle extraction element E, to obtain W_e。

4. member relation authentication module: the expression C of given subset S_SWith the expression W of element e_e, this module will provide above-mentioned defeated Relationship between enteringThe judgement of true or false (usually being indicated with 1 and 0).

In above process, feature of this invention is that being indicated using cryptography set and element, for example, W_eIt is The cryptography expression of e, C_SIt is the cryptography expression of S.

Feature of this invention is that for different member relationsThere are different safe member relations to sentence Determine method.

Feature of this invention is that can support to be equal to=and not equal to ≠ predicate, the two predicates are to belong to and be not belonging to Special case of the predicate when gathering only one element, that is,With

Feature of this invention is that authentication module can guarantee verification result when opponent is when attack attempts to cheat Safety, this safety include the integrality and completeness of verifying.

A feature of the present invention is to can guarantee the integrality of verification process, that is, ifSo verify Person can receive the proof of member relation authentication module with the probability of success 1.We useIt indicates for closing SystemThe output of member relation authentication module, then integrality means that following probability equation (formula 1) is set up:

(formula 1)

Another feature of the invention that can guarantee the completeness of verification process, completeness is divided into weak completeness and strong again Completeness.

1. weak completeness: to the arbitrary element e in set U, andThe expression of element e is extracted from private key sk W_e ^*, after member relation authentication module, then verifier's probability of success is almost 0, that is, is all set up to arbitrarily small ε (formula 2).

(formula 2)

2. strong completeness: for any polynomial time algorithm A, it can generate one(e refers to not in set U here In some unknown element e), and the value is made by the probability of success that member relation authentication module is verified to be almost 0, that is, right Arbitrarily small ε, (formula 3) are set up.

(formula 3)

A feature of the present invention is achievable property set encryption system, which will use above-mentioned safe member relation Determination method realizes belonging to ∈, being not belonging on property setEqual to=, not equal to ≠ etc. set members' predicate.

Property set can be dynamically added in the system, and each property set is enabled to be expressed as A_i={ v_i1,...,v_im, then in system All properties collection constitutes setMeanwhile the system can support unlimited multi-user, and user's collection is enabled to be combined into U ={ u₁,u₂,…,u_n, each user has a list of attribute values Φ={ v_ij∈A_i, wherein v_ijFirst subscript i table Property set label belonging to showing, second subscript j are attribute value serial number.These obvious attribute values illustrate the identity of user.

Any one data resource M is given, the access strategy ∏ of the data can be defined according to property set defined above, The access strategy can be represented as having the form of the Boolean function of set relation, enableAndTable Show any element and set S in property set A_iThe binary predicate of relationship, and the available above-mentioned multiple binary predicate tables of AND and OR goalkeeper It is shown as a Boolean expression.For example, following access strategy can be formulated for an encryption data:

Wherein ρ₁Corresponding P_∈(A₁,{v₁₁,v₁₂), ρ₂It is correspondingρ₃Corresponding P₌(A₃,v₃₂).If a certain User identity can be indicated by following attribute assignment: Φ :={ v₁₂,v₂₁,v₃₂, wherein attribute value v₁₂∈A₁, v₂₁∈A₂, v₃₂∈ A₃.We can be by this group of attribute assignment { v₁₂,v₂₁,v₃₂The corresponding property set of front access control ∏ is substituted into, finally used It family can

Meet the judgement of authorization:

As shown in Fig. 2, the system is by following several module compositions:

1. system generation module: the module is used for the generation of cryptographic system, defeated for given security intensity as input Public key mpk and master key msk out.

2. attribute set key production module: the module is used to for a specified property set being added in system, for Give any property set A_i={ v_i1,...,v_imAs input, public key pk is generated by master key msk_iWith private key sk_i, and will It is added in public key mpk, private key sk_iIt is added to master key msk.

3. user key generation module: the module is used for as some with identity attribute value list Φ={ v_ij∈A_iUse Family generates private key for user sk^(k).For user u_k, this is firstly generated with householder's private key usk^(k)；Then for any of the user Attribute value v_ij∈A_i, produce corresponding user property value key vsk_ij, when user has multiple attribute value Φ={ v_ij∈A_i, it uses Family private key includes

4. encrypting module: the module is used to be encrypted for the data resource M with access strategy ∏.With public key mpk and Access strategy Π is input, wherein contains several subset S in access strategy Π_iWith corresponding binary predicateAndThe module being capable of encrypting plaintext data resource M one ciphertext of outputIts In, S_iIt is contained in attribute set A_i, i.e. S_iFor A_iSubset

5. deciphering module: the module is for some with identity attribute value list Φ={ v_ij∈A_iUser use private key To the ciphertext C with property policy ∏_ΠIt is decrypted, the premise of decryption is that list of attribute values can make property policy ∏ true. With private key for user sk^(k)With ciphertext C_ΠFor input, plaintext M is exported, otherwise output is empty.

A feature of the present invention is that access control policy can support various elements and set relation predicate, this member Relationship includes belonging to ∈, being not belonging toEqual to=, not equal to ≠, predicate output be it is true with it is false, can be indicated with Boolean 1 and 0.

A feature of the present invention is to realize the pass in property set encryption system using safe member relation determination method It is that predicate cryptography determines, comprising:

1. realizing the key systematic function that attribute set is added in module using attribute value key production module, public key is generated pk_iWith private key sk_i；

2. indicating that generation module is realized using subset contains mandatory member's relationship predicate in encrypting moduleUnder Aggregation security indicate

3. using element extraction module to any attribute value v_ij∈A_iThe user generated in attribute value key production module belongs to Property value key

4. realize that the cryptography of member relation predicate in deciphering module determines using member relation authentication module, i.e., it is given to belong to Property value v_ij∈A_iExpressionRelationship predicateLower subset indicatesIt realizes determining type (formula 4)

(formula 4)

A feature of the present invention is that access strategy is supported based on logical AND, logic or boolean's letter with logic NOT Number expression, the Boolean function support logic and AND and logic or OR.Using linear Secret sharing techniques realize logical AND AND and Logic or OR can also be used level thresholding (threshold value) technology of sharing and realized.

A feature of the present invention is that the Boolean function in access strategy supports NOT logic NOT, the institute in Boolean algebra Some logic NOTs must carry out the conversion of following Moore's Law, i.e., and According to this transformation, thus to obtain the access strategy ∏ ' of equal value of the encryption system based on property set.For example, the access strategy after access strategy conversion isI.e. Convert the Negative Predicate " not " in binary crelation predicate for logic NOT using Moore's Law, including be not belonging to not equal to ≠.

The positive effect of the present invention

In conclusion the invention proposes a kind of attribute set operation supported in " attribute set " concept and cryptography, It is a kind of vast improvement to existing attribute base encryption function.The present invention relates to a kind of encryption system based on attribute set, letters Referred to as property set encryption system.One feature of the system is can to support the concept of property set, i.e., with the category of same nature Property or mark be integrated into a set.Feature of this invention is that for different member relationsIn the presence of not With safe member relation determination method and to set and element use cryptography expression.

A feature of the present invention is to can guarantee the integrality of verification process and completeness.

A feature of the present invention is achievable property set encryption system, which will use above-mentioned safe member relation Determination method realizes belonging to ∈, being not belonging on property setEqual to=, not equal to ≠ etc. set members' predicate.Of the invention One is characterized in that access control policy can support various elements and set relation predicate, this member relation include belong to ∈, It is not belonging toEqual to=, not equal to ≠, predicate output be it is true with it is false, can be indicated with Boolean 1 and 0.

A feature of the present invention is to realize the pass in property set encryption system using safe member relation determination method It is that predicate cryptography determines, a feature of the present invention is that access strategy is supported based on logical AND, logic or and logic Non- Boolean function expression, the Boolean function support logic and AND and logic or OR.It is patrolled using the realization of linear Secret sharing techniques Volume with AND and logic or OR, level thresholding (threshold value) technology of sharing can also be used and realized.A feature of the present invention is Boolean function in access strategy supports NOT logic NOT.

Detailed description of the invention

The structural schematic diagram that Fig. 1 safe member relation provided in an embodiment of the present invention determines.

The structural schematic diagram for the property set encryption system that Fig. 2 safe member relation provided in an embodiment of the present invention determines.

Specific embodiment:

Bilinear map is widely used on the aggregate signature scheme proposed in recent years as an effective tool, is led to Normal Bilinear map be by the Weil in elliptic curve to and Tate to deform getting.Bilinear map can construct very The irrealizable scheme of mostly general cryptography tool and Bilinear map relatively flexibly, have good property in use.

If G₁, G₂It is two using p as the cyclic group of rank, g₁It is crowd G₁Generation member, g₂It is crowd G₂Generation member.ψ is from group G₂To group G₁Computable isomorphism function, i.e. ψ (g₂)=g₁, e is computable mapping e:G₁×G₂→G_T, mapping e is with such as Lower property:

1) bilinearity: for all u ∈ G₁v∈G₂AndMeet e (u^a,v^b)=e (u, v)^ab。

2) non-degeneracy: meet e (g₁,g₂)≠1。

It can be extrapolated from the above property:

For arbitrary u ∈ G₁, v₁,v₂∈G₂, e (u, v₁v₂)=e (u, v₁)·e(u,v₂)；For arbitrary u, v ∈ G₁, E (u, ψ (v))=e (v, ψ (u)).

To keep the technical problem to be solved in the present invention, technical solution and advantage clearer, below in conjunction with attached drawing and tool Body embodiment is described in detail.

Zero point aggregate function and pole aggregate function have been used in following embodiment, have been defined as follows:

1) zero point aggregate function

Give a random subsetIt is prime number with p rank cyclic group a G, p, if there is One polynomial time algorithm ZeroAggr, algorithm output areThe then algorithm Referred to as zero point aggregate function, wherein g is the generation member of p rank cyclic group G, and γ is the random secret introduced, x_i=hash (e_i) For the random point that each cycling of elements in set S is in cryptography space.

2) pole aggregate function

Give a random subsetIt is prime number with p rank cyclic group a G, p, if there is One polynomial time algorithm PolesAggr, algorithm outputThe then algorithm Referred to as pole aggregate function, wherein h is the generation member of p rank cyclic group G, and γ is the random secret introduced, x_i=hash (e_i) For the random point that each cycling of elements in set S is in cryptography space.

It is example is below in bilinear map system s=except zero point aggregate function described above and pole aggregate function (p,G₁,G₂,G_T, e ()) in realize, wherein G₁And G₂Rank be p, generate member be respectively g₁And g₂.In addition it uses Cryptographic Hash function hash:{ 0,1 }^*→Z_p ^*, by arbitrary attribute value v_iRandom element x is mapped to from binary string_i, i.e., x_i=hash (v_i)。

Embodiment one

This gives the cryptographies belonged to for member relation to determine building method, specifically includes following four Step:

1) attribute value key production module: for giving any attribute set U={ e₁,...,e_n, it randomly selectsWith m ∈ Z⁺, generate public keyAnd private key

2) subset indicates generation module: the random subset S={ e of given set U₁,...,e_m, we call PolesAggr The safety that function obtains set S to calculate (formula 5) indicates H_S, wherein x_k=hash (e_k)。

(formula 5)

3) element extraction module: a property element e in given U set_iAs input, element is extracted from private key sk e_i, to obtain e_iCryptography indicate

4) member relation authentication module: the expression H of given subset S_SWith element e_iExpressionThis module will provide above-mentioned Relationship P between input_∈The judgement of (e, S) true or false (usually being indicated with 1 and 0), that is, e_iBelong to S.Firstly, calculate S_=S { e_i} (formula 6)；Secondly, verifying W_iWhether e (G is equal to_{S_},H_S), i.e. e (G_{S_},H_S)·e(W_i, H) whether=V true.If set up, I Be considered as e_i∈ S simultaneously returns to true, otherwise return vacation.

(formula 6)

Embodiment two

This gives the cryptographies being not belonging to for member relation to determine building method, specifically, including following Four steps:

1) attribute value key production module: for giving any attribute set U={ e₁,...,e_n, according to security parameter κ, It randomly selectsWith n ∈ Z⁺, generate public key And private key

2) subset indicates generation module: the random subset S={ e of given set U₁,...,e_m, we call ZerosAggr The safety that function obtains set S to calculate (formula 7) indicates G_S, wherein x_k=hash (e_k)。

(formula 7)

4) member relation authentication module: the expression G of given subset S_SWith element e_iCryptography indicateThis module will give Relationship between above-mentioned input outThe judgement of true or false (usually being indicated with 1 and 0), that is, e_iIt is not belonging to S.Firstly, calculating S₊ =S ∪ { e_iAnd (formula 8), secondly, verifying e (G_S,H_S+)·e(W_i, H) whether=V true.If set up, we are considered asAnd return to true, otherwise return vacation.

(formula 8)

Embodiment three

Each party is about Z_pUpper vector is shared.There are the matrix T of a l × n to be known as shared generator matrix.ForT_iIt is i-th of row vector of T.Setting function π is defined as the label π (i) of row i.Column vector v=(s, r₂,···,r_n), wherein s ∈ Z_pIt is shared secret, r₂,...,r_nIt is Z_pIn random number.Tv is that length is that sharing for l is secret The column vector of close s, and (Tv)_iIt is the secret that π (i) just holds.Setting U is the set of any authorization, and I ∈ { 1 ..., l } is fixed Justice is I={ i: π (i) ∈ U }.So there is fixed { w_i}_i∈ISo that if λ_iIt is the effective shared of any secret s, then secret ∑ can be passed through_i∈Iw_iλ_i=s reconstruct.

We illustrate the property set setting of this system by taking technical background as an example, first such as defined attribute collection:

Time :=..., 2013,2014,2015,2016 ... ... },

We can define A_i:={ v_i1,...,v_im, wherein A₁← department, v_1k1← " biological institute ", v_1k2← " chemistry Institute ", v_1k3← " Information Institute "；A₂← big scientific name, v_2k1← " Peking University ", v_2k2← " University of Science & Technology, Beijing ", v_2k3← " clear Hua Da "；A₃← time, v_3k1← 2013, v_3k2← 2014, v_3k3←2015；

A₄← role, v_4k1← " professoriate ", v_4k2← " academic board ", v_4k3← " academic degrees committee ".

We can be with definition strategy

Assuming that a user has following identity attribute: big scientific name :=" University of Science & Technology, Beijing ", the time :=2015, angle Color :=" academic degrees committee ", department :=" Information Institute " }.

Core of the invention is property set encryption system, we are given using the method in above-described embodiment one and embodiment two Go out detailed property set cryptographic construction scheme, specifically include following five modules:

1) system generation module

The accordingly bilinear map system based on elliptic curve cipher is obtained for the security intensity of formulationIn G₁, G₂Two elements of middle random selectionWithIt choosesSet Q=H^β, R=e (G, H)^α.It obtains public key mpk=(S, H, Q, R), master key msk=(α, β, ε,G,G^ε).Finally export (mpk, msk).

2) module is added in attribute set

From Z_p ^*In randomly select γ_i, i.e.,SettingWherein [1, m] j ∈.For all v_ij ∈A_iAnd x_ij=h (v_ij), haveClient public key is generated by master key Respectively by pk_iMpk is added and by sk_i=γ_iIt is attached to msk.

3) attribute value key production module

For user u_k, randomly select an integer τ_l, this is generated with householder's private keyFor the use Any attribute value (A at family_i←v_ij) ∈ Φ, produce corresponding user property value keyWork as user There are multiple attribute value Φ={ v_ij∈A_iThe case where, generate private key for user

4) encrypting module

Plaintext M, public key mpk and access strategy Π are inputted, ciphertext C is exported_∏.∏ is converted into (T, π), access strategy first Contain several subset S in Π_iWith corresponding predicateAndSelect stochastic variableShare secret s, then calculates ek=R^s=e (G, H)^αs, c₀=Q^S,And λ_k=v T_k, wherein T_kIt is k-th of row vector of the shared generator matrix T of l × n.Ciphertext isWherein C₀ =(c₀,c₁).ForIt is whether trueIt calculatesMeet (formula 9)

(formula 9)

Wherein, H_S=PolesAggr (mpk, S), G_S=ZerosAggr (mpk, S).

5) deciphering module

User u_kInputAnd ciphertextIt is close from i-th of son Text (c_i1,c_i2) it is inner extract S, then attempt find the appointment A that can satisfy conditions above_i←v_ij.If it is successful, i.e. user The corresponding attribute value Φ={ v of private key_ij∈A_iMeet access strategy Π in ciphertext, search sub-keyAnd calculating formula (10):

(formula 10)

Wherein, G_S-=ZerosAggr (mpk, S { v_ij), H_s+=PolesAggr (mpk, S ∪ { v_ij}).As all c_i When value is known, the vector { w of reconstruct is calculated according to T and I={ i: π (i) ∈ U }_i∈Z_p}_i∈I, wherein U is any matched collection It closes, if { λ_iIt is the effective shared of any secret s, then Σ_i∈Iw_iλ_i=s.Then it calculatesFinally restore meeting Talk about key ek=e (sk₀,c₀)/c.It is calculated by the session key ek of recoveryExport plaintext M.If user's The corresponding attribute value Φ={ v of private key_ij∈A_iIt is unsatisfactory for access strategy Π in ciphertext, output is empty.

The above is a preferred embodiment of the present invention, it is noted that for those skilled in the art For, without departing from the principles of the present invention, it can also make several improvements and retouch, these improvements and modifications It should be regarded as protection scope of the present invention.

Claims

1. a kind of encryption system access control method based on property set and relationship predicate, the steps include:

1) according to given security parameter k, the public key mpk and master key msk of output safety encryption system；

2) for each given attribute collection A_i={ v_i1,...,v_im, the public key pk of the property set is generated by master key msk_iWith Private key sk_i, and by public key pk_iIt is added in public key mpk, private key sk_iIt is added in master key msk；Wherein, there is same nature Attribute or mark be located in same data set, each property set has a unique name, each attribute in property set or Mark is known as an attribute value, v_imFor ith attribute collection A_iIn m-th of attribute value；

4) one access strategy Π is set for data resource M；According to the public key mpk and access strategy Π in step 2) to the data Resource M is encrypted, and ciphertext C is obtained_Π；Wherein, several subset S are contained in access strategy Π_iWith corresponding binary crelation predicateAndS_iFor A_iSubset；

5) when a user requires access data resource M, secure encryption system is arranged according to the identity attribute value that the user inputs Table judges whether the user is able to access that data resource M, if it is possible to it accesses, then it is close to this according to the private key for user of the user Literary C_ΠIt is decrypted, exports plaintext M；Otherwise output is empty.

2. the method as described in claim 1, which is characterized in that generate the private key for user sk^(k)Method are as follows: for user u_k, firstly generate the main private key usk of the user^(k)；Then for the user in identity attribute value list Φ={ v_ij∈A_iIn Any attribute value v_ij∈A_i, generate corresponding user property value key vsk_ij, obtain the private key for userA_iFor the user u_kProperty set.

3. method according to claim 1 or 2, which is characterized in that judge whether the user is able to access that data resource M's The method of access strategy Π are as follows: the access strategy Π of the identity attribute value list Φ that inputs the user and the data resource as The input of binary crelation predicate, if the judgement output result of binary crelation predicate is very, to judge whether the user can visit It asks data resource M, otherwise can not access.

4. method as claimed in claim 3, which is characterized in that, will using Moore's Law for the logic NOT in access strategy Logic NOT is converted into the Negative Predicate " not " in binary crelation predicate, obtains the access strategy of Boolean algebra logical expressions.

5. method according to claim 1 or 2, which is characterized in that the ciphertext It is packet Containing binary crelationThe sub- ciphertext generated.

6. a kind of encryption system based on property set and relationship predicate, which is characterized in that including system key generation module, attribute Gather key production module, user key generation module, encrypting module and deciphering module；Wherein,

The system key generation module, for according to given security parameter k, the public key mpk of output safety encryption system and Master key msk；

The attribute set key production module, for each given attribute collection A_i={ v_i1,...,v_im, pass through master key msk Generate the public key pk of the property set_iWith private key sk_i, and by public key pk_iIt is added in public key mpk, private key sk_iIt is added to master key In msk；Wherein, the attribute with same nature or mark are located in same data set, and each property set has a unique name, Each attribute or mark in property set are known as an attribute value, v_imFor ith attribute collection A_iIn m-th of attribute value；

The user key generation module, identity attribute value list Φ={ v for being inputted according to user_ij∈A_iIt is the user Generate a private key for user sk^(k)；

The encrypting module, for being encrypted according to the access strategy Π and public key mpk of data resource M to data resource M, Obtain ciphertext C_Π；Wherein, several subset S are contained in access strategy Π_iWith corresponding binary crelation predicateAndS_iFor A_iSubset；

The deciphering module is wanted for judging whether the user is able to access that according to the identity attribute value list of access user's input The data resource M of access, if it is possible to access, then according to the private key for user of the user to ciphertext C_ΠIt is decrypted, exports bright Literary M；Otherwise output is empty.

7. system as claimed in claim 6, which is characterized in that for user u_k, the user key generation module firstly generates The main private key usk of the user^(k)；Then for user identity list of attribute values Φ={ v_ij∈A_iIn any attribute value v_ij ∈A_i, generate corresponding user property value key vsk_ij, obtain the private key for userA_i For the user u_kProperty set.

8. system as claimed in claims 6 or 7, which is characterized in that the identity attribute that the deciphering module inputs the user Input of the access strategy Π of value list and the data resource as binary crelation predicate, if the judgement of binary crelation predicate is defeated Result is true out, then judges whether the user is able to access that data resource M, otherwise can not access.

9. system as claimed in claim 8, which is characterized in that the deciphering module is for the logic NOT in access strategy, benefit The Negative Predicate " not " in binary crelation predicate is converted by logic NOT with Moore's Law, obtains the access plan of Boolean algebra logical expressions Slightly.

10. system as claimed in claims 6 or 7, which is characterized in that the ciphertext