CN105635135B - A kind of encryption system and access control method based on property set and relationship predicate - Google Patents
A kind of encryption system and access control method based on property set and relationship predicate Download PDFInfo
- Publication number
- CN105635135B CN105635135B CN201511000960.9A CN201511000960A CN105635135B CN 105635135 B CN105635135 B CN 105635135B CN 201511000960 A CN201511000960 A CN 201511000960A CN 105635135 B CN105635135 B CN 105635135B
- Authority
- CN
- China
- Prior art keywords
- user
- key
- access
- attribute
- predicate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0847—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
Abstract
The invention discloses a kind of encryption system and access control method based on property set and relationship predicate.The method include the steps that 1) according to given security parameter k, the public key mpk and master key msk of output safety encryption system;2) for each given attribute collection, the public key pk of the property set is generated by mskiWith private key ski, and by pkiIt is added in mpk, skiIt is added in msk;Wherein, the attribute with same nature or mark are located in same data set;It 3) is that the user generates a private key sk according to the identity attribute value list of user's input(k);4) data resource M is encrypted according to mpk and access strategy, obtains ciphertext CΠ;5) the identity attribute value list that system is inputted according to the user judges whether the user is able to access that data resource M, if it is possible to access, then according to the private key for user of the user to CΠIt is decrypted.The present invention substantially increases safety and the access efficiency of access control.
Description
Technical field:
The present invention relates to information technology field, in particular to a kind of encryption system and visit based on property set and relationship predicate
Ask control method.
Background technique:
With the development of network technology, more and more new network forms and system are emerged in large numbers one after another, comprising: Internet of Things,
Mobile Internet, cloud computing, service calculate etc., its main feature is that data increasingly it is many and diverse it is huge, open be growing, data flowing
Property increase, this also results in the secret protection of some new network security problems, especially user data and information and asks with sharing
Topic.On the one hand the network that we open promotes the exchange and shared more convenient, another aspect of information, uncontrolled information friendship
It changes and necessarily brings the illegal acts such as a series of data abuse, infringement with shared.
Traditional network technology especially encrypts the needs that existing network is no longer satisfied with authentication techniques, mainly
Open increase, so that traditional protection boundary disappears;Meanwhile the increase of data sharing range, classical cryptosystem also without
Method meets the needs of a wide range of information sharing.It follows that traditional cryptography technology can not solve the problems, such as previous security.Cause
How this, realize that the secret protection of data and effective information are shared simultaneously, have become internet core in the urgent need to address
Problem.
Access control is the important means realized user data confidentiality and carry out secret protection.In order to solve above-mentioned ask
Topic, the novel cipher access control technology that one kind being referred to as " encryption of attribute base " have been suggested.So-called attribute base encrypts
Refer to that a kind of identification presentation by user is an attribute set, and encryption data is then associated with access control structure, a use
Can family decrypt ciphertext, depending on the access control structure corresponding with user identity of attribute set associated by ciphertext whether
Match.Specifically, the encryption of attribute base has the property that
1) expression of one group " attribute " main body that accesses is used;
2) authorization judgement is carried out using the flexible policy of Attribute Oriented;
3) by supporting the encryption method of property policy to realize data protection;
4) authorization is realized by distributing user attribute key;
5) pass through the judgement of attribute key and ciphertext access strategy matched whether realizing decryption.
Attribute base encryption essence is a kind of access mandate and authentication service technology, guarantees that unauthorized user is not eligible for accessing
Specific data.The encryption of attribute base belongs to public-key cryptography scheme, towards decryption object be a group, rather than single use
Family, public key of the combinations of attributes of its use groups as group, all users send data to group and use identical public key.
For example, the access strategy of attribute base encryption is (" Peking University " OR " University of Science & Technology, Beijing ") AND " 2015
Year " AND " academic degrees committee " AND (NOT " biological institute " AND NOT " chemical institute ")
The encryption of existing attribute base is all that access strategy is generated using character string, all properties be all it is isolated, cannot
Relationship between defined attribute, while supporting AND, OR and simple NOT logic.It is using stringent string matching that it, which is realized,
Mode, i.e. user only possess one group of character string as attribute-bit.
By upper example it is found that the encryption of existing attribute base has the following problems:
1) " attribute set " concept for not supporting kind attributes to constitute, but all properties are all made of string representation;
2) " belonging to " and " being not belonging to " operation for not supporting collection to close, only supports to be equal to operation.
Encrypt the existing above problem for current attribute base, the invention proposes a kind of supports " attribute set " concept with
Attribute set operation in cryptography.Specific patent content is described as follows:
1) concept of property set is supported, i.e. the attribute value of same type constitutes a set;
2) the not scale of limitations set, such as global all city composition " city " collection, each city is known as an attribute
Value, can be indicated with character string, number etc.;
3) operation such as " belonging to ", " being not belonging to ", " being equal to ", " being not equal to " between rendezvous value is supported.
The present invention is a kind of vast improvement to existing attribute base encryption function.For example, in previous example, we can be with
Establish the set of following attribute value:
Big scientific name :=..., " Peking University ", " University of Science & Technology, Beijing ", " Tsinghua University " ... ... },
Department :=..., " biological institute ", " chemical institute ", " Information Institute " ... ... },
Time :=..., 2013,2014,2015,2016 ... ... },
Role :=..., " professoriate ", " academic board ", " academic degrees committee " ... ... }.
With this corresponding, we can be for any resource (including file, memory space, network channel, process etc.) again
Defining above-mentioned security strategy is
(big scientific name ∈ { " Peking University ", " University of Science & Technology, Beijing " } the AND time=2015AND role=" degree committee member
Meeting " AND department{ " biological institute ", " chemical institute " }).
Pass through above-mentioned definition, it is assumed that a user has following identity attribute: { big scientific name :=" University of Science & Technology, Beijing ", year
Part :=2015, role :=" academic degrees committee ", department :=" Information Institute " }, this indicates that the user held a post in north in 2015
The mathematics institute of capital University of Science and Technology, and be academic degrees committee committee member.Obviously, the identity of the user can pass through above-mentioned safe plan
Therefore certification slightly will be allowed access by the resource of above-mentioned strategy encryption.
Obviously, our method can generate simpler clearly security policy expression, meanwhile, AND/OR operates number
3 are reduced to by original 5, attribute value, which compares, has been reduced to 4 by original 6.Therefore, also have in calculation amount significant
It reduces.In view of in network application new in recent years safety problem and demand increasingly attract extensive attention, institute's invention device for
Solution necessarily leads to huge progradation for the development of internet and the communication technology.
Summary of the invention:
For the technical problems in the prior art, the purpose of the present invention is to provide one kind to be based on property set and relationship
The encryption system and access control method of predicate.
The technical solution of the present invention is as follows:
A kind of encryption system access control method based on property set and relationship predicate, the steps include:
According to given security parameter k, the public key mpk and master key msk of output safety encryption system;
2) for each given attribute collection Ai={ vi1,...,vim, the public key of the property set is generated by master key msk
pkiWith private key ski, and by public key pkiIt is added in public key mpk, private key skiIt is added in master key msk;Wherein, have identical
Property qualitative attribution or mark be located at same data set in, each property set have a unique name, each category in property set
Property or mark be known as an attribute value, vimFor ith attribute collection AiIn m-th of attribute value;
3) the identity attribute value list Φ={ v inputted according to userij∈AiIt is that the user generates a private key for user sk(k);
4) one access strategy ∏ is set for data resource M;According to the public key mpk and access strategy Π in step 2) to this
Data resource M is encrypted, and ciphertext C is obtainedΠ;Wherein, several subset S are contained in access strategy ΠiWith corresponding binary crelation meaning
WordAndSiFor AiSubset;
5) when a user requires access data resource M, identity attribute that secure encryption system is inputted according to the user
Value list judges whether the user is able to access that data resource M, if it is possible to access, then according to the private key for user pair of the user
Ciphertext CΠIt is decrypted, exports plaintext M;Otherwise output is empty.
Further, the private key for user sk is generated(k)Method are as follows: for user uk, firstly generate the main private of the user
Key usk(k);Then for the user in identity attribute value list Φ={ vij∈AiIn any attribute value vij∈Ai, generation pair
The user property value key vsk answeredij, obtain the private key for userAiFor the user ukCategory
Property collection.
Further, judge the method whether user is able to access that the access strategy ∏ of data resource M are as follows: by the use
The input of the identity attribute value list Φ of family input and the access strategy ∏ of the data resource as binary crelation predicate, if two
The judgement output result of first relationship predicate is very, then to judge whether the user is able to access that data resource M, otherwise can not visit
It asks.
Further, for the logic NOT in access strategy, binary crelation is converted by logic NOT using Moore's Law and is called
Negative Predicate " not " in word obtains the access strategy of Boolean algebra logical expressions.
Further, the ciphertextIt is comprising binary crelationIt is raw
At sub- ciphertext.
A kind of encryption system based on property set and relationship predicate, which is characterized in that including system key generation module, belong to
Property set key production module, user key generation module, encrypting module and deciphering module;Wherein,
The system key generation module, for according to given security parameter k, the public key of output safety encryption system
Mpk and master key msk;
The attribute set key production module, for each given attribute collection Ai={ vi1,...,vim, pass through master key
Msk generates the public key pk of the property setiWith private key ski, and by public key pkiIt is added in public key mpk, private key skiIt is close to be added to master
In key msk;Wherein, the attribute with same nature or mark are located in same data set, and each property set has a unique name
Claim, each attribute or mark in property set are known as an attribute value, vimFor ith attribute collection AiIn m-th of attribute value;
The user key generation module, identity attribute value list Φ={ v for being inputted according to userij∈AiIt is to be somebody's turn to do
User generates a private key for user sk(k);
The encrypting module, for being carried out according to the access strategy ∏ and public key mpk of data resource M to data resource M
Encryption, obtains ciphertext CΠ;Wherein, several subset S are contained in access strategy ΠiWith corresponding binary crelation predicate
AndSiFor AiSubset;
The deciphering module, for judging whether the user can visit according to the identity attribute value list of access user's input
Ask the data resource M to be accessed, if it is possible to access, then according to the private key for user of the user to ciphertext CΠIt is decrypted, it is defeated
Plaintext M out;Otherwise output is empty.
The present invention relates to a kind of encryption systems based on attribute set, referred to as property set encryption system.The one of the system
A feature is can to support the concept of property set, i.e., the attribute with same nature or mark are integrated into a set.Each
Property set has a unique name, referred to as " attribute-name ".The property set of unlimited element number can be supported in system.In attribute
Each attribute or mark in collection are referred to as one " attribute value ".In general, we use capital U={ e1,...,enIndicate to belong to
Property collection, eiIndicate attribute value.
Feature of this invention is that providing a kind of safe member relation determination method.This method is able to use a kind of password
Mode determines the member relation between given set S and element e, and this member relation includes: relation belonging to, no
Relation belonging to.This member relation uses binary predicateIt is indicated, whereinAlso mean that e ∈ S orJudgement.Method description will be carried out using above-mentioned expression below.
Specifically, as shown in Figure 1, the present invention coupleSafe member relation determination method include the following steps:
1. attribute value key production module: giving any attribute set Ui={ e1,...,en, it is raw according to security parameter κ
At public key pki, private key ski, the serial number of footmark i expression set or key.
2. subset indicates generation module: the random subset S={ e of given set U1,...,em, by public key pkiGathered
The safety of S indicates CS。
3. element extraction module: a property element e in given U set is as input, from private key skiMiddle extraction element
E, to obtain We。
4. member relation authentication module: the expression C of given subset SSWith the expression W of element ee, this module will provide above-mentioned defeated
Relationship between enteringThe judgement of true or false (usually being indicated with 1 and 0).
In above process, feature of this invention is that being indicated using cryptography set and element, for example, WeIt is
The cryptography expression of e, CSIt is the cryptography expression of S.
Feature of this invention is that for different member relationsThere are different safe member relations to sentence
Determine method.
Feature of this invention is that can support to be equal to=and not equal to ≠ predicate, the two predicates are to belong to and be not belonging to
Special case of the predicate when gathering only one element, that is,With
Feature of this invention is that authentication module can guarantee verification result when opponent is when attack attempts to cheat
Safety, this safety include the integrality and completeness of verifying.
A feature of the present invention is to can guarantee the integrality of verification process, that is, ifSo verify
Person can receive the proof of member relation authentication module with the probability of success 1.We useIt indicates for closing
SystemThe output of member relation authentication module, then integrality means that following probability equation (formula 1) is set up:
(formula 1)
Another feature of the invention that can guarantee the completeness of verification process, completeness is divided into weak completeness and strong again
Completeness.
1. weak completeness: to the arbitrary element e in set U, andThe expression of element e is extracted from private key sk
We *, after member relation authentication module, then verifier's probability of success is almost 0, that is, is all set up to arbitrarily small ε (formula 2).
(formula 2)
2. strong completeness: for any polynomial time algorithm A, it can generate one(e refers to not in set U here
In some unknown element e), and the value is made by the probability of success that member relation authentication module is verified to be almost 0, that is, right
Arbitrarily small ε, (formula 3) are set up.
(formula 3)
A feature of the present invention is achievable property set encryption system, which will use above-mentioned safe member relation
Determination method realizes belonging to ∈, being not belonging on property setEqual to=, not equal to ≠ etc. set members' predicate.
Property set can be dynamically added in the system, and each property set is enabled to be expressed as Ai={ vi1,...,vim, then in system
All properties collection constitutes setMeanwhile the system can support unlimited multi-user, and user's collection is enabled to be combined into U
={ u1,u2,…,un, each user has a list of attribute values Φ={ vij∈Ai, wherein vijFirst subscript i table
Property set label belonging to showing, second subscript j are attribute value serial number.These obvious attribute values illustrate the identity of user.
Any one data resource M is given, the access strategy ∏ of the data can be defined according to property set defined above,
The access strategy can be represented as having the form of the Boolean function of set relation, enableAndTable
Show any element and set S in property set AiThe binary predicate of relationship, and the available above-mentioned multiple binary predicate tables of AND and OR goalkeeper
It is shown as a Boolean expression.For example, following access strategy can be formulated for an encryption data:
Wherein ρ1Corresponding P∈(A1,{v11,v12), ρ2It is correspondingρ3Corresponding P=(A3,v32).If a certain
User identity can be indicated by following attribute assignment: Φ :={ v12,v21,v32, wherein attribute value v12∈A1, v21∈A2, v32∈
A3.We can be by this group of attribute assignment { v12,v21,v32The corresponding property set of front access control ∏ is substituted into, finally used
It family can
Meet the judgement of authorization:
As shown in Fig. 2, the system is by following several module compositions:
1. system generation module: the module is used for the generation of cryptographic system, defeated for given security intensity as input
Public key mpk and master key msk out.
2. attribute set key production module: the module is used to for a specified property set being added in system, for
Give any property set Ai={ vi1,...,vimAs input, public key pk is generated by master key mskiWith private key ski, and will
It is added in public key mpk, private key skiIt is added to master key msk.
3. user key generation module: the module is used for as some with identity attribute value list Φ={ vij∈AiUse
Family generates private key for user sk(k).For user uk, this is firstly generated with householder's private key usk(k);Then for any of the user
Attribute value vij∈Ai, produce corresponding user property value key vskij, when user has multiple attribute value Φ={ vij∈Ai, it uses
Family private key includes
4. encrypting module: the module is used to be encrypted for the data resource M with access strategy ∏.With public key mpk and
Access strategy Π is input, wherein contains several subset S in access strategy ΠiWith corresponding binary predicateAndThe module being capable of encrypting plaintext data resource M one ciphertext of outputIts
In, SiIt is contained in attribute set Ai, i.e. SiFor AiSubset
5. deciphering module: the module is for some with identity attribute value list Φ={ vij∈AiUser use private key
To the ciphertext C with property policy ∏ΠIt is decrypted, the premise of decryption is that list of attribute values can make property policy ∏ true.
With private key for user sk(k)With ciphertext CΠFor input, plaintext M is exported, otherwise output is empty.
A feature of the present invention is that access control policy can support various elements and set relation predicate, this member
Relationship includes belonging to ∈, being not belonging toEqual to=, not equal to ≠, predicate output be it is true with it is false, can be indicated with Boolean 1 and 0.
A feature of the present invention is to realize the pass in property set encryption system using safe member relation determination method
It is that predicate cryptography determines, comprising:
1. realizing the key systematic function that attribute set is added in module using attribute value key production module, public key is generated
pkiWith private key ski;
2. indicating that generation module is realized using subset contains mandatory member's relationship predicate in encrypting moduleUnder
Aggregation security indicate
3. using element extraction module to any attribute value vij∈AiThe user generated in attribute value key production module belongs to
Property value key
4. realize that the cryptography of member relation predicate in deciphering module determines using member relation authentication module, i.e., it is given to belong to
Property value vij∈AiExpressionRelationship predicateLower subset indicatesIt realizes determining type (formula 4)
(formula 4)
A feature of the present invention is that access strategy is supported based on logical AND, logic or boolean's letter with logic NOT
Number expression, the Boolean function support logic and AND and logic or OR.Using linear Secret sharing techniques realize logical AND AND and
Logic or OR can also be used level thresholding (threshold value) technology of sharing and realized.
A feature of the present invention is that the Boolean function in access strategy supports NOT logic NOT, the institute in Boolean algebra
Some logic NOTs must carry out the conversion of following Moore's Law, i.e., and
According to this transformation, thus to obtain the access strategy ∏ ' of equal value of the encryption system based on property set.For example, the access strategy after access strategy conversion isI.e.
Convert the Negative Predicate " not " in binary crelation predicate for logic NOT using Moore's Law, including be not belonging to not equal to ≠.
The positive effect of the present invention
In conclusion the invention proposes a kind of attribute set operation supported in " attribute set " concept and cryptography,
It is a kind of vast improvement to existing attribute base encryption function.The present invention relates to a kind of encryption system based on attribute set, letters
Referred to as property set encryption system.One feature of the system is can to support the concept of property set, i.e., with the category of same nature
Property or mark be integrated into a set.Feature of this invention is that for different member relationsIn the presence of not
With safe member relation determination method and to set and element use cryptography expression.
Feature of this invention is that can support to be equal to=and not equal to ≠ predicate, the two predicates are to belong to and be not belonging to
Special case of the predicate when gathering only one element, that is,With
Feature of this invention is that authentication module can guarantee verification result when opponent is when attack attempts to cheat
Safety, this safety include the integrality and completeness of verifying.
A feature of the present invention is to can guarantee the integrality of verification process and completeness.
A feature of the present invention is achievable property set encryption system, which will use above-mentioned safe member relation
Determination method realizes belonging to ∈, being not belonging on property setEqual to=, not equal to ≠ etc. set members' predicate.Of the invention
One is characterized in that access control policy can support various elements and set relation predicate, this member relation include belong to ∈,
It is not belonging toEqual to=, not equal to ≠, predicate output be it is true with it is false, can be indicated with Boolean 1 and 0.
A feature of the present invention is to realize the pass in property set encryption system using safe member relation determination method
It is that predicate cryptography determines, a feature of the present invention is that access strategy is supported based on logical AND, logic or and logic
Non- Boolean function expression, the Boolean function support logic and AND and logic or OR.It is patrolled using the realization of linear Secret sharing techniques
Volume with AND and logic or OR, level thresholding (threshold value) technology of sharing can also be used and realized.A feature of the present invention is
Boolean function in access strategy supports NOT logic NOT.
Detailed description of the invention
The structural schematic diagram that Fig. 1 safe member relation provided in an embodiment of the present invention determines.
The structural schematic diagram for the property set encryption system that Fig. 2 safe member relation provided in an embodiment of the present invention determines.
Specific embodiment:
Bilinear map is widely used on the aggregate signature scheme proposed in recent years as an effective tool, is led to
Normal Bilinear map be by the Weil in elliptic curve to and Tate to deform getting.Bilinear map can construct very
The irrealizable scheme of mostly general cryptography tool and Bilinear map relatively flexibly, have good property in use.
If G1, G2It is two using p as the cyclic group of rank, g1It is crowd G1Generation member, g2It is crowd G2Generation member.ψ is from group
G2To group G1Computable isomorphism function, i.e. ψ (g2)=g1, e is computable mapping e:G1×G2→GT, mapping e is with such as
Lower property:
1) bilinearity: for all u ∈ G1v∈G2AndMeet e (ua,vb)=e (u, v)ab。
2) non-degeneracy: meet e (g1,g2)≠1。
It can be extrapolated from the above property:
For arbitrary u ∈ G1, v1,v2∈G2, e (u, v1v2)=e (u, v1)·e(u,v2);For arbitrary u, v ∈ G1,
E (u, ψ (v))=e (v, ψ (u)).
To keep the technical problem to be solved in the present invention, technical solution and advantage clearer, below in conjunction with attached drawing and tool
Body embodiment is described in detail.
Zero point aggregate function and pole aggregate function have been used in following embodiment, have been defined as follows:
1) zero point aggregate function
Give a random subsetIt is prime number with p rank cyclic group a G, p, if there is
One polynomial time algorithm ZeroAggr, algorithm output areThe then algorithm
Referred to as zero point aggregate function, wherein g is the generation member of p rank cyclic group G, and γ is the random secret introduced, xi=hash (ei)
For the random point that each cycling of elements in set S is in cryptography space.
2) pole aggregate function
Give a random subsetIt is prime number with p rank cyclic group a G, p, if there is
One polynomial time algorithm PolesAggr, algorithm outputThe then algorithm
Referred to as pole aggregate function, wherein h is the generation member of p rank cyclic group G, and γ is the random secret introduced, xi=hash (ei)
For the random point that each cycling of elements in set S is in cryptography space.
It is example is below in bilinear map system s=except zero point aggregate function described above and pole aggregate function
(p,G1,G2,GT, e ()) in realize, wherein G1And G2Rank be p, generate member be respectively g1And g2.In addition it uses
Cryptographic Hash function hash:{ 0,1 }*→Zp *, by arbitrary attribute value viRandom element x is mapped to from binary stringi, i.e.,
xi=hash (vi)。
Embodiment one
This gives the cryptographies belonged to for member relation to determine building method, specifically includes following four
Step:
1) attribute value key production module: for giving any attribute set U={ e1,...,en, it randomly selectsWith m ∈ Z+, generate public keyAnd private key
2) subset indicates generation module: the random subset S={ e of given set U1,...,em, we call PolesAggr
The safety that function obtains set S to calculate (formula 5) indicates HS, wherein xk=hash (ek)。
(formula 5)
3) element extraction module: a property element e in given U setiAs input, element is extracted from private key sk
ei, to obtain eiCryptography indicate
4) member relation authentication module: the expression H of given subset SSWith element eiExpressionThis module will provide above-mentioned
Relationship P between input∈The judgement of (e, S) true or false (usually being indicated with 1 and 0), that is, eiBelong to S.Firstly, calculate S_=S { ei}
(formula 6);Secondly, verifying WiWhether e (G is equal toS_,HS), i.e. e (GS_,HS)·e(Wi, H) whether=V true.If set up, I
Be considered as ei∈ S simultaneously returns to true, otherwise return vacation.
(formula 6)
Embodiment two
This gives the cryptographies being not belonging to for member relation to determine building method, specifically, including following
Four steps:
1) attribute value key production module: for giving any attribute set U={ e1,...,en, according to security parameter κ,
It randomly selectsWith n ∈ Z+, generate public key
And private key
2) subset indicates generation module: the random subset S={ e of given set U1,...,em, we call ZerosAggr
The safety that function obtains set S to calculate (formula 7) indicates GS, wherein xk=hash (ek)。
(formula 7)
3) element extraction module: a property element e in given U setiAs input, element is extracted from private key sk
ei, to obtain eiCryptography indicate
4) member relation authentication module: the expression G of given subset SSWith element eiCryptography indicateThis module will give
Relationship between above-mentioned input outThe judgement of true or false (usually being indicated with 1 and 0), that is, eiIt is not belonging to S.Firstly, calculating S+
=S ∪ { eiAnd (formula 8), secondly, verifying e (GS,HS+)·e(Wi, H) whether=V true.If set up, we are considered asAnd return to true, otherwise return vacation.
(formula 8)
Embodiment three
Each party is about ZpUpper vector is shared.There are the matrix T of a l × n to be known as shared generator matrix.ForTiIt is i-th of row vector of T.Setting function π is defined as the label π (i) of row i.Column vector v=(s,
r2,···,rn), wherein s ∈ ZpIt is shared secret, r2,...,rnIt is ZpIn random number.Tv is that length is that sharing for l is secret
The column vector of close s, and (Tv)iIt is the secret that π (i) just holds.Setting U is the set of any authorization, and I ∈ { 1 ..., l } is fixed
Justice is I={ i: π (i) ∈ U }.So there is fixed { wi}i∈ISo that if λiIt is the effective shared of any secret s, then secret
∑ can be passed throughi∈Iwiλi=s reconstruct.
We illustrate the property set setting of this system by taking technical background as an example, first such as defined attribute collection:
Big scientific name :=..., " Peking University ", " University of Science & Technology, Beijing ", " Tsinghua University " ... ... },
Department :=..., " biological institute ", " chemical institute ", " Information Institute " ... ... },
Time :=..., 2013,2014,2015,2016 ... ... },
Role :=..., " professoriate ", " academic board ", " academic degrees committee " ... ... }.
We can define Ai:={ vi1,...,vim, wherein A1← department, v1k1← " biological institute ", v1k2← " chemistry
Institute ", v1k3← " Information Institute ";A2← big scientific name, v2k1← " Peking University ", v2k2← " University of Science & Technology, Beijing ", v2k3← " clear
Hua Da ";A3← time, v3k1← 2013, v3k2← 2014, v3k3←2015;
A4← role, v4k1← " professoriate ", v4k2← " academic board ", v4k3← " academic degrees committee ".
(big scientific name ∈ { " Peking University ", " University of Science & Technology, Beijing " } the AND time=2015AND role=" degree committee member
Meeting " AND department{ " biological institute ", " chemical institute " }).
We can be with definition strategy
Assuming that a user has following identity attribute: big scientific name :=" University of Science & Technology, Beijing ", the time :=2015, angle
Color :=" academic degrees committee ", department :=" Information Institute " }.
Core of the invention is property set encryption system, we are given using the method in above-described embodiment one and embodiment two
Go out detailed property set cryptographic construction scheme, specifically include following five modules:
1) system generation module
The accordingly bilinear map system based on elliptic curve cipher is obtained for the security intensity of formulationIn G1, G2Two elements of middle random selectionWithIt choosesSet Q=Hβ, R=e (G, H)α.It obtains public key mpk=(S, H, Q, R), master key msk=(α, β,
ε,G,Gε).Finally export (mpk, msk).
2) module is added in attribute set
From Zp *In randomly select γi, i.e.,SettingWherein [1, m] j ∈.For all vij
∈AiAnd xij=h (vij), haveClient public key is generated by master key
Respectively by pkiMpk is added and by ski=γiIt is attached to msk.
3) attribute value key production module
For user uk, randomly select an integer τl, this is generated with householder's private keyFor the use
Any attribute value (A at familyi←vij) ∈ Φ, produce corresponding user property value keyWork as user
There are multiple attribute value Φ={ vij∈AiThe case where, generate private key for user
4) encrypting module
Plaintext M, public key mpk and access strategy Π are inputted, ciphertext C is exported∏.∏ is converted into (T, π), access strategy first
Contain several subset S in ΠiWith corresponding predicateAndSelect stochastic variableShare secret s, then calculates ek=Rs=e (G, H)αs, c0=QS,And λk=v
Tk, wherein TkIt is k-th of row vector of the shared generator matrix T of l × n.Ciphertext isWherein C0
=(c0,c1).ForIt is whether trueIt calculatesMeet (formula 9)
(formula 9)
Wherein, HS=PolesAggr (mpk, S), GS=ZerosAggr (mpk, S).
5) deciphering module
User ukInputAnd ciphertextIt is close from i-th of son
Text (ci1,ci2) it is inner extract S, then attempt find the appointment A that can satisfy conditions abovei←vij.If it is successful, i.e. user
The corresponding attribute value Φ={ v of private keyij∈AiMeet access strategy Π in ciphertext, search sub-keyAnd calculating formula
(10):
(formula 10)
Wherein, GS-=ZerosAggr (mpk, S { vij), Hs+=PolesAggr (mpk, S ∪ { vij}).As all ci
When value is known, the vector { w of reconstruct is calculated according to T and I={ i: π (i) ∈ U }i∈Zp}i∈I, wherein U is any matched collection
It closes, if { λiIt is the effective shared of any secret s, then Σi∈Iwiλi=s.Then it calculatesFinally restore meeting
Talk about key ek=e (sk0,c0)/c.It is calculated by the session key ek of recoveryExport plaintext M.If user's
The corresponding attribute value Φ={ v of private keyij∈AiIt is unsatisfactory for access strategy Π in ciphertext, output is empty.
The above is a preferred embodiment of the present invention, it is noted that for those skilled in the art
For, without departing from the principles of the present invention, it can also make several improvements and retouch, these improvements and modifications
It should be regarded as protection scope of the present invention.
Claims (10)
1. a kind of encryption system access control method based on property set and relationship predicate, the steps include:
1) according to given security parameter k, the public key mpk and master key msk of output safety encryption system;
2) for each given attribute collection Ai={ vi1,...,vim, the public key pk of the property set is generated by master key mskiWith
Private key ski, and by public key pkiIt is added in public key mpk, private key skiIt is added in master key msk;Wherein, there is same nature
Attribute or mark be located in same data set, each property set has a unique name, each attribute in property set or
Mark is known as an attribute value, vimFor ith attribute collection AiIn m-th of attribute value;
3) the identity attribute value list Φ={ v inputted according to userij∈AiIt is that the user generates a private key for user sk(k);
4) one access strategy Π is set for data resource M;According to the public key mpk and access strategy Π in step 2) to the data
Resource M is encrypted, and ciphertext C is obtainedΠ;Wherein, several subset S are contained in access strategy ΠiWith corresponding binary crelation predicateAndSiFor AiSubset;
5) when a user requires access data resource M, secure encryption system is arranged according to the identity attribute value that the user inputs
Table judges whether the user is able to access that data resource M, if it is possible to it accesses, then it is close to this according to the private key for user of the user
Literary CΠIt is decrypted, exports plaintext M;Otherwise output is empty.
2. the method as described in claim 1, which is characterized in that generate the private key for user sk(k)Method are as follows: for user
uk, firstly generate the main private key usk of the user(k);Then for the user in identity attribute value list Φ={ vij∈AiIn
Any attribute value vij∈Ai, generate corresponding user property value key vskij, obtain the private key for userAiFor the user ukProperty set.
3. method according to claim 1 or 2, which is characterized in that judge whether the user is able to access that data resource M's
The method of access strategy Π are as follows: the access strategy Π of the identity attribute value list Φ that inputs the user and the data resource as
The input of binary crelation predicate, if the judgement output result of binary crelation predicate is very, to judge whether the user can visit
It asks data resource M, otherwise can not access.
4. method as claimed in claim 3, which is characterized in that, will using Moore's Law for the logic NOT in access strategy
Logic NOT is converted into the Negative Predicate " not " in binary crelation predicate, obtains the access strategy of Boolean algebra logical expressions.
5. method according to claim 1 or 2, which is characterized in that the ciphertext It is packet
Containing binary crelationThe sub- ciphertext generated.
6. a kind of encryption system based on property set and relationship predicate, which is characterized in that including system key generation module, attribute
Gather key production module, user key generation module, encrypting module and deciphering module;Wherein,
The system key generation module, for according to given security parameter k, the public key mpk of output safety encryption system and
Master key msk;
The attribute set key production module, for each given attribute collection Ai={ vi1,...,vim, pass through master key msk
Generate the public key pk of the property setiWith private key ski, and by public key pkiIt is added in public key mpk, private key skiIt is added to master key
In msk;Wherein, the attribute with same nature or mark are located in same data set, and each property set has a unique name,
Each attribute or mark in property set are known as an attribute value, vimFor ith attribute collection AiIn m-th of attribute value;
The user key generation module, identity attribute value list Φ={ v for being inputted according to userij∈AiIt is the user
Generate a private key for user sk(k);
The encrypting module, for being encrypted according to the access strategy Π and public key mpk of data resource M to data resource M,
Obtain ciphertext CΠ;Wherein, several subset S are contained in access strategy ΠiWith corresponding binary crelation predicateAndSiFor AiSubset;
The deciphering module is wanted for judging whether the user is able to access that according to the identity attribute value list of access user's input
The data resource M of access, if it is possible to access, then according to the private key for user of the user to ciphertext CΠIt is decrypted, exports bright
Literary M;Otherwise output is empty.
7. system as claimed in claim 6, which is characterized in that for user uk, the user key generation module firstly generates
The main private key usk of the user(k);Then for user identity list of attribute values Φ={ vij∈AiIn any attribute value vij
∈Ai, generate corresponding user property value key vskij, obtain the private key for userAi
For the user ukProperty set.
8. system as claimed in claims 6 or 7, which is characterized in that the identity attribute that the deciphering module inputs the user
Input of the access strategy Π of value list and the data resource as binary crelation predicate, if the judgement of binary crelation predicate is defeated
Result is true out, then judges whether the user is able to access that data resource M, otherwise can not access.
9. system as claimed in claim 8, which is characterized in that the deciphering module is for the logic NOT in access strategy, benefit
The Negative Predicate " not " in binary crelation predicate is converted by logic NOT with Moore's Law, obtains the access plan of Boolean algebra logical expressions
Slightly.
10. system as claimed in claims 6 or 7, which is characterized in that the ciphertext
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511000960.9A CN105635135B (en) | 2015-12-28 | 2015-12-28 | A kind of encryption system and access control method based on property set and relationship predicate |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511000960.9A CN105635135B (en) | 2015-12-28 | 2015-12-28 | A kind of encryption system and access control method based on property set and relationship predicate |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105635135A CN105635135A (en) | 2016-06-01 |
CN105635135B true CN105635135B (en) | 2019-01-25 |
Family
ID=56049625
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201511000960.9A Active CN105635135B (en) | 2015-12-28 | 2015-12-28 | A kind of encryption system and access control method based on property set and relationship predicate |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105635135B (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107426162B (en) * | 2017-05-10 | 2018-06-22 | 北京理工大学 | A kind of method based on attribute base encryption Implement Core mutual role help |
CN109691010B (en) | 2017-07-06 | 2021-01-08 | 北京嘀嘀无限科技发展有限公司 | System and method for data transmission |
CN109257165B (en) * | 2017-07-12 | 2020-08-21 | 北京嘀嘀无限科技发展有限公司 | Encryption and decryption method and encryption and decryption system for fine-grained mobile access |
CN107864139B (en) * | 2017-11-09 | 2020-05-12 | 北京科技大学 | Cryptographic attribute base access control method and system based on dynamic rules |
CN109559117B (en) * | 2018-11-14 | 2022-05-20 | 北京科技大学 | Block linkage contract privacy protection method and system based on attribute-based encryption |
CN110311779B (en) * | 2019-07-31 | 2022-03-04 | 北京车讯互联网股份有限公司 | Attribute encryption method of authority-sharing key mechanism |
CN111343273B (en) * | 2020-02-27 | 2021-03-30 | 电子科技大学 | Attribute-based strategy hiding outsourcing signcryption method in Internet of vehicles environment |
CN113672947A (en) * | 2021-07-16 | 2021-11-19 | 国网浙江省电力有限公司杭州供电公司 | Electric power system graph model exchange data encryption method based on theme model |
CN116992494B (en) * | 2023-09-27 | 2023-12-08 | 四川启明芯智能科技有限公司 | Security protection method, equipment and medium for scenic spot data circulation |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102369687A (en) * | 2009-04-24 | 2012-03-07 | 日本电信电话株式会社 | Cryptographic system, cryptographic communication method, encryption apparatus, key generation apparatus, decryption apparatus, content server, program, and storage medium |
CN102664885A (en) * | 2012-04-18 | 2012-09-12 | 南京邮电大学 | Identity authentication method based on biological feature encryption and homomorphic algorithm |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5349261B2 (en) * | 2009-04-23 | 2013-11-20 | 三菱電機株式会社 | Cryptographic processing system, key generation device, key delegation device, encryption device, decryption device, cryptographic processing method, and cryptographic processing program |
-
2015
- 2015-12-28 CN CN201511000960.9A patent/CN105635135B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102369687A (en) * | 2009-04-24 | 2012-03-07 | 日本电信电话株式会社 | Cryptographic system, cryptographic communication method, encryption apparatus, key generation apparatus, decryption apparatus, content server, program, and storage medium |
CN102664885A (en) * | 2012-04-18 | 2012-09-12 | 南京邮电大学 | Identity authentication method based on biological feature encryption and homomorphic algorithm |
Non-Patent Citations (3)
Title |
---|
Cryptographic Spatio-Temporal Predicates for Location-based Services;Yan Zhu etc.;《IEEE》;20130930;第84-91页 |
Secure and Efficient Constructions of Hash,;Yan Zhu etc.;《IEEE》;20121207;第1-6页 |
属性隐藏的基于谓词的认证密钥交换协议;刘文芬等;《通信学报》;20120930;第41-47页 |
Also Published As
Publication number | Publication date |
---|---|
CN105635135A (en) | 2016-06-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105635135B (en) | A kind of encryption system and access control method based on property set and relationship predicate | |
Li et al. | Full verifiability for outsourced decryption in attribute based encryption | |
CN105262843B (en) | A kind of anti-data-leakage guard method for cloud storage environment | |
CN104038349B (en) | Effective and verifiable public key searching encryption method based on KP-ABE | |
CN103986574B (en) | A kind of Tiered broadcast encryption method of identity-based | |
CN104021157B (en) | Keyword in cloud storage based on Bilinear map can search for encryption method | |
CN106407822B (en) | A kind of keyword, multi-key word can search for encryption method and system | |
CN103780393B (en) | Virtual-desktop security certification system and method facing multiple security levels | |
CN105049430B (en) | A kind of ciphertext policy ABE base encryption method with efficient user revocation | |
CN109086615A (en) | A kind of support multiple key search public key encryption method of anti-keyword guessing attack | |
CN105100083B (en) | A kind of secret protection and support user's revocation based on encryption attribute method and system | |
CN105915520A (en) | File storage and searching method based on public key searchable encryption, and storage system | |
CN107689947A (en) | A kind of method and apparatus of data processing | |
Xiao et al. | A lightweight authentication scheme for telecare medical information system | |
CN110519041A (en) | A kind of attribute base encryption method based on SM9 mark encryption | |
CN104967693B (en) | Towards the Documents Similarity computational methods based on full homomorphism cryptographic technique of cloud storage | |
CN108989026A (en) | A kind of voidable method of user property under publish/subscribe environment | |
CN106130716A (en) | Cipher key exchange system based on authentication information and method | |
CN109691010B (en) | System and method for data transmission | |
CN108171066A (en) | The cross-domain searching method of keyword and system in a kind of medical treatment cloud under secret protection | |
CN108833077A (en) | Outer packet classifier encipher-decipher method based on homomorphism OU password | |
CN108347404A (en) | A kind of identity identifying method and device | |
CN110933033A (en) | Cross-domain access control method for multiple Internet of things domains in smart city environment | |
CN109361644A (en) | A kind of Fog property base encryption method for supporting fast search and decryption | |
CN105141419B (en) | The attribute base endorsement method and system in large attribute domain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |