CN106022167A - Social privacy protection method of multi-level attribute management center based on characteristic encryption - Google Patents

Abstract

The invention provides a social privacy protection method of a multi-level attribute management center based on characteristic encryption. A friend making sponsor uploads encrypted personal information files to a remote friend finder, and a certain kind of user-defined attribute characteristics and a friend making access control strategy are uploaded to the multi-level attribute management center; the multi-level attribute management center generates ciphertext according to the attribute characteristics and is associated with an access strategy tree corresponding to attributes; a friend making requester requests for checking friend making information of other users in the friend finder, when an attribute set of the friend making requester is matched with the access strategy tree of the friend making sponsor, the multi-level attribute management center sends a secrete key corresponding to the attribute of the friend making sponsor to the friend making requester, and the friend making requester decrypts data ciphertext of an information owner of the friend finder. The method solves the single-point fault and performance bottleneck problems of a single-authorization center, and also solves the problems that an intelligent terminal does not depend on an authorization center and accordingly monitoring difficulty is high and application scenes are limited.

Description

The social method for secret protection of multi-level attribute management center feature based encryption

Technical field

The present invention relates to Computer Science and Technology field, particularly to one multi-level attribute management center feature based The social method for secret protection of encryption.

Background technology

Along with developing rapidly of mobile social networking (MSN, Mobile Social Networks) and intelligent terminal, User can be by sharing mood, photo in MSN at any time, and activity, hobby etc. constantly find new friend, thus Expand further the social scope (such as intelligence circle, micro-poly-etc.) of oneself.Friend based on user property coupling is the discovery that mobile society Hand over typical case's application in network, between user can by coupling personal attribute's file each other, find have the most emerging The friend of interest hobby or there is the user of certain category feature.Along with the continuous intensification of the degree of experience, experience the continuous expansion of scope, User will carry out magnanimity convergence at the real information of mobile social networking on far-end or terminal.In this process, user Wish by mobile social networking find to be unwilling again while oneself friend interested by too much personal information Gongzhi in Crowd, proposes new challenge also to Mobile solution service provider.

Further, the personal information of user generally contains huge commercial interest, therefore, the most usually by service provider or Other malicious users of person are collected in the case of undelegated, excavate or are betrayed, and this adds what privacy of user was revealed virtually Risk.Therefore, how on friend's attributes match service infrastructure that offer is good, protection individual subscriber personal secrets simultaneously, be The hot issue that mobile social networking friend is urgently to be resolved hurrily in finding.

But prior art mostly is single trusted party and carries out attribute authority and key management, along with the increase of user is met Performance bottleneck and key management risk problem are arrived.

Summary of the invention

The invention provides the social method for secret protection of a kind of multi-level attribute management center feature based encryption, its mesh Be, introduce the management authorizing trusted party that the attribute of user is changed at many levels to replace traditional solution more, Overcome the performance bottleneck of single trusted party and the problem of key management risk, can solve the problem that again user in mobile social networking simultaneously To the fine granularity access privilege control intending coupling user during friend-making.

The present invention relates generally to following sections: encounter center (Friend Server is called for short FS), credible central authorities award Power center (Trusted Authority is called for short TA), (Attributed Authority is called for short at multi-level attribute management center AA), friend-making sender (Alice), friend-making requestor (Bob).

Assuming that in this programme TA is the most believable, and FS, AA are honest and curiosity, i.e. FS, AA can abide by honestly Keep every agreement of system but also can try one's best spy on the superincumbent user file of storage.

The social method for secret protection of a kind of multi-level attribute management center feature based encryption, friend-making promoter utilizes fortune Row APP application program on intelligent terminal, by the personal information files passe through encryption to long-range encounter center, simultaneously The access control policy of self-defining a certain generic attribute feature and friend-making is uploaded to multi-level attribute management center；Multi-level genus Property administrative center generate ciphertext the access strategy tree corresponding with this attribute according to attribute character and be associated；Friend-making requester requests Check the friend-making information of other users in encounter center, when himself the visit of community set and friend-making promoter of friend-making requestor Asking that Policy Tree matches, key corresponding for friend-making promoter's attribute is sent to hand over requestor by multi-level attribute management center, hands over Friend requestor deciphers the data ciphertext of information owner in encounter center；

Described multi-level attribute management center includes multiple attribute management server, and multiple attribute management servers are according to belonging to Property classification and membership relation build attribute management server structure tree, each attribute management server is by credible central authorization center Distribution unique attribute management server identifiers；The most credible central authorization center is that each friend-making person distributes unique subscriber identification Symbol.

The all properties feature of friend-making promoter each in encounter center is split into mutually disjoint K attribute set, Each attribute set is by an attribute management server management on the trust chain of attribute management server structure tree；

Friend-making promoter is at attribute management server AA_kOn sub-key calculate process as follows:

Key corresponding to ciphertext that one friend-making promoter is centrally generated at multi-level attribute management is not by single attribute Management server generates and stores, but multiple attribute management server having Attribute Association relation generates respectively and stores 's；

(1) first, AA_kPseudo-random function P will be selected_SK() is according to the user unique identifier GID of friend-making promoter and genus Property management server A A_kAttribute management server unique identifier AID_kCalculate the private key parts P of friend-making promoter_SK(u) =α_k,u；

(2) secondly, AA_kUnique community set random number ru is randomly choosed for friend-making promoter^(k), for friend-making promoter Each attribute set Au of Alice_{Alice_i} ^(k)Select the attribute set random number ru differed_i ^(k), meanwhile, for each attribute Collection Au_{Alice_i} ^(k)In each attributeSelect different attribute random number ru_i,j ^(k), ru^(k)、ru_i ^(k)AndBelong to integer, 0≤i≤n, 1≤j≤r, n represent the attribute set number of friend-making promoter, and r represents that one attribute set of friend-making promoter comprises Attribute character number；

Make attribute set Au_{Alice_0} ^(k)Corresponding random number ru₀ ^(k)=ru^(k)；

(3) last, generate friend-making promoter Alice at AA according to below equation_kSub-key be

$\begin{array}{c}{\mathrm{SK}}_{Alice}^{\left(k\right)}=\{{{\mathrm{Au}}_{Alice}}^{\left(k\right)},D_{Alice}^{\left(k\right)}=g^{\frac{{\mathrm{\α}}_{k,u}+{\mathrm{ru}}^{\left(k\right)}}{{\mathrm{\β}}_{k,1}}}),D_{i,j}^{\left(k\right)}=g^{{\mathrm{ru}}_i^{\left(k\right)}}\·H{\left(a_{i,j}^{\left(k\right)}\right)}^{{\mathrm{ru}}_{i,j}^{\left(k\right)}}\\ D_{i,j}^{\′\left(k\right)}=g^{{\mathrm{ru}}_{i,j}^{\left(k\right)}}(0\≤i\≤n,1\≤j\≤r),E_i^{\left(k\right)}=g^{\frac{{\mathrm{ru}}^{\left(k\right)}+{\mathrm{ru}}_i^{\left(k\right)}}{{\mathrm{\β}}_{k,2}}}(i=1,\mathrm{...},m)\}\end{array},$

Wherein,It is AA respectively_kOn two local master keys；α,β₁,β₂ Belong to integer, r_iRepresent attribute management server AA_kThe attribute character quantity that comprised of higher level's attribute management server, Represent attribute management server AA_kThe attribute character quantity comprised,Represent AA_kAll subordinates attribute management server comprise Attribute character quantity；G represents the generation unit of cyclic group；

For at friend-making promoter Alice at kth attribute management server AA_kSub-key composition portion Point, it is followed successively by friend-making promoter ALICE property set zygote key on kth attribute management server, a certain generic attribute collection Zygote key and some community set sub-key.

The cipher key processes of the friend-making promoter that the request user that makes friends obtains encounter center is as follows:

Make the friend-making promoter Alice of encounter center at kth attribute management server AA_kCiphertext be CT_Alice ^(k), its In, access strategy is T_Alice ^(k), the community set uploaded of friend-making requestor Bob is Au_Bob ^(k)；

Attribute management server AA_kCall the access control policy tree Tree (Au of friend-making requestor Bob_Bob ^(k)) verify The attribute Au of friend-making requestor Bob_Bob ^(k)Whether meet the access control policy T of friend-making promoter Alice_Alice ^(k)If meeting, Then attribute management server AA_kCorresponding sub-key is sent to friend-making requestor, and otherwise, friend-making requestor cannot obtain deciphering Sub-key；When friend-making requestor obtains the decryption sub-key that each attribute management server sends, by the set of all sub-keys Total key is deciphered as making friends；

Wherein, access control policy tree uses CP-ABE to carry out friend-making promoter or the attribute of requestor and friend-making strategy Encryption obtains.

Described attribute management server AA_kCall the access control policy tree Tree (Au of friend-making requestor Bob_Bob ^(k)) come The attribute Au of checking friend-making requestor Bob_Bob ^(k)Whether meet the access control policy T of Alice_Alice ^(k)Detailed process as follows:

For arbitrary node x, Tree in access strategy_x(Au_Bob ^(k)) return a set S_xIf, Au_Bob ^(k)It is unsatisfactory for Access control policy then Tree (Au_Bob ^(k)) return empty set, otherwise, from set T_x(Au_Bob ^(k)) select a label i, save from root Point starts recursive call decryption function and is decrypted each node in the access control policy tree of friend-making data requester, sentences The scope control strategy that the access control policy whether friend-making data owner with encounter center of friend request user that breaks off a friendship is arranged Coupling, if can mate, then successful decryption, attribute management server the most corresponding in multi-level attribute management provide phase The sub-key answered is to friend-making data requester, otherwise, deciphers unsuccessfully, it is impossible to obtain key.

If friend-making requestor meets the access strategy of the promoter that makes friends on all K attribute management centers, first by following Formula obtains deciphers middle parameter Q:

$\begin{array}{c}Q=\underset{k=1}{\overset{K}{\Π}}\frac{e(C^{\left(k\right)},{\mathrm{Du}}^{\left(k\right)})}{F^{\left(k\right)}}=\underset{k=1}{\overset{K}{\Π}}\frac{e(g^{{\mathrm{\β}}_{k,1}\·\mathrm{\θ}},g^{\frac{{\mathrm{\αu}}^{\left(k\right)}+{\mathrm{ru}}^{\left(k\right)}}{{\mathrm{\β}}_{k,1}}})}{e{(g,g)}^{{\mathrm{ru}}^{\left(k\right)}\·\mathrm{\θ}}}\\ =\underset{k=1}{\overset{K}{\Π}}\frac{e{(g,g)}^{({\mathrm{\αu}}^{\left(k\right)}+{\mathrm{ru}}^{\left(k\right)})\·\mathrm{\θ}}}{e{(g,g)}^{{\mathrm{ru}}^{\left(k\right)}\·\mathrm{\θ}}}=e{(g,g)}^{\mathrm{\θ}\·{\Σ}_{k=1}^K{\mathrm{\αu}}^{\left(k\right)}}\end{array}$

But according to deciphering in the middle of parameter Q ciphertext is decrypted acquisition e (g, g)^αθ:

$e{(y,y)}^{\mathrm{\α}\mathrm{\θ}}=\frac{e(\underset{k=1}{\overset{K}{\Π}}{C}^{\left(k\right)},D_{user})}{Q}=\frac{e(g^{\mathrm{\θ}\·{\Σ}_{k=1}^K{\mathrm{\β}}_{k,1}},g^{(\mathrm{\α}+{\Σ}_{k=1}^K{\mathrm{\αu}}^{\left(k\right)})/{\Σ}_{k=1}^K{\mathrm{\β}}_{k,1}})}{e{(g,g)}^{\mathrm{\θ}\·{\Σ}_{k=1}^K{\mathrm{\αu}}^{\left(k\right)}}}$

Wherein, C^(k)The ciphertext of the friend-making promoter on expression kth attribute management server, Du^(k)For friend-making promoter At the private key parts of the supercentral community set of kth attribute management, θ and α represents a decrypted random integer, F^(k)For node k On decryption function value, e (g, g) represent bilinear map,Represent a bilinear map based on user property, au^(k)According to user unique identifier GID and attribute management server unique identifier AID_kThe private key for user parts generated, D_userFor The deciphering parameter of friend-making requestor it is presented to by trusted authorization center.

Described friend-making promoter Alice at all total keys of AA attribute is:

${\mathrm{SK}}_{Alice}=\{{\left\{{\mathrm{SK}}_{Alice}^{\left(k\right)}\right\}}_{k=1}^K,D_{Alice}=g^{(\mathrm{\α}+\underset{k=1}{\overset{K}{\Σ}}{\mathrm{\αu}}_{\left(k\right)})/\underset{k=1}{\overset{K}{\Σ}}{\mathrm{\β}}_{k,1}}\}$

Wherein, D_AliceRepresent a deciphering parameter, please for meeting the friend-making of the access strategy tree that friend-making person Alice is arranged The person of asking carries out file decryption, credible central authorization center TA issue.

Beneficial effect

The invention provides the social method for secret protection of a kind of multi-level attribute management center feature based encryption, make friends User will be applied in the dating system of multiple attribute authority containing the encryption attribute scheme of ciphertext rule, it is achieved that both propped up Hold many authorization center, support again to customize the friend-making scheme of fine granularity access strategy in the way of attribute set.During deciphering, user's Community set first must can obtain decruption key by the checking of ciphertext in each authentication center rule, thus just Really deciphering obtains the message of user in plain text.In this way, Single Point of Faliure and the performance bottleneck of single authorization center are i.e. solved Problem, solves again that intelligent terminal is independent of authorization center and the supervision difficulty that produces is high and the problem of application scenarios limitation.Peace Complete and performance evaluation shows, scheme herein is more more effective than existing scheme.

(1) key management is carried out by setting up many authorization attributes center.The private key phase of each friend-making user property and user Association.The most different users has independent private key, can avoid multiple users share key and the disclosure risk brought.

(2) by management and computation key in many rights issuer system, the operating pressure of single attribute authority is alleviated, fall The low system dependency to single authorization center, it is to avoid Single Point of Faliure and performance bottleneck.

(3) reach fine-grained access of friend-making user is controlled by the secure access access rights of user setup.Hand over Friend data owner (Data Owner), before upper transmitting file, arranges different access strategies for different personal information files (Policy).Being controlled by access strategy in ciphering process so that access strategy is embedded in ciphertext, the request of friend-making is used When family only surely belongs to the access strategy of sexual satisfaction ciphertext, just have retrieval permissions and corresponding ciphertext can be deciphered.

(4) collusion resistant.If one group of user not having anyone have permission some private data of access, then it Even if the cipher key combinations of oneself the most also cannot realize deciphering the purpose of these data.

Accompanying drawing explanation

Fig. 1 is the application scenarios figure of the method for the invention；

Fig. 2 is System Initialization time figure；

Fig. 3 is that system key generates time diagram；

Fig. 4 is system encryption time diagram；

Fig. 5 is the encryption times figure of different size file.

Detailed description of the invention

Below in conjunction with drawings and Examples, the present invention is described further.

Friend-making process general frame figure is as it is shown in figure 1, friend-making process is as follows:

Step 1: system initialization, generates system PKI and system master key.

Credible central authorization center TA is that all friend-making users distribute the GID of a unique overall situation as user identity mark Know, and be respectively allocated a unique mark AID for all properties management server A A.GID is typically the identity number of user Word signature character string, all of AA all can verify that the verity of GID and the GID of user illegally can not be obtained by other users.

In this programme, the implication of relevant character variable sees table 1；

Table 1 denotational description table

In system initialisation phase, TA specifies depth of recursion dep limited in key structure, convenient the most false in order to describe If dep=2.TA randomly chooses PKI and generates parameter alpha, { β₁,β₂,...,β_depth}∈Z_p, as the calculating parameter of TA master key, Can calculate system PKI is:

${\mathrm{PK}}_0=\{G,g,h_1=g^{{\mathrm{\β}}_1},h_2=g^{{\mathrm{\β}}_2},f_1=g^{\frac{1}{{\mathrm{\β}}_1}},f_2=g^{\frac{1}{{\mathrm{\β}}_2}},e{(g,g)}^{\mathrm{\α}}\}---\left(1\right)$

System master key is:

MK₀={ β₁,β₂,g^α} (2)

Step 2: credible central authorization center TA authorizes to subordinate's attribute management center AA, generates attribute management center AA's Master key

(1) after TA has initialized, it will one-level AA is authorized.First it is that each AA generates an overall mark AID, it is assumed that the community set of AA management is Λ={ A₀,A₁,...,A_n, A₀Represent is the genus of ground floor authorization center management Temper collection, A_iRepresent the attribute set (dep=2) of the 2nd layer of authorization center management, a_i,jRepresent attribute set A_jMiddle jth attribute. M represents A_jThe number of middle attribute, when AA is carried out initializing and authorizes by TA, TA randomly chooses r and represents Λ, r and should represent one The set of integer, calculates each attribute for convenience and assumes that it is an integer, r_i,j∈Z_pRepresent a_i,j∈A_i, 0≤i≤n, 1≤j ≤ m carries out the master key of first order calculation AA:

${\mathrm{MK}}_1=\{\mathrm{\Λ},D=g^{\frac{\mathrm{\α}+\mathrm{\τ}}{{\mathrm{\β}}_1}},D_{i,j}=g^{r_i}\·H{\left(s_{i,j}\right)}^{r_{i,j}},{D^{\′}}_{i,j}=g^{r_{i,j}},E_i=g^{\frac{r+{\mathrm{\τ}}_i}{{\mathrm{\β}}_2}}\}---\left(3\right)$

In above-mentioned key, D, D_i,j,D′_i,jRepresent the ingredient of key, E respectively_iDecipher for switching node, can be to genus Property is carried out across sets match.During conversionCan be from r_i' transposition r_i。

Step 3: user key generates.

Friend-making promoter (data owner) Alice wants that the encounter center by mobile social networking is found and had a certain class The user of attribute character, then first Alice will arrange a series of friend-making attribute character and friend-making strategy uploads to authorize more Attribute management center, for ensureing safety and the high availability of service, user's Alice all properties feature Au_AliceTo be split into K part of mutually disjointing is managed jointly by K attribute management center on attribute trust chain.

Assume that user Alice friend-making user is at kth (1≤k≤K) AA_kOn community set be:

${\mathrm{Au}}_{Alice}^{\left(k\right)}=\{{{\mathrm{Au}}_{Alice\_0}}^{\left(k\right)},{{\mathrm{Au}}_{Alice\_1}}^{\left(k\right)},\mathrm{...},{{\mathrm{Au}}_{Alice\_n}}^{\left(k\right)}\}$

Wherein Au_{Alice_0} ^(k)Represent the set that single attribute forms, Au_{Alice_1} ^(k)To Au_{Alice_n} ^(k)Represent that the degree of depth is 2 Attribute set.Represent attribute set Au_{Alice_i} ^(k)Middle jth attribute.m Represent Au_{Alice_i} ^(k)The number of middle attribute, then the sub-key at kth attribute management center of user Alice calculates process As follows:

(1) first, AA_kPseudo-random function P will be selected_SK() is according to GID and AID of Alice_kCalculate user Alice's Private key parts P_SK(u)=α_k,_u。

Secondly, (2) AA_kUnique random number ru is randomly choosed for user^(k)∈Z_P, for each attribute set Au_{Alice_i} ^(k) ∈Au_Alice ^(k)Select n the random number ru differed_i ^(k)∈Z_p(i=1,2 ..., n), for set Au_{Alice_0} ^(k)If, ru₀ ^(k)=ru^(k), also it is Au simultaneously_{Alice_i} ^(k)In each attributeSelect different random number ru_i,j ^(k)∈Z_p(0≤i≤n,1 ≤j≤r)。

(3) last, generate user Alice at AA_kSub-key be

$\begin{array}{c}{\mathrm{SK}}_{Alice}^{\left(k\right)}=\{{{\mathrm{Au}}_{Alice}}^{\left(k\right)},D_{Alice}^{\left(k\right)}=g^{\frac{{\mathrm{\α}}_{k,u}+{\mathrm{ru}}^{\left(k\right)}}{{\mathrm{\β}}_{k,1}}})D_{i,j}^{\left(k\right)}=g^{{\mathrm{ru}}_i^{\left(k\right)}}\·H{\left(a_{i,j}^{\left(k\right)}\right)}^{{\mathrm{ru}}_{i,j}^{\left(k\right)}}\\ D_{i,j}^{\′\left(k\right)}=g^{{\mathrm{ru}}_{i,j}^{\left(k\right)}}(0\≤i\≤n,1\≤j\≤r),E_i^{\left(k\right)}=g^{\frac{{\mathrm{ru}}^{\left(k\right)}+{\mathrm{ru}}_i^{\left(k\right)}}{{\mathrm{\β}}_{k,2}}}(i=1,\mathrm{...},m)\}\end{array},---\left(5\right)$

WhereinIt is AA respectively_kOn two local master keys.Represent in the Alice key ingredient at k-th attribute center.So, user Alice at all AA The total key of attribute is:

${\mathrm{SK}}_{Alice}=\{{\left\{{\mathrm{SK}}_{Alice}^{\left(k\right)}\right\}}_{k=1}^K,D_{Alice}=g^{(\mathrm{\α}+\underset{k=1}{\overset{K}{\Σ}}{\mathrm{\αu}}_{\left(k\right)})/\underset{k=1}{\overset{K}{\Σ}}{\mathrm{\β}}_{k,1}}\}---\left(6\right)$

Wherein D_AliceRepresent a deciphering parameter, be used for meeting Alice feature (access strategy tree) user that sets a property and enter The deciphering of style of writing part, is issued by TA.

Step 4: AES

When Alice submission attribute to AA_kIn, AA_kCP-ABE will be used to generate according to attribute, the access strategy of attribute character Tree, uses T^(k)Representing, computation rule is as follows:

T^(k)From AA_kThe downward each node x of root node R^(k)An all corresponding multinomial q_x.For non-leaf nodes, q_xRank (use d_xRepresent) be that the threshold value of node x subtracts 1, i.e. d_x=k_x-1.If x^(k)For leaf node, then q_xRank be 0, i.e. d_x=0.Right Dig up the roots the arbitrary node x outside node^(k), q_x(0)=q_parent(x)(index (x)), other values polynomial randomly choose.For Root node q_R(0)=θ, θ ∈ Z_pOther randomly choose, and utilize lagrange polynomial to determine q_xThresholding multinomial.Use Y^(k)Table Show all leaf node y^(k)Set, X^(k)Represent all non-leaf nodes x^(k)Set, then generate AA_kUpper access strategy Ciphertext be:

$\begin{array}{c}{{\mathrm{CT}}_{Alice}}^k=\{T^{\left(k\right)},C^{\left(k\right)}=\{h_1^{\mathrm{\θ}}\},{\stackrel{\‾}{C}}^{\left(k\right)}=\{h_2^{\mathrm{\θ}}\},\∀y^{\left(k\right)}\∈Y^{\left(k\right)}:C_y^{\left(k\right)}=g^{q_{y^{\left(0\right)}}}\\ C_y^k=H{\left(att\right(y^{\left(k\right)}\left)\right)}^{q_{y^{\left(0\right)}}},\∀x^{\left(k\right)}\∈X^{\left(k\right)}:{\hat{C}}_x^k=h_2^{q_{x^{\left(0\right)}}}\}\end{array},$

Similarly, performing similar access strategy ciphering process at other K-1 attribute management center, last Alice obtains Ciphertext and its access strategy to plaintext M be:

$C=\{{\left\{{T_{Alice}}^{\left(k\right)}\right\}}_{k=1}^K{\tilde{C}}_{Alice}=M\·e{(g,g)}^{\mathrm{\α}\mathrm{\θ}},{\left\{{{\mathrm{CT}}_{Alice}}^{\left(k\right)}\right\}}_{k=1}^K\}---\left(7\right)$

NoteIt is retained in many authorization attributes administrative center for other request users that makes friends Verify, noteFor access strategy ciphertext.

Step 4: decipherment algorithm

Because this programme being assumed, encounter center server is honest and curiosity, so Alice is by clear data M Before reaching long-range encounter center server, a random number θ ∈ Z must be selected_p, and utilize announcement e (g, g)^αCalculate CiphertextTo simultaneouslyUpload to encounter center:

Honest and curious model (Honest-but-Curious, HBC): this type of assailant does not the most destroy agreement flow process, But it is attempt among the information oneself obtained use more technological means to obtain the more privacy information of user.(such as: logical Cross the consumption habit of user every day to speculate the credit line of user, or the medical web site paid close attention to by user understands user Health), in this article, the friend-making user participating in coupling is belonging to the assailant of honesty and curiosity, the most internal Assailant.

${\tilde{C}}_{Alice}=M\·e{(g,g)}^{\mathrm{\α}\mathrm{\θ}}---\left(8\right)$

Assuming user Bob to want by dating site finds a certain position to have the friend of a certain class special characteristic, then Bob Firstly the need of arranging one group of self characteristic attribute set, Au_Bob ^(k)And upload to attribute management center { AA₁,AA₂,...,AA_k} It is used for applying for decruption key, it is assumed that the access strategy of user Bob is distributed on W AA, and user Bob has in K attribute management The private key parts that scheming is calculated, then, during and if only if K >=W, can be computed correctly out key e (g, the g of Alice encrypting plaintext M )^αθ。

Key e (g, g)^αθCalculating process is as follows:

Assume that Alice is at kth attribute management center AA_kCiphertext be CT_Alice ^(k), wherein access strategy is T_Alice ^(k), The community set uploaded of Bob is Au_Bob ^(k), then AA_kTree (Au will be called_Bob ^(k)) verify the attribute Au of Bob_Bob ^(k)It is The no access control policy T meeting Alice_Alice ^(k), Tree (Au_Bob ^(k)) algorithm employing recursive fashion realization.For access strategy In arbitrary node x, Tree_x(Au_Bob ^(k)) return a set S_xIf, Au_Bob ^(k)It is unsatisfactory for access control policy then Tree (Au_Bob ^(k)) return empty set, otherwise algorithm is from set T_x(Au_Bob ^(k)) select a label i, start recursive call letter from root node NumberDecryptNode function is defined as follows:

(1) if x is ∈ Y^(k), when x is leaf node,Function is defined as:

WhenThen

WhenBecauseIt is the element on G, it is therefore assumed thatThen:

$\begin{array}{c}DecryptNode({{\mathrm{CT}}_{Alice}}^{\left(k\right)},{\mathrm{SK}}_{Bob}^k,x,i)=e(D_{i,j}^{\left(k\right)},C_x^{\left(k\right)})/e(D_{i,j}^{\′\left(k\right)},C_x^{\′\left(k\right)})\\ =e(g^{{\mathrm{ru}}_i^{\left(k\right)}}\·H{\left(a_{Alicei,j}^{\left(k\right)}\right)}^{{\mathrm{ru}}_{i,j}^{\left(k\right)}},g^{q_{x^{\left(0\right)}}})/e(g^{{\mathrm{ru}}_{i,j}^{\left(k\right)}},H{\left(att\left(x^{\left(k\right)}\right)\right)}^{q_{x^{\left(0\right)}}})\\ =e(g^{{\mathrm{ru}}_i^{\left(k\right)}}\·H{\left(a_{Alicei,j}^{\left(k\right)}\right)}^{{\mathrm{ru}}_{i,j}^{\left(k\right)}},g^{q_{x^{\left(0\right)}}})/e{(g^{{\mathrm{ru}}_{i,j}^{\left(k\right)}},H(a_{Bobi,j}^{\left(k\right)}\left)\right)}^{q_{x^{\left(0\right)}}})\\ =e(g^{{\mathrm{ru}}_i^{\left(k\right)}}\·H{\left(g^t\right)}^{{\mathrm{ru}}_{i,j}^{\left(k\right)}},g^{q_{x^{\left(0\right)}}})/e{(g^{{\mathrm{ru}}_{i,j}^{\left(k\right)}},H(g^t\left)\right)}^{q_{x^{\left(0\right)}}})\\ =e{(g,g)}^{{\mathrm{ru}}_i^k\·q_{x^{\left(0\right)}}}\end{array}---\left(9\right)$

(2) ifWhen i.e. x is non-leaf nodes,Carry out following recurrence Calculate:

If B_xIt is any k_xThe set that the child node of individual node x is constituted, if any of which child node z ∈ B_x, it is full that and if only if During foot following two condition: the nonempty set S that DecryptNode returns_Z(i∈S_Z), there is i ' ≠ i, i ' ∈ S_Z, and node z is During one switching node being decrypted node z, otherwise function returns null.

For z ∈ B_xIf, i ∈ S_Z, then function is calledFunction result is saved in F_Z In.If i ' is ∈ S_Z, i ' ≠ i, then call functionFunction result is saved in F_ZIn '.

If 1. i=0, then without conversion, can directly calculate:

$F_Z^{\left(k\right)}=\frac{e({\hat{C}}_z^{\left(k\right)},E_{i^{\′}}^{\left(k\right)})}{F_Z^{\′}}=\frac{e(g^{{\mathrm{\β}}_{k,2}\·q_{z^{\left(0\right)}}},g^{\frac{{\mathrm{ru}}^{\left(k\right)}+{\mathrm{ru}}_{i^{\′}}^{\left(k\right)}}{{\mathrm{\β}}_{k,2}}})}{e{(g,g)}^{{\mathrm{ru}}_{i^{\′}}^k\·q_{z^{\left(0\right)}}}}=e{(g,g)}^{{\mathrm{ru}}^{\left(k\right)}\·q_{z^{\left(0\right)}}}---\left(10\right)$

If 2. i ≠ 0, then carry out node conversion:

$\begin{array}{c}{F}_Z^{\left(k\right)}=e({\hat{C}}_z^{\left(k\right)},\frac{E_i^{\left(k\right)}}{E_{i^{\′}}^{\left(k\right)}})\·F_Z^{\′}=e(g^{{\mathrm{\β}}_{k,2}\·q_{z^{\left(0\right)}}},g^{\frac{{\mathrm{ru}}^{\left(k\right)}+{\mathrm{ru}}_i^{\left(k\right)}-{\mathrm{ru}}^k-{\mathrm{ru}}_{i^{\′}}^{\left(k\right)}}{{\mathrm{\β}}_{k,2}}})e{(g,g)}^{{\mathrm{ru}}_{i^{\′}}^k\·q_{z^{\left(0\right)}}}\\ =e{(g,g)}^{({\mathrm{ru}}_i^{\left(k\right)}-{\mathrm{ru}}_{i^{\′}}^{\left(k\right)})\·q_{z^{\left(0\right)}}}\·e{(g,g)}^{{\mathrm{ru}}_{i^{\′}}^k\·q_{z^{\left(0\right)}}}\\ =e{(g,g)}^{\left({\mathrm{ru}}_i^{\left(k\right)}\right)\·q_{z^{\left(0\right)}}}\end{array}---\left(11\right)$

To each z ∈ B_xChild node calculate F_zAfter, utilize Lagrange's interpolation can obtain the F of node x_x,Wherein iz=index (z), S '_z={ index (z): z ∈ B_x, Lagrange coefficient is:

$\mathrm{\Δ}iz,{S^{\′}}_z\left(0\right)=\underset{jz\∈{S^{\′}}_z,jz\≠iz}{\Σ}\frac{0-jz}{iz-jz}---\left(12\right)$ Finally utilize Solving the functional value at node x is:

$F_x^{\left(k\right)}=\{\frac{e{(g,g)}^{{\mathrm{ru}}_i^{\left(k\right)}\·q_x\left(0\right)},i\≠0}{e{(g,g)}^{{\mathrm{ru}}^{\left(k\right)}\·q_x\left(0\right)},i=0}---\left(13\right)$

Upwards recurrence, can obtain at root node RFunctional value is:

$F_R^{\left(k\right)}=\{\frac{e{(g,g)}^{{\mathrm{ru}}_i^{\left(k\right)}\·q_x\left(0\right)}=e{(g,g)}^{{\mathrm{ru}}_i^{\left(k\right)}\·\mathrm{\θ}},i\≠0}{g{(g,g)}^{{\mathrm{ru}}^{\left(k\right)}\·q_x\left(0\right)}=e{(g,g)}^{{\mathrm{ru}}_i^{\left(k\right)}\·\mathrm{\θ}},i=0}---\left(14\right)$

When i ≠ 0, rightChange:

$\begin{array}{c}{F}^{\left(k\right)}=\frac{e({\hat{C}}_r^{\left(k\right)},E_i^{\left(k\right)})}{F_R^{\left(k\right)}}=\frac{e(g^{{\mathrm{\β}}_{k,2}\·q_R\left(0\right)},g^{\frac{{\mathrm{ru}}^{\left(k\right)}+{\mathrm{ru}}_i^{\left(k\right)}}{{\mathrm{\β}}_{k,2}}})}{e{(g,g)}^{{\mathrm{ru}}_i^{\left(k\right)}\·q_R\left(0\right)}}\\ =e{(g,g)}^{{\mathrm{ru}}^{\left(k\right)}\·q_R\left(0\right)}=e{(g,g)}^{{\mathrm{ru}}^{\left(k\right)}\·\mathrm{\θ}}\end{array}---\left(15\right)$

If the attribute character of friend-making requestor meets the access strategy of all K authorization center, i.e.Without empty Value, then carry out e calculated as below (g, g)^αθ, carry out calculate deciphering parameter:

$\begin{array}{c}Q=\underset{k=1}{\overset{K}{\Π}}\frac{e(C^{\left(k\right)},{\mathrm{Du}}^{\left(k\right)})}{F^{\left(k\right)}}=\underset{k=1}{\overset{K}{\Π}}\frac{e(g^{{\mathrm{\β}}_{k,1}\·\mathrm{\θ}},g^{\frac{{\mathrm{\αu}}^{\left(k\right)}+{\mathrm{ru}}^{\left(k\right)}}{{\mathrm{\β}}_{k,1}}})}{e{(g,g)}^{{\mathrm{ru}}^{\left(k\right)}\·\mathrm{\θ}}}\\ =\underset{k=1}{\overset{K}{\Π}}\frac{e{(g,g)}^{({\mathrm{\αu}}^{\left(k\right)}+{\mathrm{ru}}^{\left(k\right)})\·\mathrm{\θ}}}{e{(g,g)}^{{\mathrm{ru}}^{\left(k\right)}\·\mathrm{\θ}}}=e{(g,g)}^{\mathrm{\θ}\·{\Σ}_{k=1}^K{\mathrm{\αu}}^{\left(k\right)}}\end{array}---\left(16\right)$

Thus can obtain:

$\begin{array}{c}e{(y,y)}^{\mathrm{\α}\mathrm{\θ}}=\frac{e(\underset{k=1}{\overset{K}{\Π}}{C}^{\left(k\right)},D_{user})}{Q}=\frac{e(g^{\mathrm{\θ}\·{\Σ}_{k=1}^K{\mathrm{\β}}_{k,1}},g^{(\mathrm{\α}+{\Σ}_{k=1}^K{\mathrm{\αu}}^{\left(k\right)})/{\Σ}_{k=1}^K{\mathrm{\β}}_{k,1}})}{e{(g,g)}^{\mathrm{\θ}\·{\Σ}_{k=1}^K{\mathrm{\αu}}^{\left(k\right)}}}\\ =e{(g,g)}^{\mathrm{\α}\mathrm{\θ}}={\left(e{\left(g,g\right)}^{\mathrm{\α}}\right)}^{\mathrm{\θ}}\end{array}---\left(17\right)$

Obtain as follows, final successful decryption.

$M=\frac{\tilde{C}}{e{(g,g)}^{\mathrm{\α}\mathrm{\θ}}}=\frac{M\·e{(g,g)}^{\mathrm{\α}\mathrm{\θ}}}{e{(g,g)}^{\mathrm{\α}\mathrm{\θ}}}=M---\left(18\right)$

Experiment will add based on the big several storehouses of Stanford University PBC (https: //crypto.stanford.edu/pbc/) Close and deciphering computing, hardware configuration is the valiant dragon of CPU^TM8X74AC 801 processor host frequency 2.5GHz, LPDDR3 933MHz 3G is high Speed internal memory, supports bluetooth 4.0 and WiFi two-frequency signal, and programmed environment uses Eclipse development platform, utilizes java applet to design Language carries out code development, and data simulation uses OriginPro2016.

This programme assumes that user Alice has different characteristic attributes, such as with to music under different living scenes Interest, the interest to film, the interest etc. to body-building, show according to the investigation of Tengxun's microblogging, the interest characteristics of general user Fine-grained description can be obtained in 100 range of attributes.Therefore this programme assumes that the characteristic attribute of user is respectively from 0-100 When carrying out being incremented by, the initialization time of system, key generates the time, encryption attribute time and [Li] [Chase] agreement difference The opposite sex.

Fig. 2 illustrate under same access strategy, illustrate this programme along with attribute be incremented by time, attribute increase to system Initializing impact little, simultaneity factor initialization time is more much smaller than other schemes, this is because have employed more at this programme Access strategy tree flexibly, and the hierarchy of system and access strategy tree determine the initialized time.Simultaneously in scheme [Li] [Chase] employs bilinearity repeatedly calculate.Therefore, on computing cost, scheme herein is more efficient, specifically counts According to being shown in Table 2.

Table 2 System Initialization time

Fig. 3 illustrates that each attribute management center produces the generation time of sub-key, and in this programme, attribute is by multiple mandates Center AA manages, and therefore, multiple AA have shared the computing cost of the generation of key.Meanwhile, data owner when Update attribute, Only need to calculate new attribute cyphertext component.So key herein generates shortest time, concrete data are shown in Table 3.

Table 3 system key generates the time

Fig. 4 explanation is incremented by along with attribute, and the time that in this programme, clear text file is encrypted by data owner, in the present invention Encipherment scheme in the size of key that generates be about about 72kb, encryption has the plaintext of 100 attributes to have only to 5 seconds, encryption Time is only the half of [Li] scheme, this is because increase from needs for designing user signature in [Li] [Chase] scheme Add sizable time overhead effect.Concrete data are shown in Table 4.

The table 4 system encryption time

Fig. 5 explanation is along with the change of encrypted file size, and the change of encryption times, in this programme, because data institute The person of having has only to send the attribute updated and to AA rather than updates whole community set.Therefore, this programme encrypt file time Wait calculating fastest.Meanwhile, because ABE mechanism uses symmetric encipherment algorithm, therefore in file size to (>=64MB) When, the execution time of symmetric encipherment algorithm is main time, and he is affected not quite by Update attribute change.Concrete data are shown in Table 5.

Table 5 file size change user's encryption and decryption time

In mobile social networking, maximized enhancing contact each other with exchange, simultaneously the most again protection user People's privacy concern is a study hotspot in current privacy protection direction.This programme on based on cryptographic Research foundation, Propose the cryptographic protocol based on attribute authorizing multi-levelization, it is achieved that the privacy of mobile social networking friend-making coupling is protected more Protect.The program improves the friend-making efficiency in mobile social networking so that user can visit with setting themselves in fine-grained discovery Ask the user that control strategy matches, simultaneously as matching primitives process is responsible for calculating by many authorization center, solve in the past The performance bottleneck of single authorization center and cipher key management considerations, also mitigate computing cost on intelligent terminal simultaneously.By peace Complete and performance evaluation, it is found that the agreement that this programme proposes can terminal calculate resource-constrained in the case of find more The user joined, more more effective than conventional agreement.

The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for the skill of this area For art personnel, the present invention can have various modifications and variations.All within the spirit and principles in the present invention, that is made any repaiies Change, equivalent, improvement etc., should be included within the scope of the present invention.

Claims (6)

1. the social method for secret protection of a multi-level attribute management center feature based encryption, it is characterised in that make friends and send out Play person's utilization and operate in the APP application program on intelligent terminal, will be through the personal information files passe of encryption to long-range friendship Friend center, uploads to the access control policy of self-defining a certain generic attribute feature and friend-making in multi-level attribute management simultaneously The heart；Multi-level attribute management center generates ciphertext according to attribute character and the access strategy tree corresponding with this attribute is associated；Hand over Friend's requester requests checks the friend-making information of other users in encounter center, when friend-making requestor himself community set and friendship The access strategy tree of friend promoter matches, and key corresponding for friend-making promoter's attribute is sent to by multi-level attribute management center Friend-making requestor, friend-making requestor deciphers the data ciphertext of information owner in encounter center；

Described multi-level attribute management center includes multiple attribute management server, and multiple attribute management servers are according to Attribute class Other and membership relation builds attribute management server structure tree, and each attribute management server is distributed by credible central authorization center Unique attribute management server identifiers；The most credible central authorization center is that each friend-making person distributes unique user identifiers.

Method the most according to claim 1, it is characterised in that by all properties of friend-making promoter each in encounter center Feature splits into mutually disjoint K attribute set, on each attribute set trust chain by attribute management server structure tree The management of attribute management server；

Friend-making promoter is at attribute management server AA_kOn sub-key calculate process as follows:

(1) first, AA_kPseudo-random function P will be selected_SK() is according to the user unique identifier GID of friend-making promoter and attribute pipe Reason server A A_kAttribute management server unique identifier AID_kCalculate the private key parts P of friend-making promoter_SK(u)= α_{K, u}；

(2) secondly, AA_kUnique community set random number ru is randomly choosed for friend-making promoter^(k), friend-making promoter Alice is Each attribute setSelect the attribute set random number differedMeanwhile, for each attribute set In each attributeSelect different attribute randoms numberAndBelong to integer, 0≤i≤n, 1≤ J≤r, n represent the attribute set number of friend-making promoter, and r represents the attribute character that one attribute set of friend-making promoter comprises Number；

Make attribute setCorresponding random number ru₀ ^(k)=ru^(k)；

(3) last, generate friend-making promoter Alice at AA according to below equation_kSub-key be

${\mathrm{SK}}_{Alice}^{\left(k\right)}=\{{{\mathrm{Au}}_{Alice}}^{\left(k\right)},D_{Alice}^{\left(k\right)}=g^{\frac{{\mathrm{\α}}_{k,u}+{\mathrm{ru}}^{\left(k\right)}}{{\mathrm{\β}}_{k,1}})},D_{i,j}^{\left(k\right)}=g^{{\mathrm{ru}}_i^{\left(k\right)}}\·H{\left(a_{i,j}^{\left(k\right)}\right)}^{{\mathrm{ru}}_{i,j}^{\left(k\right)}},$

$D_{i,j}^{\′\left(k\right)}=g^{{\mathrm{ru}}_{i,j}^{\left(k\right)}}(0\≤i\≤n,1\≤j\≤r),E_i^{\left(k\right)}=g^{\frac{{\mathrm{ru}}^{\left(k\right)}+{\mathrm{ru}}_i^{\left(k\right)}}{{\mathrm{\β}}_{k,2}}}(i=1,\mathrm{...},m)\}$

Wherein,It is AA respectively_kOn two local master keys；α, β₁, β₂All belong to In integer, r_iRepresent attribute management server AA_kThe attribute character quantity that comprised of higher level's attribute management server,Represent Attribute management server AA_kThe attribute character quantity comprised,Represent AA_kThe attribute that comprises of all subordinates attribute management server Feature quantity；G represents the generation unit of cyclic group；

For at friend-making promoter Alice at kth attribute management server AA_kSub-key ingredient, depend on Secondary property set zygote key for friend-making promoter Alice on kth attribute management server, a certain generic attribute collection zygote are close Key and some community set sub-key.

Method the most according to claim 2, it is characterised in that the request user that makes friends obtains the friend-making promoter of encounter center Cipher key processes as follows:

Make the friend-making promoter Alice of encounter center at kth attribute management server AA_kCiphertext be CT_Alice ^(k), wherein, Access strategy is T_Alice ^(k), the community set uploaded of friend-making requestor Bob is

Attribute management server AA_kCall the access control policy tree of friend-making requestor BobVerify friend-making request The attribute of person BobWhether meet the access control policy T of friend-making promoter Alice_Alice ^(k)If meeting, then attribute pipe Reason server A A_kCorresponding sub-key is sent to friend-making requestor, and otherwise, friend-making requestor cannot obtain decryption sub-key； When friend-making requestor obtains the decryption sub-key that each attribute management server sends, using the set of all sub-keys as friend-making Decipher total key；

Wherein, access control policy tree uses CP-ABE to be encrypted friend-making promoter or the attribute of requestor and friend-making strategy Obtain.

Method the most according to claim 3, it is characterised in that described attribute management server AA_kCall friend-making requestor The access control policy tree Tree (Au of Bob_Bob ^(k)) verify the attribute Au of friend-making requestor Bob_Bob ^(k)Whether meet Alice's Access control policy T_Alice ^(k)Detailed process as follows:

For arbitrary node x, Tree in access strategy_x(Au_Bob ^(k)) return a set S_xIf, Au_Bob ^(k)It is unsatisfactory for accessing Control strategy then Tree (Au_Bob ^(k)) return empty set, otherwise, from set T_x(Au_Bob ^(k)) select a label i, open from root node Each node in the access control policy tree of friend-making data requester is decrypted by beginning recursive call decryption function, it is judged that hand over The scope control strategy matching that the access control policy of friend request user whether friend-making data owner with encounter center is arranged, If can mate, then successful decryption, attribute management server the most corresponding in multi-level attribute management provide corresponding Sub-key is to friend-making data requester, otherwise, deciphers unsuccessfully, it is impossible to obtain key.

Method the most according to claim 4, it is characterised in that if friend-making requestor meets all K attribute management centers The access strategy of upper friend-making promoter, obtains the most as follows and deciphers middle parameter Q:

$\begin{array}{c}Q=\underset{k=1}{\overset{K}{\Π}}\frac{e(C^{\left(k\right)},{\mathrm{Du}}^{\left(k\right)})}{F^{\left(k\right)}}=\underset{k=1}{\overset{K}{\Π}}\frac{e(g^{{\mathrm{\β}}_{k,1}\·\mathrm{\θ}},g^{\frac{{\mathrm{\αu}}^{\left(k\right)}+{\mathrm{ru}}^{\left(k\right)}}{{\mathrm{\β}}_{k,1}}})}{e{(g,g)}^{{\mathrm{ru}}^{\left(k\right)}\·\mathrm{\θ}}}\\ =\underset{k=1}{\overset{K}{\Π}}\frac{e{(g,g)}^{({\mathrm{\αu}}^{\left(k\right)}+{\mathrm{ru}}^{\left(k\right)})\·\mathrm{\θ}}}{e{(g,g)}^{{\mathrm{ru}}^{\left(k\right)}\·\mathrm{\θ}}}=e{(g,g)}^{\mathrm{\θ}\·{\Σ}_{k=1}^K{\mathrm{\αu}}^{\left(k\right)}}\end{array}$

But according to deciphering in the middle of parameter Q ciphertext is decrypted acquisition e (g, g)^αθ:

$e{(g,g)}^{\mathrm{\α}\mathrm{\θ}}=\frac{e(\underset{k=1}{\overset{K}{\Π}}{C}^{\left(k\right)},D_{user})}{Q}=\frac{e(g^{\mathrm{\θ}\·{\Σ}_{k=1}^K{\mathrm{\β}}_{k,1}},g^{(\mathrm{\α}+{\Σ}_{k=1}^K{\mathrm{\αu}}^{\left(k\right)})/{\Σ}_{k=1}^K{\mathrm{\β}}_{k,1}})}{e{(g,g)}^{\mathrm{\θ}\·{\Σ}_{k=1}^K{\mathrm{\αu}}^{\left(k\right)}}}$

Wherein, C^(k)The ciphertext of the friend-making promoter on expression kth attribute management server, Du^(k)For friend-making promoter in kth The private key parts of the supercentral community set of individual attribute management, θ and α represents a decrypted random integer, F^(k)For on node k Decryption function value, e (g, g) represents bilinear map,Represent a bilinear map based on user property, au^(k)For According to user unique identifier GID and attribute management server unique identifier AID_kThe private key for user parts generated, D_userServe as reasons The deciphering parameter of friend-making requestor is presented at trusted authorization center.

6. according to the method described in any one of claim 2-5, it is characterised in that described friend-making promoter Alice is owning The total key of AA attribute is:

${\mathrm{SK}}_{Alice}=\{{\left\{{\mathrm{SK}}_{Alice}^{\left(k\right)}\right\}}_{k=1}^K,D_{Alice}=g^{(\mathrm{\α}+\underset{k=1}{\overset{K}{\Σ}}{\mathrm{\αu}}_{\left(k\right)})/\underset{k=1}{\overset{K}{\Σ}}{\mathrm{\β}}_{k,1}}\}$

Wherein, D_AliceRepresent a deciphering parameter, for meeting the friend-making requestor of the access strategy tree that friend-making person Alice is arranged Carry out file decryption, credible central authorization center TA issue.