WO2023134576A1 - Data encryption method, attribute authorization center, and storage medium - Google Patents
Data encryption method, attribute authorization center, and storage medium Download PDFInfo
- Publication number
- WO2023134576A1 WO2023134576A1 PCT/CN2023/071009 CN2023071009W WO2023134576A1 WO 2023134576 A1 WO2023134576 A1 WO 2023134576A1 CN 2023071009 W CN2023071009 W CN 2023071009W WO 2023134576 A1 WO2023134576 A1 WO 2023134576A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- key
- access
- attribute
- private key
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 80
- 238000012545 processing Methods 0.000 claims description 12
- 238000013524 data verification Methods 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 5
- 238000004364 calculation method Methods 0.000 description 26
- 230000008901 benefit Effects 0.000 description 19
- 238000004422 calculation algorithm Methods 0.000 description 14
- 230000008569 process Effects 0.000 description 12
- 230000006870 function Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 6
- 238000010276 construction Methods 0.000 description 3
- 125000004122 cyclic group Chemical group 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 239000011159 matrix material Substances 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Definitions
- the embodiments of the present application relate to the technical field of information security, and in particular to a data encryption method, an attribute authorization center, and a computer-readable storage medium.
- ABE Attribute Based Encryption
- Embodiments of the present application provide a data encryption method, an attribute authorization center, and a computer-readable storage medium, which can improve the security performance of an attribute encryption system.
- the embodiment of this application provides a data encryption method, which is applied to the attribute authorization center in the attribute encryption system, including: obtaining the system public key and the system master key; Key, the obtained key generation information and the identity information of the access user to obtain the user private key of the access user, wherein the identity information is bound to the access user alone, and the key generation information is associated with The visiting user; when it is determined that the plaintext to be encrypted by the visiting user is encrypted to obtain a ciphertext, according to the user private key of the visiting user, decrypt the ciphertext to obtain the to-be-encrypted plaintext Encrypt plaintext.
- the embodiment of the present application also provides an attribute authorization center, including: a memory, a processor, and a computer program stored on the memory and operable on the processor.
- an attribute authorization center including: a memory, a processor, and a computer program stored on the memory and operable on the processor.
- the processor executes the computer program, the The data encryption method as described in the first aspect above.
- the embodiment of the present application further provides a computer-readable storage medium storing computer-executable instructions, and the computer-executable instructions are used to execute the data encryption method described in the first aspect above.
- Fig. 1 is a schematic diagram of an attribute authorization center for implementing a data encryption method provided by an embodiment of the present application
- FIG. 2 is a flowchart of a data encryption method provided by an embodiment of the present application
- Fig. 3 is a flow chart of obtaining a system public key and a system master key in a data encryption method provided by an embodiment of the present application;
- Fig. 4 is a flow chart of obtaining the user private key of the accessing user in the data encryption method provided by one embodiment of the present application;
- Fig. 5 is a flow chart of obtaining the user private key of the accessing user in the data encryption method provided by another embodiment of the present application;
- Fig. 6 is a schematic diagram of encrypting the plaintext to be encrypted by the visiting user to obtain the ciphertext in the data encryption method provided by one embodiment of the present application;
- Fig. 7 is a schematic diagram of encrypting the plaintext to be encrypted by the visiting user in the data encryption method provided by another embodiment of the present application to obtain the ciphertext;
- Fig. 8 is a flowchart of a data encryption method provided by another embodiment of the present application.
- Fig. 9 is a flow chart of tracking the identities of multiple accessing users in the data encryption method provided by an embodiment of the present application.
- Fig. 10 is a flow chart of tracking the identities of multiple accessing users in the data encryption method provided by another embodiment of the present application.
- Fig. 11 is a schematic diagram of an attribute authorization center provided by another embodiment of the present application.
- This application provides a data encryption method, an attribute authorization center, and a computer-readable storage medium.
- the system public key, the system master key, and the key generation information associated with the accessing user are obtained, the accessing user's The user's private key is embedded with the identity information that is uniquely bound to the accessing user, and then data encryption is performed according to the user's private key of the accessing user.
- the attribute authorization center can Through the stored identity information, it can be accurately found out which user is the malicious user who intentionally leaked the key, so as to further revoke the malicious user's authority, thereby effectively correcting the loopholes of the attribute encryption system and improving the security performance of the attribute encryption system.
- FIG. 1 is a schematic diagram of an attribute authorization center 110 for implementing a data encryption method provided by an embodiment of the present application.
- the attribute authorization center 110 is a part of the attribute encryption system 100, which is applied in the application field of data security encryption in cloud computing, wherein, based on the attribute encryption mechanism of the attribute encryption system 100, relevant access users can The data is shared securely with specified users on the server.
- the key and ciphertext of the access user are associated with the descriptive attribute set and the access policy. Only when the relevant attribute set and the access policy match, a key can decrypt a specific ciphertext.
- Attribute-based encryption can be divided into two categories, namely Key Policy Attribute Based Encryption (KP-ABE) and Ciphertext Policy Attribute Based Encryption (CP-ABE) , where, in KP-ABE, the access user's key is associated with the access policy specified by the authorizing party, and the ciphertext is marked by a descriptive attribute set, while in CP-ABE, the access user's key is identified by the descriptive attribute set Tokens, the ciphertext is associated with the access policy specified by the encryptor.
- KP-ABE Key Policy Attribute Based Encryption
- CP-ABE Ciphertext Policy Attribute Based Encryption
- the attribute authorization center 110 in the attribute encryption system 100 can define related attributes in the system, distribute user private keys, and cooperate with data encryption processing.
- the attribute authorization center 110 has a storage function and can record related key parameters. Based on this feature, the embodiment of the present application uses the attribute authorization center 110 to further ascertain the identity of the user who maliciously disclosed the key .
- the attribute authorization center 110 in the attribute encryption system 100 may respectively include a memory and a processor, where the memory and the processor may be connected through a bus or in other ways.
- memory can be used to store non-transitory software programs and non-transitory computer-executable programs.
- the memory may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid-state storage devices.
- the memory may include memory located remotely from the processor, which remote memory may be connected to the processor through a network. Examples of the aforementioned networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.
- the attribute authorization center 110 and the application scenarios in the attribute encryption system 100 described in the embodiment of this application are to illustrate the technical solution of the embodiment of the application more clearly, and do not constitute a limitation to the technical solution provided by the embodiment of the application.
- a skilled person may know that with the evolution of the attribute authorization center 110 in the attribute encryption system 100 and the emergence of new application scenarios, the technical solution provided by the embodiment of the present application is also applicable to similar technical problems.
- attribute authorization center 110 shown in FIG. layout of the components.
- the attribute authorization center 110 can call the data encryption program stored therein to cooperate with the implementation of the data encryption method.
- Figure 2 is a flow chart of a data encryption method provided by an embodiment of the present application, which can be but not limited to be applied to the attribute authorization center as shown in the embodiment of Figure 1, the data encryption method includes but is not limited to the steps S100 to S300.
- Step S100 Obtain a system public key and a system master key.
- the initial key parameters of the attribute authority center are determined, so as to further determine the access user's key according to the determined system public key and system master key, Among them, the system public key can be shared with the access users by the attribute authorization center, and the system master key is kept private and confidential by the attribute authorization center. Generally speaking, the system public key and the system master key can be calculated according to specific algorithms. The following will give A specific example is given to illustrate.
- step S100 includes but not limited to step S110 .
- Step S110 Initialize the input security parameters to obtain the system public key and system master key.
- the system public key and system master key are converted to obtain the system public key and system master key based on this method.
- key which can well characterize the characteristics of security parameters under attribute encryption, and meet the requirements of attribute encryption.
- the initialization processing method includes but not limited to bilinear mapping, etc. Those skilled in the art can also set the initialization processing accordingly according to the actual application scenario. way, which is not limited in this embodiment.
- a security parameter ⁇ is input to construct a bilinear map and other related parameters , and finally output the system public key PP and system master key MSK.
- PP is shared by the attribute authorization center with the access user, and MSK is kept private and confidential by the attribute authorization center.
- the specific initialization algorithm is shown in the following example.
- i ⁇ Z p this parameter is a constant/random number
- S is a set of elements in Z p ;
- Step S200 According to the system public key, the system master key, the obtained key generation information and the identity information of the access user, the user private key of the access user is obtained, wherein the identity information is separately bound to the access user, and the key generation information Associated with the visiting user.
- the user private key of the access user can be accurately calculated, and through the The user's private key is embedded with the identity information that is uniquely bound to the access user. Since the attribute authorization center stores the identity information of the access user, when a malicious user illegally discloses its user private key and causes key leakage, the attribute authorization center can Accurately find malicious users through stored identity information.
- identity information can be presented in various forms, and those skilled in the art can set it according to the actual application scenario, which is not limited in this embodiment.
- step S200 when the key generation information is an access control structure associated with an accessing user, step S200 includes but is not limited to steps S210 to S220.
- Step S210 Perform key generation processing on the system public key, the system master key and the obtained access control structure to obtain the first attribute private key;
- Step S220 Insert the identity information of the visiting user into the first attribute private key to obtain the user private key of the visiting user.
- the first attribute private key can be accurately obtained, and the first attribute private key is authorized by the attribute.
- the center keeps private and confidential.
- the attribute authorization center can store the identity information of the access user, so that In the case of a possible key leak, the malicious user can be accurately found through the stored identity information.
- the user private key of the access user is finally obtained, which is an encryption method involving KT-KP-ABE.
- the calculation steps include but not limited to:
- a unique identification information H 1 (id) u is inserted into the attribute private key to reveal the identity of the user.
- step S200 when the key generation information is an attribute set associated with the accessing user, step S200 includes but not limited to steps S230 to S240.
- Step S230 Perform key generation processing on the system public key, the system master key and the acquired attribute set to obtain the second attribute private key;
- Step S240 Insert the identity information of the visiting user into the second attribute private key to obtain the user private key of the visiting user.
- the second attribute private key can be accurately obtained, and the second attribute private key is maintained by the attribute authorization center.
- Private and confidential in this case, by inserting the identity information of the access user into the second attribute private key, the user private key of the access user is obtained, so that the attribute authorization center can store the identity information of the access user, so that In the event of key leaks, malicious users can be accurately found through the stored identity information.
- the user private key of the access user is finally obtained, which is an encryption method involving KT-CP-ABE.
- a unique identification information H 1 (id) u is inserted into the attribute private key to reveal the identity of the user.
- the output user private key is D id
- the D id calculated here is SK id . It does not affect the expression of its meaning, and in order to avoid ambiguity, similar situations in the following embodiments are also identified as such, and in order to avoid redundancy, details will not be repeated below.
- Step S300 When it is determined that the plaintext to be encrypted of the visiting user is encrypted to obtain the ciphertext, according to the user private key of the visiting user, the ciphertext is decrypted to obtain the plaintext to be encrypted.
- the attribute authorization center when the system public key, system master key, and key generation information associated with the access user are obtained, by embedding the identity uniquely bound to the access user in the user private key of the access user information, and then perform data encryption processing according to the user's private key of the accessing user.
- the attribute authorization center can accurately find out which user is the intentional user through the stored identity information. Malicious users who cause key leaks can further revoke the malicious user's authority, thereby effectively correcting the loopholes in the attribute encryption system and improving the security performance of the attribute encryption system.
- step S300 "encrypt the plaintext to be encrypted by the visiting user to obtain ciphertext" in step S300 includes, but is not limited to, step S310.
- Step S310 According to the system public key and the attribute set of the visiting user, encrypt the plaintext to be encrypted of the visiting user to obtain the ciphertext.
- the access user can further Input the attribute set to the system public key, and then make it encrypt the plaintext to be encrypted by the accessing user according to the system public key and the attribute set of the accessing user, and obtain the relevant ciphertext accurately and reliably. It can be understood that the situation is Corresponds to the encryption method of KT-KP-ABE.
- the calculation steps of the encryption algorithm include but are not limited to:
- the calculation steps of the decryption algorithm include but are not limited to:
- DecryptNode(x, D id , CT) which takes node x on the access control tree structure ⁇ , user private key D id and ciphertext CT as input.
- the value of the leaf node satisfying the access control tree structure must be obtained. Whether x is a leaf node or not, Heng established. Therefore, the value of the root node F root can be calculated as:
- step S300 "encrypt the plaintext to be encrypted by the visiting user to obtain ciphertext" in step S300 includes, but is not limited to, step S320.
- Step S320 According to the system public key and the access control structure of the access user, encrypt the plaintext to be encrypted by the access user to obtain the cipher text.
- the access user can further Enter the access control structure to the system public key, and then make it encrypt the plaintext to be encrypted by the access user according to the system public key and the access control structure of the access user, and obtain the relevant ciphertext accurately and reliably. It is understandable that in this case It is the encryption method corresponding to KT-CP-ABE.
- KT-CP-ABE For KT-CP-ABE, based on Encrypt(M,PP, ⁇ A i ⁇ ) ⁇ (CT), input the plaintext M to be encrypted, system public key PP, access control structure ⁇ , and finally output the encrypted ciphertext CT,
- the calculation steps of the encryption algorithm include but are not limited to:
- ⁇ For the plaintext M to be encrypted, select the access control structure ⁇ , and randomly select a secret number (this parameter is a constant/random number), and a LSSS ⁇ access structure make is a (m ⁇ n) matrix, and the function ⁇ (.) associates attributes to line.
- ⁇ (.) is constrained to be a single mapping function, which means that a single attribute is at most associated with a row.
- Cryptoman randomly chooses a vector This vector will be used to share the value of the encrypted exponent s. make in representative matrix The i-th row in . select (This parameter is a constant/random number), then the data owner calculates the following information:
- the calculation steps of the decryption algorithm include but are not limited to:
- the improved decision bilinear Diffie-Hellman correlation problem is used to prove the security of the KT-KP-ABE scheme.
- the basis of theorem is: if the Diffie-Hellman related problems cannot be successfully solved in polynomial time, then the KT-KP-ABE scheme is safe for choosing ciphertext attacks, where polynomial time is a technical term in the field, and in computational complexity theory , which means that the computational time ⁇ displaystyle m(n) ⁇ of a problem is not greater than a polynomial multiple of the problem size ⁇ displaystyle n ⁇ . Any abstract machine has a complexity class, which includes Solve the problem.
- the construction process of the attack game in which the challenger and the attacker participate is as follows:
- the challenger simulates and constructs an attack environment as follows:
- the attacker defines an attribute set ⁇ A l ⁇ and plays a challenge game in it, and the identity information of the attacker is represented by id.
- the simulator randomly selects u, ⁇ i , ⁇ i ⁇ Z p , and sets the public parameters as follows:
- the challenger transmits the system public key PP to the attacker and keeps the system master key MSK.
- Key Generation Query The attacker submits a key generation query to the access control structure ⁇ .
- access control structure adopts access tree.
- p x is defined as the polynomial of each node x in the tree structure.
- the challenger discloses the D id to the attacker.
- the plaintext M is then sent to the attacker.
- Challenge phase After the attacker completes the query phase 1, he selects two plaintexts M 0 and M 1 of the same size and returns them to the challenger. Among them, M 0 and M 1 cannot appear in the previous decryption query. Then the challenger encrypts with the challenge attribute set A * selected by the attacker in advance where ⁇ 0,1 ⁇ is random.
- ciphertext is constructed as follows:
- the generated ciphertext is After the encryption is complete, the ciphertext is transmitted to the attacker.
- Inquiry Phase 2 Repeat the operation of Inquiry Phase 1, and the attacker continues to send a limited number of private key generation inquiries and decryption inquiries to the challenger.
- the advantage of the attacker in this attack game is defined as
- the simulator can solve the above problems with the advantage of ⁇ /2, so the KT-KP-ABE scheme is safe for choosing ciphertext attacks.
- the improved decision bilinear Diffie-Hellman correlation problem is used to prove the security of the KT-CP-ABE scheme.
- the basis theorem is: if the Diffie-Hellman related problems cannot be successfully solved in polynomial time, then the KT-KP-ABE scheme is safe for choosing ciphertext attacks.
- the construction process of the attack game in which the challenger and the attacker participate is as follows:
- the challenger simulates and constructs an attack environment as follows:
- the attacker defines an attribute set ⁇ A l ⁇ and plays a challenge game in it, and the identity information of the attacker is represented by id.
- the simulator randomly selects u, ⁇ i , ⁇ i ⁇ Z p , and sets the public parameters as follows:
- the challenger transmits the system public key PP to the attacker and keeps the system master key MSK.
- the attacker submits a key generation query for user attribute Ai .
- the identity information of the attacker is represented by id, and the key structure of the attacker is as follows:
- the challenger discloses the D id to the attacker.
- the plaintext M is then sent to the attacker.
- Challenge phase After the attacker completes the query phase 1, he selects two plaintexts M 0 and M 1 of the same size and returns them to the challenger. Among them, M 0 and M 1 cannot appear in the previous decryption query. The challenger then visits the
- Inquiry Phase 2 Repeat the operation of Inquiry Phase 1, and the attacker continues to send a limited number of private key generation inquiries and decryption inquiries to the challenger.
- the advantage of the attacker in this attack game is defined as
- the simulator can solve the above problems with the advantage of ⁇ /2, so the KT-CP-ABE scheme is safe for choosing ciphertext attacks.
- the data encryption method in this embodiment of the present application further includes but is not limited to step S400.
- Step S400 Perform identity tracking on multiple visiting users according to the identification information of the multiple visiting users, the user's private key and the key generation information associated with the visiting users.
- the identity information of each access user, the user private key, and the key generation information associated with the access user when determining the identity information of each access user, the user private key, and the key generation information associated with the access user, it may be based on the identity information of each access user, the user private key, and the key generation information associated with the access user. According to the discriminative calculation of the key generation information, the corresponding discriminant parameters can be obtained, so as to accurately check the identity of the user through the discriminant parameters, and realize the identity tracking of the accessing user. It is understandable that the same can be done for each accessing user. The discriminant calculation is used to realize identity tracking until the corresponding malicious user is found.
- step S400 includes but not limited to steps S410 to S420.
- Step S410 Process the identity information of multiple access users, user private keys, and key generation information associated with the access users, and generate a key leakage tracking list carrying multiple sets of data verification information, wherein a set of data verification information Including an access user's identity information and user's private key;
- Step S420 Tracing the identity of each accessing user according to the key leakage tracking list.
- the key leakage tracking list contains multiple sets of data verification information, and each set of data verification information includes an access user's identity information and user private key, it can be confirmed by querying the key leakage tracking list The corresponding relationship between the identity information of each accessing user and the user's private key.
- the attribute authorization center can search for the identity information corresponding to the user's private key to find out the leaked key. purpose of malicious users of the key.
- the attribute authorization center can build a data list as a key leakage tracking list to record the identity information of the accessing user and the corresponding user private key, as shown in Table 1 and As shown in Table 2, wherein, Table 1 is the identity information of the visiting user and the corresponding user private key in the KT-KP-ABE scheme, and Table 2 is the identity information and the corresponding user private key of the visiting user in the KT-CP-ABE scheme. The corresponding user private key. When the private key is leaked, the attribute authorization center can trace the identity of the malicious user by searching the identity information corresponding to the user's private key.
- Table 1 The identity information of the access user and the corresponding user private key in the KT-KP-ABE scheme
- Table 2 The identity information of the access user and the corresponding user private key in the KT-CP-ABE scheme
- step S400 includes but not limited to steps S430 to S440.
- Step S430 Determine key leakage tracking conditions according to the identification information of multiple access users, user private keys, and key generation information associated with the access users;
- Step S440 Tracing the identity of each accessing user according to key leakage tracking conditions.
- the key leakage tracking list contains multiple sets of data verification information, and each set of data verification information includes an access user's identity information and user private key, it can be confirmed by querying the key leakage tracking list The corresponding relationship between the identity information of each accessing user and the user's private key.
- the attribute authorization center can search for the identity information corresponding to the user's private key to find out the leaked key. purpose of malicious users of the key.
- the key leakage tracking conditions are relatively intuitive and clear, the key leakage tracking conditions are determined according to the identification information of multiple access users, the user private key, and the key generation information associated with the access users, so that When a malicious user leaks the key, the attribute authorization center can determine whether the identity information corresponding to the accessing user corresponds by calculating the key leak tracking condition, so as to achieve the purpose of finding out the malicious user who leaked the key.
- the attribute authority can be determined by verifying an equation.
- the attribute authorization center verifies the equation Whether it is established.
- the attribute authorization center verifies the equation Whether it is established.
- the attribute authorization center can verify the above calculation equation to confirm whether the suspicious user is a traitor who leaked the private key.
- the attribute authorization center can follow the following process to track:
- the attribute authorization center can accurately find out the identity of the malicious user.
- the KT-KP-ABE scheme and the KT-CP-ABE scheme proposed in the embodiment of the application are related to The [1] scheme, [2] scheme and [3] scheme in the technology compare the access structure, encryption and decryption calculation consumption, user private key size and ciphertext size.
- KT-KP-ABE and KT-CP-ABE also have better performance in terms of private key and ciphertext size. Since the attribute authorization center must generate and store the private keys of all users in order to trace the identity of malicious users when the key is leaked, reducing the size of the attribute private key can reduce the storage and computing burden of the entire attribute encryption system, according to the above scheme.
- the size of each private key is
- the sizes of the ciphertexts in KT-KP-ABE and KT-CP-ABE are (2n+1)
- the ciphertext sizes in KT-KP-ABE and KT-CP-ABE are relatively smaller.
- the above comparison results show that from the perspective of overall efficiency, the KT-KP-ABE and KT-CP-ABE of the embodiment of the present application have lower computational cost and better performance, both can utilize the attribute
- the fine-grained data access control advantages of encryption can also meet the needs of different users to be distinguished through their unique private keys.
- an embodiment of the present application also provides an attribute authorization center, which includes: a memory, a processor, and a computer program stored on the memory and operable on the processor.
- the processor and memory can be connected by a bus or other means.
- the non-transitory software programs and instructions required to realize the data encryption methods of the above-mentioned embodiments are stored in the memory, and when executed by the processor, the data encryption methods of the above-mentioned embodiments are executed, for example, the above-described execution in FIG. 2 Method steps S100 to S300, method steps S110 in FIG. 3 , method steps S210 to S220 in FIG. 4 , method steps S230 to S240 in FIG. 5 , method steps S310 in FIG. 6 , method steps S120 in FIG. 7 , Method step S400 in FIG. 8 , method steps S410 to S420 in FIG. 9 or method steps S430 to S440 in FIG. 10 .
- the device embodiments described above are only illustrative, and the units described as separate components may or may not be physically separated, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment.
- an embodiment of the present application also provides a computer-readable storage medium, the computer-readable storage medium stores computer-executable instructions, and the computer-executable instructions are executed by a processor or a controller, for example, by the above-mentioned Execution by a processor in the device embodiment can cause the above-mentioned processor to execute the data encryption method in the above-mentioned embodiment, for example, execute the above-described method steps S100 to S300 in FIG. 2 , method steps S110 in FIG. 3 , and Method steps S210 to S220 in 4, method steps S230 to S240 in FIG. 5, method steps S310 in FIG. 6, method steps S120 in FIG. 7, method steps S400 in FIG. 8, method steps S410 in FIG. 9 to S420 or the method steps S430 to S440 in FIG. 10 .
- the embodiment of this application includes a data encryption method applied to the attribute authorization center in the attribute encryption system, including: obtaining the system public key and the system master key; generating information and accessing the The user's identity information is obtained from the user's private key of the accessing user.
- the identity information is bound to the accessing user alone, and the key generation information is associated with the accessing user;
- the ciphertext is decrypted to obtain the plaintext to be encrypted.
- the system public key, the system master key, and the key generation information associated with the access user are obtained, by embedding the user private key of the access user, it is uniquely bound to the access user The identity information of the user, and then encrypt the data according to the user's private key of the accessing user.
- the attribute authorization center can accurately find out which The user is a malicious user who deliberately leaks the key, so as to further revoke the authority of the malicious user, thereby effectively correcting the loopholes of the attribute encryption system and improving the security performance of the attribute encryption system.
- Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, tape, magnetic disk storage or other magnetic storage devices, or can Any other medium used to store desired information and which can be accessed by a computer.
- communication media typically embody computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism, and may include any information delivery media .
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
A data encryption method, an attribute authorization center, and a storage medium. The data encryption method is applied to the attribute authorization center in an attribute-based encryption system, and comprises: obtaining a system public key and a system master key (S100); obtaining a user private key of an access user according to the system public key, the system master key, obtained key generation information and identity identification information of the access user, wherein the identity identification information is independently bound to the access user, and the key generation information is associated with the access user (S200); and when it is determined that a case in which a plaintext to be encrypted of the access user is encrypted to obtain a ciphertext exists, decrypting the ciphertext according to the user private key of the access user to obtain a plaintext to be encrypted (S300).
Description
相关申请的交叉引用Cross References to Related Applications
本申请基于申请号为202210049415.2、申请日为2022年01月17日的中国专利申请提出,并要求该中国专利申请的优先权,该中国专利申请的全部内容在此引入本申请作为参考。This application is based on a Chinese patent application with application number 202210049415.2 and a filing date of January 17, 2022, and claims the priority of this Chinese patent application. The entire content of this Chinese patent application is hereby incorporated by reference into this application.
本申请实施例涉及信息安全技术领域,尤其涉及一种数据加密方法、属性授权中心及计算机可读存储介质。The embodiments of the present application relate to the technical field of information security, and in particular to a data encryption method, an attribute authorization center, and a computer-readable storage medium.
密钥泄露是当前属性加密(Attribute Based Encryption,ABE)系统中亟待解决的问题,由于ABE属于一种广播加密方式,拥有相同属性的用户共享相同的私钥,因而可能存在恶意用户故意公开自己的私钥,从而造成密钥泄露,在这种情况下,无法准确地查找出哪个用户为故意造成密钥泄露的恶意用户,因此无法有效修正ABE系统的漏洞,导致ABE系统的安全性能降低。Key leakage is an urgent problem to be solved in the current Attribute Based Encryption (ABE) system. Since ABE is a broadcast encryption method, users with the same attribute share the same private key, so there may be malicious users who deliberately disclose their own private key. In this case, it is impossible to accurately find out which user is the malicious user who deliberately caused the key leakage, so the loopholes of the ABE system cannot be effectively corrected, resulting in a decrease in the security performance of the ABE system.
发明内容Contents of the invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics described in detail in this article. This summary is not intended to limit the scope of the claims.
本申请实施例提供了一种数据加密方法、属性授权中心及计算机可读存储介质,能够提升属性加密系统的安全性能。Embodiments of the present application provide a data encryption method, an attribute authorization center, and a computer-readable storage medium, which can improve the security performance of an attribute encryption system.
第一方面,本申请实施例提供了一种数据加密方法,应用于属性加密系统中的属性授权中心,包括:获取系统公钥和系统主密钥;根据所述系统公钥、所述系统主密钥、获取的密钥生成信息以及访问用户的身份标识信息,得到所述访问用户的用户私钥,其中,所述身份标识信息单独绑定所述访问用户,所述密钥生成信息关联于所述访问用户;当确定存在对所述访问用户的待加密明文进行加密处理得到密文的情况,根据所述访问用户的所述用户私钥,对所述密文进行解密处理得到所述待加密明文。In the first aspect, the embodiment of this application provides a data encryption method, which is applied to the attribute authorization center in the attribute encryption system, including: obtaining the system public key and the system master key; Key, the obtained key generation information and the identity information of the access user to obtain the user private key of the access user, wherein the identity information is bound to the access user alone, and the key generation information is associated with The visiting user; when it is determined that the plaintext to be encrypted by the visiting user is encrypted to obtain a ciphertext, according to the user private key of the visiting user, decrypt the ciphertext to obtain the to-be-encrypted plaintext Encrypt plaintext.
第二方面,本申请实施例还提供了一种属性授权中心,包括:存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现如上第一方面所述的数据加密方法。In the second aspect, the embodiment of the present application also provides an attribute authorization center, including: a memory, a processor, and a computer program stored on the memory and operable on the processor. When the processor executes the computer program, the The data encryption method as described in the first aspect above.
第三方面,本申请实施例还提供了一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行如上第一方面所述的数据加密方法。In a third aspect, the embodiment of the present application further provides a computer-readable storage medium storing computer-executable instructions, and the computer-executable instructions are used to execute the data encryption method described in the first aspect above.
本申请的其它特征和优点将在随后的说明书中阐述,并且,部分地从说明书中变得显而易见,或者通过实施本申请而了解。本申请的目的和其他优点可通过在说明书、权利要求书以及附图中所特别指出的结构来实现和获得。Additional features and advantages of the application will be set forth in the description which follows, and, in part, will be obvious from the description, or may be learned by practice of the application. The objectives and other advantages of the application will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
附图用来提供对本申请技术方案的进一步理解,并且构成说明书的一部分,与本申请的实施例一起用于解释本申请的技术方案,并不构成对本申请技术方案的限制。The accompanying drawings are used to provide a further understanding of the technical solution of the present application, and constitute a part of the specification, and are used together with the embodiments of the present application to explain the technical solution of the present application, and do not constitute a limitation to the technical solution of the present application.
图1是本申请一个实施例提供的用于执行数据加密方法的属性授权中心的示意图;Fig. 1 is a schematic diagram of an attribute authorization center for implementing a data encryption method provided by an embodiment of the present application;
图2是本申请一个实施例提供的数据加密方法的流程图;FIG. 2 is a flowchart of a data encryption method provided by an embodiment of the present application;
图3是本申请一个实施例提供的数据加密方法中,获取系统公钥和系统主密钥的流程图;Fig. 3 is a flow chart of obtaining a system public key and a system master key in a data encryption method provided by an embodiment of the present application;
图4是本申请一个实施例提供的数据加密方法中,得到访问用户的用户私钥的流程图;Fig. 4 is a flow chart of obtaining the user private key of the accessing user in the data encryption method provided by one embodiment of the present application;
图5是本申请另一个实施例提供的数据加密方法中,得到访问用户的用户私钥的流程图;Fig. 5 is a flow chart of obtaining the user private key of the accessing user in the data encryption method provided by another embodiment of the present application;
图6是本申请一个实施例提供的数据加密方法中,对访问用户的待加密明文进行加密处理得到密文的示意图;Fig. 6 is a schematic diagram of encrypting the plaintext to be encrypted by the visiting user to obtain the ciphertext in the data encryption method provided by one embodiment of the present application;
图7是本申请另一个实施例提供的数据加密方法中,对访问用户的待加密明文进行加密处理得到密文的示意图;Fig. 7 is a schematic diagram of encrypting the plaintext to be encrypted by the visiting user in the data encryption method provided by another embodiment of the present application to obtain the ciphertext;
图8是本申请另一个实施例提供的数据加密方法的流程图;Fig. 8 is a flowchart of a data encryption method provided by another embodiment of the present application;
图9是本申请一个实施例提供的数据加密方法中,对多个访问用户进行身份追踪的流程图;Fig. 9 is a flow chart of tracking the identities of multiple accessing users in the data encryption method provided by an embodiment of the present application;
图10是本申请另一个实施例提供的数据加密方法中,对多个访问用户进行身份追踪的流程图;Fig. 10 is a flow chart of tracking the identities of multiple accessing users in the data encryption method provided by another embodiment of the present application;
图11是本申请另一个实施例提供的属性授权中心的示意图。Fig. 11 is a schematic diagram of an attribute authorization center provided by another embodiment of the present application.
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施例仅用以解释本申请,并不用于限定本申请。In order to make the purpose, technical solution and advantages of the present application clearer, the present application will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present application, not to limit the present application.
需要注意的是,虽然在装置示意图中进行了功能模块划分,在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于装置中的模块划分,或流程图中的顺序执行所示出或描述的步骤。说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。It should be noted that although the functional modules are divided in the schematic diagram of the device, and the logical sequence is shown in the flowchart, in some cases, it can be executed in a different order than the module division in the device or the flowchart in the flowchart. steps shown or described. The terms "first", "second" and the like in the specification and claims and the above drawings are used to distinguish similar objects, and not necessarily used to describe a specific sequence or sequence.
本申请提供了一种数据加密方法、属性授权中心及计算机可读存储介质,在获取到系统公钥、系统主密钥和关联于访问用户的密钥生成信息的情况下,通过在访问用户的用户私钥中嵌入唯一绑定于访问用户的身份标识信息,进而根据该访问用户的用户私钥进行数据加密处理,当恶意用户非法公开其用户私钥导致密钥泄漏发生时,属性授权中心可以通过存储的身份标识信息准确地查找出哪个用户为故意造成密钥泄露的恶意用户,以便于进一步撤销该恶意用户的权限,从而有效修正属性加密系统的漏洞,提升属性加密系统的安全性能。This application provides a data encryption method, an attribute authorization center, and a computer-readable storage medium. When the system public key, the system master key, and the key generation information associated with the accessing user are obtained, the accessing user's The user's private key is embedded with the identity information that is uniquely bound to the accessing user, and then data encryption is performed according to the user's private key of the accessing user. When a malicious user illegally discloses its user's private key and causes key leakage, the attribute authorization center can Through the stored identity information, it can be accurately found out which user is the malicious user who intentionally leaked the key, so as to further revoke the malicious user's authority, thereby effectively correcting the loopholes of the attribute encryption system and improving the security performance of the attribute encryption system.
下面结合附图,对本申请实施例作进一步阐述。The embodiments of the present application will be further described below in conjunction with the accompanying drawings.
参照图1,图1是本申请一个实施例提供的用于执行数据加密方法的属性授权中心110的示意图。Referring to FIG. 1 , FIG. 1 is a schematic diagram of an attribute authorization center 110 for implementing a data encryption method provided by an embodiment of the present application.
在图1的示例中,属性授权中心110为属性加密系统100的一部分,应用于云计算中数据安全加密应用领域,其中,基于属性加密系统100的属性加密机制,相关的访问用户可以在不可信的服务器上将数据安全地共享给指定的用户,访问用户的密钥和密文与描述性属性集和访问策略相关联,只有相关属性集和访问策略相匹配时,一个密钥才能解密一个特定的 密文。基于属性的加密可以分为两类,即密钥策略的基于属性的加密(Key Policy Attribute Based Encryption,KP-ABE)和密文策略的基于属性的加密(Ciphertext Policy Attribute Based Encryption,CP-ABE),其中,在KP-ABE中,访问用户的密钥与授权方指定的访问策略相关联,密文由描述性属性集标记,而在CP-ABE中,访问用户的密钥由描述性属性集标记,密文与加密者指定的访问策略相关联。在上述应用场景下,属性加密系统100中存在的属性授权中心110,可以定义系统中的相关属性、分发用户私钥以及配合进行数据加密处理。In the example of FIG. 1 , the attribute authorization center 110 is a part of the attribute encryption system 100, which is applied in the application field of data security encryption in cloud computing, wherein, based on the attribute encryption mechanism of the attribute encryption system 100, relevant access users can The data is shared securely with specified users on the server. The key and ciphertext of the access user are associated with the descriptive attribute set and the access policy. Only when the relevant attribute set and the access policy match, a key can decrypt a specific ciphertext. Attribute-based encryption can be divided into two categories, namely Key Policy Attribute Based Encryption (KP-ABE) and Ciphertext Policy Attribute Based Encryption (CP-ABE) , where, in KP-ABE, the access user's key is associated with the access policy specified by the authorizing party, and the ciphertext is marked by a descriptive attribute set, while in CP-ABE, the access user's key is identified by the descriptive attribute set Tokens, the ciphertext is associated with the access policy specified by the encryptor. In the above application scenarios, the attribute authorization center 110 in the attribute encryption system 100 can define related attributes in the system, distribute user private keys, and cooperate with data encryption processing.
需要说明的是,属性授权中心110具有存储功能,可以将相关涉及的密钥参数进行记录,基于这一特性,本申请实施例通过属性授权中心110以进一步查明恶意泄露密钥的用户的身份。It should be noted that the attribute authorization center 110 has a storage function and can record related key parameters. Based on this feature, the embodiment of the present application uses the attribute authorization center 110 to further ascertain the identity of the user who maliciously disclosed the key .
属性加密系统100中的属性授权中心110可以分别包括有存储器和处理器,其中,存储器和处理器可以通过总线或者其他方式连接。The attribute authorization center 110 in the attribute encryption system 100 may respectively include a memory and a processor, where the memory and the processor may be connected through a bus or in other ways.
存储器作为一种非暂态计算机可读存储介质,可用于存储非暂态软件程序以及非暂态性计算机可执行程序。此外,存储器可以包括高速随机存取存储器,还可以包括非暂态存储器,例如至少一个磁盘存储器件、闪存器件、或其他非暂态固态存储器件。在一些实施方式中,存储器可包括相对于处理器远程设置的存储器,这些远程存储器可以通过网络连接至该处理器。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。As a non-transitory computer-readable storage medium, memory can be used to store non-transitory software programs and non-transitory computer-executable programs. In addition, the memory may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid-state storage devices. In some embodiments, the memory may include memory located remotely from the processor, which remote memory may be connected to the processor through a network. Examples of the aforementioned networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.
本申请实施例描述的属性加密系统100中的属性授权中心110以及应用场景是为了更加清楚的说明本申请实施例的技术方案,并不构成对于本申请实施例提供的技术方案的限定,本领域技术人员可以知道,随着属性加密系统100中的属性授权中心110的演变和新应用场景的出现,本申请实施例提供的技术方案对于类似的技术问题,同样适用。The attribute authorization center 110 and the application scenarios in the attribute encryption system 100 described in the embodiment of this application are to illustrate the technical solution of the embodiment of the application more clearly, and do not constitute a limitation to the technical solution provided by the embodiment of the application. A skilled person may know that with the evolution of the attribute authorization center 110 in the attribute encryption system 100 and the emergence of new application scenarios, the technical solution provided by the embodiment of the present application is also applicable to similar technical problems.
本领域技术人员可以理解的是,图1中示出的属性授权中心110并不构成对本申请实施例的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。Those skilled in the art can understand that the attribute authorization center 110 shown in FIG. layout of the components.
在图1所示的属性授权中心110中,属性授权中心110可以调用其储存的数据加密程序,以配合执行数据加密方法。In the attribute authorization center 110 shown in FIG. 1 , the attribute authorization center 110 can call the data encryption program stored therein to cooperate with the implementation of the data encryption method.
基于上述属性授权中心110的结构,提出本申请的数据加密方法的各个实施例,为了更清楚明确地阐述本申请的工作原理及流程,在KP-ABE和CP-ABE的基础上,下面各实施例主要基于密钥泄露追踪的密钥策略的属性加密(Key Tracing Key Policy Attribute based Encryption,KT-KP-ABE)和密钥泄露追踪的密文策略的属性加密(Key Tracing Ciphertext Policy Attribute based Encryption,KT-CP-ABE)的情况来分别说明。Based on the structure of the above-mentioned attribute authorization center 110, various embodiments of the data encryption method of the present application are proposed. In order to more clearly explain the working principle and process of the present application, on the basis of KP-ABE and CP-ABE, the following implementations Examples are Key Tracing Key Policy Attribute based Encryption (Key Tracing Key Policy Attribute based Encryption, KT-KP-ABE) and Key Tracing Ciphertext Policy Attribute based Encryption (Key Tracing Ciphertext Policy Attribute based Encryption, The case of KT-CP-ABE) will be described separately.
如图2所示,图2是本申请一个实施例提供的数据加密方法的流程图,可以但不限于应用于如图1实施例所示的属性授权中心,该数据加密方法包括但不限于步骤S100至S300。As shown in Figure 2, Figure 2 is a flow chart of a data encryption method provided by an embodiment of the present application, which can be but not limited to be applied to the attribute authorization center as shown in the embodiment of Figure 1, the data encryption method includes but is not limited to the steps S100 to S300.
步骤S100:获取系统公钥和系统主密钥。Step S100: Obtain a system public key and a system master key.
在一实施例中,通过获取系统公钥和系统主密钥,从而确定属性授权中心的初始密钥参数,以便于根据所确定的系统公钥和系统主密钥进一步确定访问用户的密钥,其中,系统公钥可以由属性授权中心与访问用户共享,系统主密钥则由属性授权中心保持私有保密,通常而言,系统公钥和系统主密钥可以根据具体算法计算得到,以下将给出具体示例进行说明。In one embodiment, by obtaining the system public key and the system master key, the initial key parameters of the attribute authority center are determined, so as to further determine the access user's key according to the determined system public key and system master key, Among them, the system public key can be shared with the access users by the attribute authorization center, and the system master key is kept private and confidential by the attribute authorization center. Generally speaking, the system public key and the system master key can be calculated according to specific algorithms. The following will give A specific example is given to illustrate.
在图3的示例中,步骤S100包括但不限于步骤S110。In the example of FIG. 3 , step S100 includes but not limited to step S110 .
步骤S110:对输入的安全参数进行初始化处理,得到系统公钥和系统主密钥。Step S110: Initialize the input security parameters to obtain the system public key and system master key.
在一实施例中,通过预先设置相应的安全参数并将其输入到属性授权中心进行初始化处 理,从而转化得到系统公钥和系统主密钥,基于该方式处理得到的系统公钥和系统主密钥,能够良好表征属性加密下的安全参数的特性,符合属性加密要求,其中,初始化处理的方式包括但不限于双线性映射等,本领域技术人员也可以根据实际应用场景来相应设置初始化处理的方式,这在本实施例中并未限制。In one embodiment, by setting corresponding security parameters in advance and inputting them into the attribute authorization center for initialization processing, the system public key and system master key are converted to obtain the system public key and system master key based on this method. key, which can well characterize the characteristics of security parameters under attribute encryption, and meet the requirements of attribute encryption. The initialization processing method includes but not limited to bilinear mapping, etc. Those skilled in the art can also set the initialization processing accordingly according to the actual application scenario. way, which is not limited in this embodiment.
以下给出具体示例以说明上述实施例的工作原理及流程。Specific examples are given below to illustrate the working principles and processes of the above-mentioned embodiments.
示例一:Example one:
以同时适配于KT-KP-ABE和KT-CP-ABE的计算方式进行说明,基于Setup(1
λ)→(PP,MSK),输入一个安全参数λ,构建双线性映射及其他相关参数,最终输出系统公钥PP和系统主密钥MSK,PP由属性授权中心与访问用户共享,MSK则由属性授权中心保持私有保密,具体初始化算法见如下示例。
The calculation method adapted to KT-KP-ABE and KT-CP-ABE at the same time is explained. Based on Setup(1 λ )→(PP,MSK), a security parameter λ is input to construct a bilinear map and other related parameters , and finally output the system public key PP and system master key MSK. PP is shared by the attribute authorization center with the access user, and MSK is kept private and confidential by the attribute authorization center. The specific initialization algorithm is shown in the following example.
Setup(1
λ)→(PP,MSK):输入一个安全参数λ,计算步骤包括但不限于为:
Setup(1 λ )→(PP,MSK): Input a security parameter λ, the calculation steps include but not limited to:
1)定义素数p阶的两个乘法循环群G
1和G
2,并定义g为G
1的生成元,定义双线性映射
G
1×G
1→G
2;
1) Define two multiplicative cyclic groups G 1 and G 2 of prime number p order, and define g as the generator of G 1 , and define a bilinear map G 1 ×G 1 →G 2 ;
2)定义哈希函数H
1:{0,1}
*→G
1;
2) Define hash function H 1 : {0,1} * → G 1 ;
3)针对属性集合{A
i}中的每个属性,选取随机数
(此参数为常量/随机数),并计算
3) For each attribute in the attribute set {A i }, select a random number (this parameter is a constant/random number), and calculate
4)选取
(此参数为常量/随机数),计算
4) Select (this parameter is a constant/random number), calculate
5)定义拉格朗日插值函数5) Define the Lagrangian interpolation function
其中,i∈Z
p(此参数为常量/随机数),S为Z
p中的一组元素;
Among them, i∈Z p (this parameter is a constant/random number), S is a set of elements in Z p ;
6)根据以上计算步骤,输出:6) According to the above calculation steps, output:
系统主密钥MSK={t
i,y,u};
System master key MSK={t i ,y,u};
系统公钥
system public key
步骤S200:根据系统公钥、系统主密钥、获取的密钥生成信息以及访问用户的身份标识信息,得到访问用户的用户私钥,其中,身份标识信息单独绑定访问用户,密钥生成信息关联于访问用户。Step S200: According to the system public key, the system master key, the obtained key generation information and the identity information of the access user, the user private key of the access user is obtained, wherein the identity information is separately bound to the access user, and the key generation information Associated with the visiting user.
在一实施例中,基于所确定的系统公钥和系统主密钥,以及关联于访问用户的密钥生成信息和身份标识信息,可以准确计算得到访问用户的用户私钥,通过在访问用户的用户私钥中嵌入唯一绑定于访问用户的身份标识信息,由于属性授权中心存储该访问用户的身份标识信息,因此当恶意用户非法公开其用户私钥导致密钥泄漏发生时,属性授权中心可以通过存储的身份标识信息准确地查找出恶意用户。In one embodiment, based on the determined system public key and system master key, as well as the key generation information and identity information associated with the access user, the user private key of the access user can be accurately calculated, and through the The user's private key is embedded with the identity information that is uniquely bound to the access user. Since the attribute authorization center stores the identity information of the access user, when a malicious user illegally discloses its user private key and causes key leakage, the attribute authorization center can Accurately find malicious users through stored identity information.
可以理解地是,由于不同的访问用户的身份标识信息均不同,因此其他用户不可能利用该身份标识信息进行密钥获取,因此一旦发生密钥泄露的情况,则可以确定必然是与身份标识信息对应的恶意用户进行密钥泄露,从而准确地确定泄露密钥的恶意用户。It is understandable that since different accessing users have different identity information, it is impossible for other users to use the identity information to obtain the key. The corresponding malicious user leaks the key, so as to accurately determine the malicious user who leaked the key.
需要说明的是,身份标识信息的呈现形式可以为多种,本领域技术人员可以根据实际应 用场景对其进行设置,这在本实施例中并未限制。It should be noted that the identity information can be presented in various forms, and those skilled in the art can set it according to the actual application scenario, which is not limited in this embodiment.
在图4的示例中,在密钥生成信息为与访问用户关联的访问控制结构的情况下,步骤S200包括但不限于步骤S210至S220。In the example of FIG. 4 , when the key generation information is an access control structure associated with an accessing user, step S200 includes but is not limited to steps S210 to S220.
步骤S210:对系统公钥、系统主密钥和获取的访问控制结构进行密钥生成处理,得到第一属性私钥;Step S210: Perform key generation processing on the system public key, the system master key and the obtained access control structure to obtain the first attribute private key;
步骤S220:将访问用户的身份标识信息插入到第一属性私钥中,得到访问用户的用户私钥。Step S220: Insert the identity information of the visiting user into the first attribute private key to obtain the user private key of the visiting user.
在一实施例中,基于与访问用户相关联的访问控制结构,结合系统公钥、系统主密钥进行密钥生成处理,能够准确得到第一属性私钥,该第一属性私钥由属性授权中心保持私有保密,在这种情况下,通过将访问用户的身份标识信息插入到第一属性私钥中,得到访问用户的用户私钥,使得属性授权中心能够存储访问用户的身份标识信息,以便于在可能发生密钥泄露的情况下,通过存储的身份标识信息准确地查找出恶意用户。In one embodiment, based on the access control structure associated with the accessing user, combined with the system public key and the system master key to perform key generation processing, the first attribute private key can be accurately obtained, and the first attribute private key is authorized by the attribute. The center keeps private and confidential. In this case, by inserting the identity information of the access user into the first attribute private key, the user private key of the access user is obtained, so that the attribute authorization center can store the identity information of the access user, so that In the case of a possible key leak, the malicious user can be accurately found through the stored identity information.
需要说明的是,在该场景下,基于与访问用户相关联的访问控制结构最终得到访问用户的用户私钥,为涉及KT-KP-ABE的加密方式。It should be noted that in this scenario, based on the access control structure associated with the access user, the user private key of the access user is finally obtained, which is an encryption method involving KT-KP-ABE.
以下给出具体示例以说明上述实施例的工作原理及流程。Specific examples are given below to illustrate the working principles and processes of the above-mentioned embodiments.
示例二:Example two:
针对KT-KP-ABE,基于KeyGeneration(PP,MSK,id,γ)→(SK
id),输入访问用户的身份标识信息id、访问控制结构γ以及已生成的系统公钥PP和系统主密钥MSK,最终输出可追踪的用户私钥SK
id,计算步骤包括但不限于为:
For KT-KP-ABE, based on KeyGeneration(PP,MSK,id,γ)→(SK id ), input the access user’s identity information id, access control structure γ, and the generated system public key PP and system master key MSK, finally output the traceable user private key SK id , the calculation steps include but not limited to:
1)该方案中的访问控制结构采用访问树,其中,定义p
x为树形结构中每个节点x的多项式;针对访问树结构中的根节点root,定义p
root(0)=y,针对访问树结构中的非根节点,定义p
x(0)=p
parent(x)
(index(x))。
1) The access control structure in this scheme adopts the access tree, wherein, define p x as the polynomial of each node x in the tree structure; for the root node root in the access tree structure, define p root (0)=y, for To visit non-root nodes in the tree structure, define p x (0)=p parent(x) (index(x)) .
2)为了达到追踪恶意用户的目的,将一个唯一的身份标识信息H
1(id)
u插入到属性私钥中,以便揭示用户的身份。
2) In order to achieve the purpose of tracking malicious users, a unique identification information H 1 (id) u is inserted into the attribute private key to reveal the identity of the user.
3)根据以上计算步骤,输出用户私钥3) According to the above calculation steps, output the user's private key
在图5的示例中,在密钥生成信息为与访问用户关联的属性集合的情况下,步骤S200包括但不限于步骤S230至S240。In the example of FIG. 5 , when the key generation information is an attribute set associated with the accessing user, step S200 includes but not limited to steps S230 to S240.
步骤S230:对系统公钥、系统主密钥和获取的属性集合进行密钥生成处理,得到第二属性私钥;Step S230: Perform key generation processing on the system public key, the system master key and the acquired attribute set to obtain the second attribute private key;
步骤S240:将访问用户的身份标识信息插入到第二属性私钥中,得到访问用户的用户私钥。Step S240: Insert the identity information of the visiting user into the second attribute private key to obtain the user private key of the visiting user.
在一实施例中,基于访问用户相关联的属性集合,结合系统公钥、系统主密钥进行密钥生成处理,能够准确得到第二属性私钥,该第二属性私钥由属性授权中心保持私有保密,在这种情况下,通过将访问用户的身份标识信息插入到第二属性私钥中,得到访问用户的用户私钥,使得属性授权中心能够存储访问用户的身份标识信息,以便于在可能发生密钥泄露的情况下,通过存储的身份标识信息准确地查找出恶意用户。In one embodiment, based on the attribute set associated with the accessing user, combined with the system public key and the system master key to perform key generation processing, the second attribute private key can be accurately obtained, and the second attribute private key is maintained by the attribute authorization center. Private and confidential, in this case, by inserting the identity information of the access user into the second attribute private key, the user private key of the access user is obtained, so that the attribute authorization center can store the identity information of the access user, so that In the event of key leaks, malicious users can be accurately found through the stored identity information.
需要说明的是,在该场景下,基于与访问用户相关联的属性集合最终得到访问用户的用 户私钥,为涉及KT-CP-ABE的加密方式。It should be noted that in this scenario, based on the attribute set associated with the access user, the user private key of the access user is finally obtained, which is an encryption method involving KT-CP-ABE.
以下给出具体示例以说明上述实施例的工作原理及流程。Specific examples are given below to illustrate the working principles and processes of the above-mentioned embodiments.
示例三:Example three:
针对KT-CP-ABE,基于KeyGeneration(PP,MSK,id,{A
i})→(SK
id),输入访问用户的身份标识信息id、属性集合{A
i}以及已生成的系统公钥PP和系统主密钥MSK,最终输出可追踪的用户私钥SK
id,计算步骤包括但不限于为:
For KT-CP-ABE, based on KeyGeneration(PP,MSK,id,{A i })→(SK id ), input the access user’s identity information id, attribute set {A i } and the generated system public key PP and the system master key MSK, and finally output the traceable user private key SK id , the calculation steps include but are not limited to:
1)为了达到追踪恶意用户的目的,将一个唯一的身份标识信息H
1(id)
u插入到属性私钥中,以便揭示用户的身份。
1) In order to achieve the purpose of tracking malicious users, a unique identification information H 1 (id) u is inserted into the attribute private key to reveal the identity of the user.
2)根据以上计算步骤,输出用户私钥2) According to the above calculation steps, output the user's private key
需要说明的是,为了方便描述,所输出的用户私钥为D
id,但此处所计算得到的D
id即为SK
id,两者实质是相同的,只是命名称谓上出现描述差异,但这并不影响其含义表达,为免产生歧义,下面各实施例中出现类似情况同样作此认定,为免冗余,以下不再赘述。
It should be noted that, for the convenience of description, the output user private key is D id , but the D id calculated here is SK id . It does not affect the expression of its meaning, and in order to avoid ambiguity, similar situations in the following embodiments are also identified as such, and in order to avoid redundancy, details will not be repeated below.
步骤S300:当确定存在对访问用户的待加密明文进行加密处理得到密文的情况,根据访问用户的用户私钥,对密文进行解密处理得到待加密明文。Step S300: When it is determined that the plaintext to be encrypted of the visiting user is encrypted to obtain the ciphertext, according to the user private key of the visiting user, the ciphertext is decrypted to obtain the plaintext to be encrypted.
在一实施例中,在获取到系统公钥、系统主密钥和关联于访问用户的密钥生成信息的情况下,通过在访问用户的用户私钥中嵌入唯一绑定于访问用户的身份标识信息,进而根据该访问用户的用户私钥进行数据加密处理,当恶意用户非法公开其用户私钥导致密钥泄漏发生时,属性授权中心可以通过存储的身份标识信息准确地查找出哪个用户为故意造成密钥泄露的恶意用户,以便于进一步撤销该恶意用户的权限,从而有效修正属性加密系统的漏洞,提升属性加密系统的安全性能。In one embodiment, when the system public key, system master key, and key generation information associated with the access user are obtained, by embedding the identity uniquely bound to the access user in the user private key of the access user information, and then perform data encryption processing according to the user's private key of the accessing user. When a malicious user illegally discloses his user's private key to cause key leakage, the attribute authorization center can accurately find out which user is the intentional user through the stored identity information. Malicious users who cause key leaks can further revoke the malicious user's authority, thereby effectively correcting the loopholes in the attribute encryption system and improving the security performance of the attribute encryption system.
在图6的示例中,步骤S300中的“对访问用户的待加密明文进行加密处理得到密文”包括但不限于步骤S310。In the example of FIG. 6 , "encrypt the plaintext to be encrypted by the visiting user to obtain ciphertext" in step S300 includes, but is not limited to, step S310.
步骤S310:根据系统公钥和访问用户的属性集合,对访问用户的待加密明文进行加密处理得到密文。Step S310: According to the system public key and the attribute set of the visiting user, encrypt the plaintext to be encrypted of the visiting user to obtain the ciphertext.
在一实施例中,由于系统公钥为属性授权中心与访问用户共享,因此当密钥生成信息为与访问用户关联的访问控制结构,则访问用户在获取到系统公钥的情况下,可以进一步地向系统公钥输入属性集合,进而使其根据系统公钥和访问用户的属性集合,对访问用户的待加密明文进行加密处理,准确可靠地得到相关密文,可以理解地是,该情况为对应于KT-KP-ABE的加密方式。In one embodiment, since the system public key is shared by the attribute authorization center with the access user, when the key generation information is the access control structure associated with the access user, the access user can further Input the attribute set to the system public key, and then make it encrypt the plaintext to be encrypted by the accessing user according to the system public key and the attribute set of the accessing user, and obtain the relevant ciphertext accurately and reliably. It can be understood that the situation is Corresponds to the encryption method of KT-KP-ABE.
以下给出具体示例以说明上述实施例的工作原理及流程。Specific examples are given below to illustrate the working principles and processes of the above-mentioned embodiments.
示例四:Example four:
针对KT-KP-ABE,基于Encrypt(M,PP,{A
i})→(CT),输入待加密的明文M,系统公钥PP,属性集合{A
i},最终输出加密后的密文CT,该加密算法的计算步骤包括但不限于为:
For KT-KP-ABE, based on Encrypt(M,PP,{A i })→(CT), input the plaintext M to be encrypted, system public key PP, attribute set {A i }, and finally output the encrypted ciphertext CT, the calculation steps of the encryption algorithm include but are not limited to:
针对待加密的明文M,选定属性集合{A
i},选取
(此参数为常量/随机数),由数据拥有者计算以下信息:
For the plaintext M to be encrypted, select the attribute set {A i }, select (This parameter is a constant/random number), the following information is calculated by the data owner:
C
0=MY
s;
C 0 = MY s ;
C
1,i=U
i
s;
C 1,i = U i s ;
C
2,i=T
i
s;
C 2,i =T i s ;
最终,生成的密文为CT={C
0,C
1,i,C
2,i}。
Finally, the generated ciphertext is CT={C 0 , C 1,i ,C 2,i }.
然后,基于Decrypt(CT,SK
id)→(M),输入密文CT以及可追踪的私钥SK
id,最终输出解密后的明文M,即共享用户用自己的私钥去解密一份密文,该解密算法的计算步骤包括但不限于为:
Then, based on Decrypt(CT,SK id )→(M), input the ciphertext CT and the traceable private key SK id , and finally output the decrypted plaintext M, that is, the shared user uses his own private key to decrypt a ciphertext , the calculation steps of the decryption algorithm include but are not limited to:
1)定义递归函数DecryptNode(x,D
id,CT),该函数以访问控制树结构γ上的节点x、用户私钥D
id以及密文CT作为输入。
1) Define the recursive function DecryptNode(x, D id , CT), which takes node x on the access control tree structure γ, user private key D id and ciphertext CT as input.
2)若x是叶节点,计算如下:2) If x is a leaf node, the calculation is as follows:
3)若x是非叶节点,先定义z为x的子节点,然后调用DecryptNode(z,D
id,CT)并将结果表示为F
z,计算如下:
3) If x is a non-leaf node, first define z as a child node of x, then call DecryptNode(z,D id ,CT) and express the result as F z , the calculation is as follows:
i=index(z),S
x,={index(z):z∈S
x}
i=index(z),S x, ={index(z):z∈S x }
4)通过调用函数DecryptNode(x,D
id,CT)计算出:
4) Calculated by calling the function DecryptNode(x, D id , CT):
计算明文:Compute the plaintext:
针对计算明文结果的正确性证明如下:The correctness proof of the calculated plaintext results is as follows:
可以理解地是,要计算出F
root的值,必须得到满足访问控制树结构的叶节点的值。无论x是否是叶节点,
恒成立。因此,根节点F
root的值可以计算为:
It can be understood that, to calculate the value of F root , the value of the leaf node satisfying the access control tree structure must be obtained. Whether x is a leaf node or not, Heng established. Therefore, the value of the root node F root can be calculated as:
p
root(0)=y;
p root (0) = y;
C
0=MY
s;
C 0 = MY s ;
由此可以证明明文M的计算正确性。Therefore, the calculation correctness of the plaintext M can be proved.
在图7的示例中,步骤S300中的“对访问用户的待加密明文进行加密处理得到密文”包括但不限于步骤S320。In the example of FIG. 7 , "encrypt the plaintext to be encrypted by the visiting user to obtain ciphertext" in step S300 includes, but is not limited to, step S320.
步骤S320:根据系统公钥和访问用户的访问控制结构,对访问用户的待加密明文进行加密处理得到密文。Step S320: According to the system public key and the access control structure of the access user, encrypt the plaintext to be encrypted by the access user to obtain the cipher text.
在一实施例中,由于系统公钥为属性授权中心与访问用户共享,因此当密钥生成信息为与访问用户关联的属性集合,则访问用户在获取到系统公钥的情况下,可以进一步地向系统公钥输入访问控制结构,进而使其根据系统公钥和访问用户的访问控制结构,对访问用户的待加密明文进行加密处理,准确可靠地得到相关密文,可以理解地是,该情况为对应于KT-CP-ABE的加密方式。In one embodiment, since the system public key is shared by the attribute authorization center with the access user, when the key generation information is the attribute set associated with the access user, the access user can further Enter the access control structure to the system public key, and then make it encrypt the plaintext to be encrypted by the access user according to the system public key and the access control structure of the access user, and obtain the relevant ciphertext accurately and reliably. It is understandable that in this case It is the encryption method corresponding to KT-CP-ABE.
以下给出具体示例以说明上述实施例的工作原理及流程。Specific examples are given below to illustrate the working principles and processes of the above-mentioned embodiments.
示例五:Example five:
针对KT-CP-ABE,基于Encrypt(M,PP,{A
i})→(CT),输入待加密的明文M,系统公钥PP,访问控制结构γ,最终输出加密后的密文CT,该加密算法的计算步骤包括但不限于为:
For KT-CP-ABE, based on Encrypt(M,PP,{A i })→(CT), input the plaintext M to be encrypted, system public key PP, access control structure γ, and finally output the encrypted ciphertext CT, The calculation steps of the encryption algorithm include but are not limited to:
针对待加密的明文M,选定访问控制结构γ,随机选择一个秘密数
(此参数为常量/随机数),以及一个LSSSΠ访问结构
令
为一个(m×n)的矩阵,函数ρ
(.)将属性关联到
的行。其中,限制ρ
(.)为一个单映射函数,这意味着单个属性最多与
的一行相关联。加密人随机选择一个向量
该向量将用于共享加密指数s的值。令
其中
代表矩阵
中的第i行。选取
(此参数为常量/随机数),则数据拥有者计算以下信息:
For the plaintext M to be encrypted, select the access control structure γ, and randomly select a secret number (this parameter is a constant/random number), and a LSSSΠ access structure make is a (m×n) matrix, and the function ρ (.) associates attributes to line. where ρ (.) is constrained to be a single mapping function, which means that a single attribute is at most associated with a row. Cryptoman randomly chooses a vector This vector will be used to share the value of the encrypted exponent s. make in representative matrix The i-th row in . select (This parameter is a constant/random number), then the data owner calculates the following information:
C
0=MY
s;
C 0 = MY s ;
最终,生成的密文为CT={C
0,C
1,i,C
2,i,C
3,i}。
Finally, the generated ciphertext is CT={C 0 ,C 1,i ,C 2,i ,C 3,i }.
然后,基于Decrypt(CT,SK
id)→(M),输入密文CT以及可追踪的私钥SK
id,最终输出解密后的明文M,即共享用户用自己的私钥去解密一份密文,该解密算法的计算步骤包括但不限于为:
Then, based on Decrypt(CT,SK id )→(M), input the ciphertext CT and the traceable private key SK id , and finally output the decrypted plaintext M, that is, the shared user uses his own private key to decrypt a ciphertext , the calculation steps of the decryption algorithm include but are not limited to:
正确性证明如下:The proof of correctness is as follows:
若存在这样的常量{ω
i∈Z
p}
i∈I,且{λ
i}是根据LSSSΠ的任何秘密s的有效共享,那么∑
i∈Iω
iλ
i=s。
If there exists such a constant {ω i ∈ Z p } i∈I , and {λ i } is an effective sharing of any secret s according to LSSSΠ, then ∑ i ∈ I ω i λ i =s.
由此可以证明明文M的计算正确性。Therefore, the calculation correctness of the plaintext M can be proved.
此外,为了证明上述KT-KP-ABE和KT-CP-ABE方案的安全性,以下给出相关示例分别进行说明。In addition, in order to prove the security of the above-mentioned KT-KP-ABE and KT-CP-ABE schemes, relevant examples are given below for illustration.
示例六:Example six:
运用改进的判定双线性Diffie-Hellman相关问题来证明KT-KP-ABE方案的安全性。The improved decision bilinear Diffie-Hellman correlation problem is used to prove the security of the KT-KP-ABE scheme.
依据定理为:若Diffie-Hellman相关问题在多项式时间内不能被成功求解,那么KT-KP-ABE方案是选择密文攻击安全的,其中,多项式时间为本领域技术用语,在计算复杂度理论中,指的是一个问题的计算时间{\displaystyle m(n)}不大于问题大小{\displaystyle n}的多项式倍数,任何抽象机器都拥有一复杂度类,此类包括可于此机器以多项式时间求解的问题。The basis of the theorem is: if the Diffie-Hellman related problems cannot be successfully solved in polynomial time, then the KT-KP-ABE scheme is safe for choosing ciphertext attacks, where polynomial time is a technical term in the field, and in computational complexity theory , which means that the computational time {\displaystyle m(n)} of a problem is not greater than a polynomial multiple of the problem size {\displaystyle n}. Any abstract machine has a complexity class, which includes Solve the problem.
待证明:假如存在攻击者可以在多项式时间以不可忽略的优势σ赢得关于所提出的KT-KP-ABE方案的攻击游戏,那么可以尝试构造一个模拟器可以以σ/2的优势解决该问题。To be proved: If there is an attack game in which the attacker can win the proposed KT-KP-ABE scheme with a non-negligible advantage σ in polynomial time, then we can try to construct a simulator that can solve this problem with an advantage of σ/2.
其中,挑战者和攻击者参与的攻击游戏构造流程如下:Among them, the construction process of the attack game in which the challenger and the attacker participate is as follows:
Init:攻击者选定一个挑战的属性集合A
*。
Init: The attacker selects a challenging attribute set A * .
Setup:挑战者模拟构造一个攻击环境如下:Setup: The challenger simulates and constructs an attack environment as follows:
1)定义素数p阶的两个乘法循环群G
1和G
2,并定义g为G
1的生成元;
1) Define two multiplicative cyclic groups G 1 and G 2 of prime number p order, and define g as the generator of G 1 ;
2)定义双线性映射
G
1×G
1→G
2;
2) Define a bilinear map G 1 ×G 1 →G 2 ;
3)定义哈希函数H
1:{0,1}
*→G
1;
3) Define hash function H 1 : {0,1} * → G 1 ;
4)随机选择μ∈{0,1},a,b,c,z∈Z
p,令
4) Randomly select μ∈{0,1}, a,b,c,z∈Z p , let
攻击者定义一个属性集{A
l}并在其中进行挑战游戏,攻击者的身份标识信息用id表示。
The attacker defines an attribute set {A l } and plays a challenge game in it, and the identity information of the attacker is represented by id.
模拟器随机选择u,α
i,β
i∈Z
p,设置公共参数如下:
The simulator randomly selects u, α i , β i ∈ Z p , and sets the public parameters as follows:
根据以上计算步骤,得到:According to the above calculation steps, we get:
系统公钥
system public key
系统主密钥为MSK={a,u,t
i}。
The system master key is MSK={a,u,t i }.
挑战者将系统公钥PP传输给攻击者,并留存系统主密钥MSK。The challenger transmits the system public key PP to the attacker and keeps the system master key MSK.
询问阶段1:攻击者可以向挑战者提出下列询问:Query Phase 1: The attacker can ask the challenger the following queries:
密钥生成询问:攻击者提交对访问控制结构γ的密钥生成的查询。该方案中访问控制结构采用访问树。其中,定义p
x为树形结构中每个节点x的多项式。
Key Generation Query: The attacker submits a key generation query to the access control structure γ. In this scheme, access control structure adopts access tree. Among them, p x is defined as the polynomial of each node x in the tree structure.
针对访问树结构中的根节点root,定义p
root(0)=a;针对访问树结构中的非根节点,定义p
x(0)=p
parent(x)
(index(x))。攻击者的身份标识信息用id表示,攻击者的密钥构造如下:
For the root node root in the access tree structure, define p root (0)=a; for non-root nodes in the access tree structure, define p x (0)=p parent(x) (index(x)) . The identity information of the attacker is represented by id, and the key structure of the attacker is as follows:
挑战者将D
id公开给攻击者。
The challenger discloses the D id to the attacker.
解密询问:攻击者提交对密文CT={C
0,C
1,i,C
2,i}的解密查询请求,模拟器运行解密算法Decrypt(CT,PP,D
id)→(M):
Decryption query: The attacker submits a decryption query request for the ciphertext CT={C 0 ,C 1,i ,C 2,i }, and the simulator runs the decryption algorithm Decrypt(CT,PP,D id )→(M):
然后将明文M发送至攻击者。The plaintext M is then sent to the attacker.
挑战阶段:攻击者完成询问阶段1后,选择两条相同大小的明文M
0、M
1返回给挑战者,其中,M
0和M
1不能出现在之前的解密询问中。然后挑战者用攻击者事前选定的挑战属 性集合A
*加密
其中μ∈{0,1}为随机的。密文
的构造如下:
Challenge phase: After the attacker completes the query phase 1, he selects two plaintexts M 0 and M 1 of the same size and returns them to the challenger. Among them, M 0 and M 1 cannot appear in the previous decryption query. Then the challenger encrypts with the challenge attribute set A * selected by the attacker in advance where μ∈{0,1} is random. ciphertext is constructed as follows:
生成的密文为
加密结束后将密文传送给攻击者。
The generated ciphertext is After the encryption is complete, the ciphertext is transmitted to the attacker.
而C
o又为:
And C o is:
因此,可以得出:Therefore, it can be concluded that:
当μ=0时,密文
When μ=0, the ciphertext
当μ=1时,密文
When μ=1, the ciphertext
令
计算
make calculate
当μ=0时,
此时密文
说明这是一个正确合法的密文。
When μ=0, At this time the ciphertext It shows that this is a correct and legal ciphertext.
询问阶段2:重复询问阶段1的操作,攻击者继续向挑战者发出有限次的私钥生成询问和解密询问。Inquiry Phase 2: Repeat the operation of Inquiry Phase 1, and the attacker continues to send a limited number of private key generation inquiries and decryption inquiries to the challenger.
猜测阶段:攻击者提交一个猜测值μ
*,只有当μ
*=μ,攻击者才能赢得游戏。基于上述描述,定义攻击者在此攻击游戏中的优势为
Guessing phase: the attacker submits a guess value μ * , only when μ * =μ, the attacker can win the game. Based on the above description, the advantage of the attacker in this attack game is defined as
区分以下两个多元组情况下讨论模拟器的优势:(A=g
a,B=g
b,C=g
c,
),(A=g
a,B=g
b,C=g
c,
)。
Discuss the advantages of simulators by distinguishing the following two tuple cases: (A=g a , B=g b , C=g c , ), (A=g a , B=g b , C=g c , ).
当μ=1时,密文是随机的,攻击者无法获得任何有关μ
1的有用信息,在这种情况下:
When μ = 1, the ciphertext is random, and the attacker cannot obtain any useful information about μ 1 , in this case:
又因为当μ
1
*≠μ
1时,模拟器输出μ′=1,在这种情况下:
And because when μ 1 * ≠μ 1 , the simulator outputs μ′=1, in this case:
当μ=0时,密文是正确合法的,根据上述假设,攻击者有不可忽略的优势σ攻破所提出的方案。在这种情况下:When μ = 0, the ciphertext is correct and legal. According to the above assumptions, the attacker has a non-negligible advantage σ to break the proposed scheme. in this case:
又因为当μ
1
*=μ
1时,模拟器输出μ′=0,在这种情况下:
And because when μ 1 * =μ 1 , the simulator outputs μ′=0, in this case:
综上所述,模拟器解决上文描述难题的优势为:To sum up, the advantages of the simulator to solve the problems described above are:
由此可以证明模拟器可以以σ/2的优势解决上述难题,因此KT-KP-ABE方案是选择密文攻击安全的。It can be proved that the simulator can solve the above problems with the advantage of σ/2, so the KT-KP-ABE scheme is safe for choosing ciphertext attacks.
示例七:Example seven:
运用改进的判定双线性Diffie-Hellman相关问题来证明KT-CP-ABE方案的安全性。The improved decision bilinear Diffie-Hellman correlation problem is used to prove the security of the KT-CP-ABE scheme.
依据定理为:若Diffie-Hellman相关问题在多项式时间内不能被成功求解,那么KT-KP-ABE方案是选择密文攻击安全的。The basis theorem is: if the Diffie-Hellman related problems cannot be successfully solved in polynomial time, then the KT-KP-ABE scheme is safe for choosing ciphertext attacks.
待证明:假如存在攻击者可以在多项式时间以不可忽略的优势σ赢得关于所提出的KT-CP-ABE方案的攻击游戏,那么可以尝试构造一个模拟器可以以σ/2的优势解决该问题。To be proved: If there is an attack game in which the attacker can win the proposed KT-CP-ABE scheme with a non-negligible advantage σ in polynomial time, then we can try to construct a simulator that can solve this problem with an advantage of σ/2.
其中,挑战者和攻击者参与的攻击游戏构造流程如下:Among them, the construction process of the attack game in which the challenger and the attacker participate is as follows:
Init:攻击者选定一个挑战的访问控制结构γ
*。
Init: The attacker chooses a challenging access control structure γ * .
Setup:挑战者模拟构造一个攻击环境如下:Setup: The challenger simulates and constructs an attack environment as follows:
1)定义素数p阶的两个乘法循环群G
1和G
2,并定义g为G
1的生成元;
1) Define two multiplicative cyclic groups G 1 and G 2 of prime number p order, and define g as the generator of G 1 ;
2)定义双线性映射
G
1×G
1→G
2;
2) Define a bilinear map G 1 ×G 1 →G 2 ;
3)定义哈希函数H
1:{0,1}
*→G
1;
3) Define hash function H 1 : {0,1} * → G 1 ;
4)随机选择μ∈{0,1},a,b,c,z∈Z
p,令
4) Randomly select μ∈{0,1}, a,b,c,z∈Z p , let
攻击者定义一个属性集{A
l}并在其中进行挑战游戏,攻击者的身份标识信息用id表示。
The attacker defines an attribute set {A l } and plays a challenge game in it, and the identity information of the attacker is represented by id.
模拟器随机选择u,α
i,β
i∈Z
p,设置公共参数如下:
The simulator randomly selects u, α i , β i ∈ Z p , and sets the public parameters as follows:
根据以上计算步骤,得到:According to the above calculation steps, we get:
系统公钥
system public key
系统主密钥为MSK={a,u,t
i}。
The system master key is MSK={a,u,t i }.
挑战者将系统公钥PP传输给攻击者,并留存系统主密钥MSK。The challenger transmits the system public key PP to the attacker and keeps the system master key MSK.
询问阶段1:攻击者可以向挑战者提出下列询问:Query Phase 1: The attacker can ask the challenger the following queries:
密钥生成询问:攻击者提交对用户属性A
i的密钥生成的查询。攻击者的身份标识信息用 id表示,攻击者的密钥构造如下:
Key Generation Query: The attacker submits a key generation query for user attribute Ai . The identity information of the attacker is represented by id, and the key structure of the attacker is as follows:
挑战者将D
id公开给攻击者。
The challenger discloses the D id to the attacker.
解密询问:攻击者提交对密文CT={C
0,C
1,i,C
2,i,C
3,i}的解密查询请求,模拟器运行解密算法Decrypt(CT,PP,D
id)→(M):
Decryption query: the attacker submits a decryption query request for the ciphertext CT={C 0 ,C 1,i ,C 2,i ,C 3,i }, and the simulator runs the decryption algorithm Decrypt(CT,PP,D id )→ (M):
然后将明文M发送至攻击者。The plaintext M is then sent to the attacker.
挑战阶段:攻击者完成询问阶段1后,选择两条相同大小的明文M
0、M
1返回给挑战者,其中,M
0和M
1不能出现在之前的解密询问中。然后挑战者用攻击者事前选定的挑战访
Challenge phase: After the attacker completes the query phase 1, he selects two plaintexts M 0 and M 1 of the same size and returns them to the challenger. Among them, M 0 and M 1 cannot appear in the previous decryption query. The challenger then visits the
问控制结构γ
*加密
其中μ∈{0,1}为随机的。密文
的构造如下:
Ask Control Structure | * Encryption where μ∈{0,1} is random. ciphertext is constructed as follows:
生成的密文
加密结束后将密文传送给攻击者。
Generated ciphertext After the encryption is complete, the ciphertext is transmitted to the attacker.
而C
o又为:
And C o is:
因此,可以得出:Therefore, it can be concluded that:
当μ=0时,密文
When μ=0, the ciphertext
当μ=1时,密文
When μ=1, the ciphertext
令
当μ=0时,
make When μ=0,
此时密文
说明这是一个正确合法的密文。
At this time the ciphertext It shows that this is a correct and legal ciphertext.
询问阶段2:重复询问阶段1的操作,攻击者继续向挑战者发出有限次的私钥生成询问和解密询问。Inquiry Phase 2: Repeat the operation of Inquiry Phase 1, and the attacker continues to send a limited number of private key generation inquiries and decryption inquiries to the challenger.
猜测阶段:攻击者提交一个猜测值μ
*,只有当μ
*=μ,攻击者才能赢得游戏。基于上述描述,定义攻击者在此攻击游戏中的优势为
Guessing phase: the attacker submits a guess value μ * , only when μ * =μ, the attacker can win the game. Based on the above description, the advantage of the attacker in this attack game is defined as
区分以下两个多元组情况下讨论模拟器的优势:(A=g
a,B=g
b,C=g
c,
),(A=g
a,B=g
b,C=g
c,
)。
Discuss the advantages of simulators by distinguishing between the following two tuple cases: (A=g a , B=g b , C=g c , ), (A=g a , B=g b , C=g c , ).
当μ=1时,密文是随机的,攻击者无法获得任何有关μ
1的有用信息,在这种情况下:
When μ = 1, the ciphertext is random, and the attacker cannot obtain any useful information about μ 1 , in this case:
又因为当μ
1
*≠μ
1时,模拟器输出μ′=1,在这种情况下:
And because when μ 1 * ≠μ 1 , the simulator outputs μ′=1, in this case:
当μ=0时,密文是正确合法的,根据上述假设,攻击者有不可忽略的优势σ攻破所提出的方案。在这种情况下:When μ = 0, the ciphertext is correct and legal. According to the above assumptions, the attacker has a non-negligible advantage σ to break the proposed scheme. in this case:
又因为当μ
1
*=μ
1时,模拟器输出μ′=0,在这种情况下:
And because when μ 1 * =μ 1 , the simulator outputs μ′=0, in this case:
综上所述,模拟器解决上文描述难题的优势为:To sum up, the advantages of the simulator to solve the problems described above are:
由此可以证明模拟器可以以σ/2的优势解决上述难题,因此KT-CP-ABE方案是选择密文攻击安全的。It can be proved that the simulator can solve the above problems with the advantage of σ/2, so the KT-CP-ABE scheme is safe for choosing ciphertext attacks.
在图8的示例中,当访问用户为多个,本申请实施例的数据加密方法还包括但不限于步骤S400。In the example in FIG. 8, when there are multiple accessing users, the data encryption method in this embodiment of the present application further includes but is not limited to step S400.
步骤S400:根据多个访问用户的身份标识信息、用户私钥以及与访问用户关联的密钥生成信息,对多个访问用户进行身份追踪。Step S400: Perform identity tracking on multiple visiting users according to the identification information of the multiple visiting users, the user's private key and the key generation information associated with the visiting users.
在一实施例中,当确定每个访问用户的身份标识信息、用户私钥以及与访问用户关联的密钥生成信息,可以基于每个访问用户的身份标识信息、用户私钥以及与访问用户关联的密钥生成信息进行判别计算,从而得到相应的判别参数,以通过该判别参数来准确查验用户的身份,实现对访问用户的身份追踪,可以理解地是,对于每个访问用户均可以进行同样的判别计算以实现身份追踪,直到找到相应的恶意用户为止。In an embodiment, when determining the identity information of each access user, the user private key, and the key generation information associated with the access user, it may be based on the identity information of each access user, the user private key, and the key generation information associated with the access user. According to the discriminative calculation of the key generation information, the corresponding discriminant parameters can be obtained, so as to accurately check the identity of the user through the discriminant parameters, and realize the identity tracking of the accessing user. It is understandable that the same can be done for each accessing user. The discriminant calculation is used to realize identity tracking until the corresponding malicious user is found.
在图9的示例中,步骤S400包括但不限于步骤S410至S420。In the example of FIG. 9 , step S400 includes but not limited to steps S410 to S420.
步骤S410:对多个访问用户的身份标识信息、用户私钥以及与访问用户关联的密钥生成信息进行处理,生成携带多组数据验证信息的密钥泄露追踪列表,其中,一组数据验证信息包括一个访问用户的身份标识信息和用户私钥;Step S410: Process the identity information of multiple access users, user private keys, and key generation information associated with the access users, and generate a key leakage tracking list carrying multiple sets of data verification information, wherein a set of data verification information Including an access user's identity information and user's private key;
步骤S420:根据密钥泄露追踪列表对各个访问用户进行身份追踪。Step S420: Tracing the identity of each accessing user according to the key leakage tracking list.
在一实施例中,由于密钥泄露追踪列表包含多组数据验证信息,且每组数据验证信息包括一个访问用户的身份标识信息和用户私钥,因此通过查询该密钥泄露追踪列表即可确认每个访问用户的身份标识信息和用户私钥之间的对应关系,当出现恶意用户泄露密钥的情况,属性授权中心可以通过搜索用户私钥所对应的身份标识信息,从而实现查找出泄露密钥的恶意用户的目的。In one embodiment, since the key leakage tracking list contains multiple sets of data verification information, and each set of data verification information includes an access user's identity information and user private key, it can be confirmed by querying the key leakage tracking list The corresponding relationship between the identity information of each accessing user and the user's private key. When a malicious user leaks the key, the attribute authorization center can search for the identity information corresponding to the user's private key to find out the leaked key. purpose of malicious users of the key.
以下给出具体示例以说明上述实施例的工作原理。A specific example is given below to illustrate the working principle of the above-mentioned embodiment.
示例八:Example eight:
若属性加密系统中的用户数量相对不算太多,则属性授权中心可以构建一个数据列表作为密钥泄露追踪列表,以记录访问用户的身份标识信息和相对应的用户私钥,如下表1和表2所示,其中,表1为KT-KP-ABE方案中的访问用户的身份标识信息和相对应的用户私钥,表2为KT-CP-ABE方案中的访问用户的身份标识信息和相对应的用户私钥。当发生私钥泄漏时,属性授权中心通过搜索用户私钥相对应的身份标识信息,就可以追踪到恶意用户的身份。If the number of users in the attribute encryption system is relatively small, the attribute authorization center can build a data list as a key leakage tracking list to record the identity information of the accessing user and the corresponding user private key, as shown in Table 1 and As shown in Table 2, wherein, Table 1 is the identity information of the visiting user and the corresponding user private key in the KT-KP-ABE scheme, and Table 2 is the identity information and the corresponding user private key of the visiting user in the KT-CP-ABE scheme. The corresponding user private key. When the private key is leaked, the attribute authorization center can trace the identity of the malicious user by searching the identity information corresponding to the user's private key.
表1 KT-KP-ABE方案中的访问用户的身份标识信息和相对应的用户私钥Table 1 The identity information of the access user and the corresponding user private key in the KT-KP-ABE scheme
表2 KT-CP-ABE方案中的访问用户的身份标识信息和相对应的用户私钥Table 2 The identity information of the access user and the corresponding user private key in the KT-CP-ABE scheme
在图10的示例中,步骤S400包括但不限于步骤S430至S440。In the example of FIG. 10 , step S400 includes but not limited to steps S430 to S440.
步骤S430:根据多个访问用户的身份标识信息、用户私钥以及与访问用户关联的密钥生成信息,确定密钥泄露追踪条件;Step S430: Determine key leakage tracking conditions according to the identification information of multiple access users, user private keys, and key generation information associated with the access users;
步骤S440:根据密钥泄露追踪条件对各个访问用户进行身份追踪。Step S440: Tracing the identity of each accessing user according to key leakage tracking conditions.
在一实施例中,由于密钥泄露追踪列表包含多组数据验证信息,且每组数据验证信息包括一个访问用户的身份标识信息和用户私钥,因此通过查询该密钥泄露追踪列表即可确认每个访问用户的身份标识信息和用户私钥之间的对应关系,当出现恶意用户泄露密钥的情况,属性授权中心可以通过搜索用户私钥所对应的身份标识信息,从而实现查找出泄露密钥的恶意用户的目的。In one embodiment, since the key leakage tracking list contains multiple sets of data verification information, and each set of data verification information includes an access user's identity information and user private key, it can be confirmed by querying the key leakage tracking list The corresponding relationship between the identity information of each accessing user and the user's private key. When a malicious user leaks the key, the attribute authorization center can search for the identity information corresponding to the user's private key to find out the leaked key. purpose of malicious users of the key.
在一实施例中,由于密钥泄露追踪条件较为直观明确,因此通过根据多个访问用户的身份标识信息、用户私钥以及与访问用户关联的密钥生成信息以确定密钥泄露追踪条件,从而当出现恶意用户泄露密钥的情况,属性授权中心可以通过计算密钥泄露追踪条件来判定访问用户所对应的身份标识信息是否对应,从而实现查找出泄露密钥的恶意用户的目的。In one embodiment, since the key leakage tracking conditions are relatively intuitive and clear, the key leakage tracking conditions are determined according to the identification information of multiple access users, the user private key, and the key generation information associated with the access users, so that When a malicious user leaks the key, the attribute authorization center can determine whether the identity information corresponding to the accessing user corresponds by calculating the key leak tracking condition, so as to achieve the purpose of finding out the malicious user who leaked the key.
以下给出具体示例以说明上述实施例的工作原理。A specific example is given below to illustrate the working principle of the above-mentioned embodiment.
示例九:Example nine:
如果一个可疑的用户被认为是一个非法暴露私钥的恶意用户,那么属性授权中心可以通过验证一个等式来确定。If a suspicious user is considered to be a malicious user who illegally exposed the private key, the attribute authority can be determined by verifying an equation.
在所提出的KT-KP-ABE方案中,属性授权中心验证等式
是否成立。
In the proposed KT-KP-ABE scheme, the attribute authorization center verifies the equation Whether it is established.
正确性证明如下:The proof of correctness is as follows:
在所提出的KT-CP-ABE方案中,属性授权中心验证等式
是否成立。
In the proposed KT-CP-ABE scheme, the attribute authorization center verifies the equation Whether it is established.
正确性证明如下:The proof of correctness is as follows:
由于计算过程中涉及的参数都是属性授权中心已知的,因此属性授权中心可以对上述计算方程进行验证,从而确认可疑用户是否是泄露私钥的叛徒。Since the parameters involved in the calculation process are known to the attribute authorization center, the attribute authorization center can verify the above calculation equation to confirm whether the suspicious user is a traitor who leaked the private key.
示例十:Example ten:
若用户数量相对较为庞大,则属性授权中心可以按照如下流程进行追踪:If the number of users is relatively large, the attribute authorization center can follow the following process to track:
在所提出的KT-KP-ABE方案中,属性授权中心计算每个属性A
i的值
当密钥泄漏发生时,属性授权中心尝试一个值
并计算
当x=i时,恶意用户的身份将被精确的查出来。由于属性的数量远远小于属性加密系统中的用户数量,因此属性授权中心找到满足x=i的对应值
并不需要太多的计算量。
In the proposed KT-KP-ABE scheme, the attribute authority center calculates the value of each attribute A i When a key leak occurs, the property authority tries a value and calculate When x=i, the identity of the malicious user will be detected accurately. Since the number of attributes is much smaller than the number of users in the attribute encryption system, the attribute authorization center finds the corresponding value that satisfies x=i Doesn't require much computation.
正确性证明如下:The proof of correctness is as follows:
在所提出的KT-CP-ABE方案中,属性授权中心计算每个属性A
i的值
当密钥泄漏发生时,属性授权中心尝试一个值
并计算
当x=i时,恶意用户的身份将被精确的查出来。由于属性的数量远远小于系统中的用户数量,因此属性授权中心找到满足x=i的对应值
并不需要太多的计算量。
In the proposed KT-CP-ABE scheme, the attribute authorization center calculates the value of each attribute A i When a key leak occurs, the property authority tries a value and calculate When x=i, the identity of the malicious user will be detected accurately. Since the number of attributes is much smaller than the number of users in the system, the attribute authorization center finds the corresponding value that satisfies x=i Doesn't require much computation.
正确性证明如下:The proof of correctness is as follows:
由于上述计算过程所涉及的参数均为属性授权中心已知的,因此属性授权中心可以准确的找出恶意用户的身份。Since the parameters involved in the above calculation process are known to the attribute authorization center, the attribute authorization center can accurately find out the identity of the malicious user.
此外,针对本申请实施例的KT-KP-ABE和KT-CP-ABE相比于相关技术的优势,以下结合 KT-KP-ABE、KT-CP-ABE及相关技术之间的具体对比结果进行示例说明。In addition, for the advantages of KT-KP-ABE and KT-CP-ABE in the embodiment of the present application compared with related technologies, the following is carried out in combination with the specific comparison results between KT-KP-ABE, KT-CP-ABE and related technologies Example illustration.
可以理解地是,在基于属性的密码体制中,双线性配对运算和指数运算比其他运算占用更多的计算资源。因此,减少双线性配对运算和指数运算的次数可以在很大程度上提高算法的效率,为此将本申请实施例所提出的KT-KP-ABE的方案、KT-CP-ABE方案与相关技术中的[1]方案、[2]方案以及[3]方案进行访问结构、加解密计算消耗、用户私钥大小以及密文大小进行比较。其中,设定“Exp”为一次指数运算消耗,“Pair”为一次双线性配对运算消耗,“n”为加密中涉及的属性的数量,“|p|”为每个私钥的大小|D
id|,方案对比结果如下表3所示。
It is understandable that in attribute-based cryptosystems, bilinear pairing operations and exponential operations occupy more computing resources than other operations. Therefore, reducing the number of bilinear pairing operations and exponential operations can greatly improve the efficiency of the algorithm. For this reason, the KT-KP-ABE scheme and the KT-CP-ABE scheme proposed in the embodiment of the application are related to The [1] scheme, [2] scheme and [3] scheme in the technology compare the access structure, encryption and decryption calculation consumption, user private key size and ciphertext size. Among them, "Exp" is set as the consumption of an exponential operation, "Pair" is the consumption of a bilinear pairing operation, "n" is the number of attributes involved in encryption, and "|p|" is the size of each private key| D id |, the scheme comparison results are shown in Table 3 below.
表3 KT-KP-ABE、KT-CP-ABE与相关技术的计算参数对比结果Table 3 Comparison results of calculation parameters of KT-KP-ABE, KT-CP-ABE and related technologies
从表3的对比结果可以看出,本申请实施例所提方案在加密算法中的计算消耗明显低于其他方案,并且在解密算法中采用了较少的双线性配对运算,因此在加解密计算消耗方面,本申请实施例的KT-KP-ABE和KT-CP-ABE由于减少了双线性配对运算和指数运算次数而具有较高的效率。From the comparison results in Table 3, it can be seen that the calculation consumption of the encryption algorithm proposed by the embodiment of the present application is significantly lower than that of other schemes, and less bilinear pairing operations are used in the decryption algorithm. In terms of calculation consumption, the KT-KP-ABE and KT-CP-ABE of the embodiment of the present application have higher efficiency due to the reduced number of bilinear pairing operations and exponential operations.
除了加解密算法的效率较高外,KT-KP-ABE和KT-CP-ABE在私钥和密文的大小方面也有较好的效率表现。由于属性授权中心必须生成和存储所有用户的私钥,以便在密钥泄漏时追踪恶意用户的身份,因此减小属性私钥的大小可以减少整个属性加密系统的存储和计算负担,按照上述方案具体构造中的密钥生成算法描述分析,每个私钥的大小为|D
id|=|p|,因此,所有属性私钥的总大小为n|p|,根据前述实施例中对加密算法的描述分析,可以计算出KT-KP-ABE和KT-CP-ABE中密文的大小分别为(2n+1)|p|和(3n+1)|p|,通过对比可以看出,KT-KP-ABE和KT-CP-ABE中用户的私钥的大小要相对小很多,这将减轻属性授权中心在密钥分发和存储方面的沉重负担。并且,KT-KP-ABE和KT-CP-ABE中的密文大小相对也小一些。综上所述,以上比较结果表明,从整体效率的角度来看,本申请实施例的KT-KP-ABE和KT-CP-ABE具有较低的计算成本和更好的性能,既能利用属性加密的细粒度数据访问控制优势,又能满足不同用户通过其唯一的私钥进行区分的需求。
In addition to the higher efficiency of encryption and decryption algorithms, KT-KP-ABE and KT-CP-ABE also have better performance in terms of private key and ciphertext size. Since the attribute authorization center must generate and store the private keys of all users in order to trace the identity of malicious users when the key is leaked, reducing the size of the attribute private key can reduce the storage and computing burden of the entire attribute encryption system, according to the above scheme. The key generation algorithm in the construction is described and analyzed, the size of each private key is |D id |=|p|, therefore, the total size of all attribute private keys is n|p|, according to the encryption algorithm in the previous embodiment Descriptive analysis, it can be calculated that the sizes of the ciphertexts in KT-KP-ABE and KT-CP-ABE are (2n+1)|p| and (3n+1)|p| respectively. It can be seen from the comparison that KT- The size of the user's private key in KP-ABE and KT-CP-ABE is relatively small, which will reduce the heavy burden on the key distribution and storage of the attribute authority. Moreover, the ciphertext sizes in KT-KP-ABE and KT-CP-ABE are relatively smaller. To sum up, the above comparison results show that from the perspective of overall efficiency, the KT-KP-ABE and KT-CP-ABE of the embodiment of the present application have lower computational cost and better performance, both can utilize the attribute The fine-grained data access control advantages of encryption can also meet the needs of different users to be distinguished through their unique private keys.
另外,参照图11,本申请的一个实施例还提供了一种属性授权中心,该属性授权中心包 括:存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序。In addition, referring to FIG. 11 , an embodiment of the present application also provides an attribute authorization center, which includes: a memory, a processor, and a computer program stored on the memory and operable on the processor.
处理器和存储器可以通过总线或者其他方式连接。The processor and memory can be connected by a bus or other means.
实现上述实施例的数据加密方法所需的非暂态软件程序以及指令存储在存储器中,当被处理器执行时,执行上述各实施例的数据加密方法,例如,执行以上描述的图2中的方法步骤S100至S300、图3中的方法步骤S110、图4中的方法步骤S210至S220、图5中的方法步骤S230至S240、图6中的方法步骤S310、图7中的方法步骤S120、图8中的方法步骤S400、图9中的方法步骤S410至S420或图10中的方法步骤S430至S440。The non-transitory software programs and instructions required to realize the data encryption methods of the above-mentioned embodiments are stored in the memory, and when executed by the processor, the data encryption methods of the above-mentioned embodiments are executed, for example, the above-described execution in FIG. 2 Method steps S100 to S300, method steps S110 in FIG. 3 , method steps S210 to S220 in FIG. 4 , method steps S230 to S240 in FIG. 5 , method steps S310 in FIG. 6 , method steps S120 in FIG. 7 , Method step S400 in FIG. 8 , method steps S410 to S420 in FIG. 9 or method steps S430 to S440 in FIG. 10 .
以上所描述的装置实施例仅仅是示意性的,其中作为分离部件说明的单元可以是或者也可以不是物理上分开的,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。The device embodiments described above are only illustrative, and the units described as separate components may or may not be physically separated, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment.
此外,本申请的一个实施例还提供了一种计算机可读存储介质,该计算机可读存储介质存储有计算机可执行指令,该计算机可执行指令被一个处理器或控制器执行,例如,被上述设备实施例中的一个处理器执行,可使得上述处理器执行上述实施例中的数据加密方法,例如,执行以上描述的图2中的方法步骤S100至S300、图3中的方法步骤S110、图4中的方法步骤S210至S220、图5中的方法步骤S230至S240、图6中的方法步骤S310、图7中的方法步骤S120、图8中的方法步骤S400、图9中的方法步骤S410至S420或图10中的方法步骤S430至S440。In addition, an embodiment of the present application also provides a computer-readable storage medium, the computer-readable storage medium stores computer-executable instructions, and the computer-executable instructions are executed by a processor or a controller, for example, by the above-mentioned Execution by a processor in the device embodiment can cause the above-mentioned processor to execute the data encryption method in the above-mentioned embodiment, for example, execute the above-described method steps S100 to S300 in FIG. 2 , method steps S110 in FIG. 3 , and Method steps S210 to S220 in 4, method steps S230 to S240 in FIG. 5, method steps S310 in FIG. 6, method steps S120 in FIG. 7, method steps S400 in FIG. 8, method steps S410 in FIG. 9 to S420 or the method steps S430 to S440 in FIG. 10 .
本申请实施例包括应用于属性加密系统中的属性授权中心的数据加密方法,包括:获取系统公钥和系统主密钥;根据系统公钥、系统主密钥、获取的密钥生成信息以及访问用户的身份标识信息,得到访问用户的用户私钥,其中,身份标识信息单独绑定访问用户,密钥生成信息关联于访问用户;当确定存在对访问用户的待加密明文进行加密处理得到密文的情况,根据访问用户的用户私钥,对密文进行解密处理得到待加密明文。根据本申请实施例提供的方案,在获取到系统公钥、系统主密钥和关联于访问用户的密钥生成信息的情况下,通过在访问用户的用户私钥中嵌入唯一绑定于访问用户的身份标识信息,进而根据该访问用户的用户私钥进行数据加密处理,当恶意用户非法公开其用户私钥导致密钥泄漏发生时,属性授权中心可以通过存储的身份标识信息准确地查找出哪个用户为故意造成密钥泄露的恶意用户,以便于进一步撤销该恶意用户的权限,从而有效修正属性加密系统的漏洞,提升属性加密系统的安全性能。The embodiment of this application includes a data encryption method applied to the attribute authorization center in the attribute encryption system, including: obtaining the system public key and the system master key; generating information and accessing the The user's identity information is obtained from the user's private key of the accessing user. The identity information is bound to the accessing user alone, and the key generation information is associated with the accessing user; In the case of , according to the user private key of the accessing user, the ciphertext is decrypted to obtain the plaintext to be encrypted. According to the solution provided by the embodiment of this application, when the system public key, the system master key, and the key generation information associated with the access user are obtained, by embedding the user private key of the access user, it is uniquely bound to the access user The identity information of the user, and then encrypt the data according to the user's private key of the accessing user. When a malicious user illegally discloses the user's private key and the key is leaked, the attribute authorization center can accurately find out which The user is a malicious user who deliberately leaks the key, so as to further revoke the authority of the malicious user, thereby effectively correcting the loopholes of the attribute encryption system and improving the security performance of the attribute encryption system.
本领域普通技术人员可以理解,上文中所公开方法中的全部或某些步骤、系统可以被实施为软件、固件、硬件及其适当的组合。某些物理组件或所有物理组件可以被实施为由处理器,如中央处理器、数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。这样的软件可以分布在计算机可读介质上,计算机可读介质可以包括计算机存储介质(或非暂时性介质)和通信介质(或暂时性介质)。如本领域普通技术人员公知的,术语计算机存储介质包括在用于存储信息(诸如计算机可读指令、数据结构、程序模块或其他数据)的任何方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于RAM、ROM、EEPROM、闪存或其他存储器技术、CD-ROM、数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其他的介质。此外,本领域普通技术人员公知的是,通信介质通常包括计算机可读指令、数据结构、程序模块或者诸如载波或其他传 输机制之类的调制数据信号中的其他数据,并且可包括任何信息递送介质。Those skilled in the art can understand that all or some of the steps and systems in the methods disclosed above can be implemented as software, firmware, hardware and an appropriate combination thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application-specific integrated circuit . Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). As known to those of ordinary skill in the art, the term computer storage media includes both volatile and nonvolatile media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data. permanent, removable and non-removable media. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, tape, magnetic disk storage or other magnetic storage devices, or can Any other medium used to store desired information and which can be accessed by a computer. Furthermore, as is well known to those of ordinary skill in the art, communication media typically embody computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism, and may include any information delivery media .
以上是对本申请的若干实施方式进行的具体说明,但本申请并不局限于上述实施方式,熟悉本领域的技术人员在不违背本申请本质的前提下还可作出种种的等同变形或替换,这些等同的变形或替换均包括在本申请权利要求所限定的范围内。The above is a specific description of several implementations of the present application, but the application is not limited to the above-mentioned implementations, and those skilled in the art can also make various equivalent deformations or replacements without violating the essence of the application. Equivalent modifications or replacements are all within the scope defined by the claims of the present application.
Claims (11)
- 一种数据加密方法,应用于属性加密系统中的属性授权中心,包括:A data encryption method applied to an attribute authorization center in an attribute encryption system, comprising:获取系统公钥和系统主密钥;Obtain the system public key and system master key;根据所述系统公钥、所述系统主密钥、获取的密钥生成信息以及访问用户的身份标识信息,得到所述访问用户的用户私钥,其中,所述身份标识信息单独绑定所述访问用户,所述密钥生成信息关联于所述访问用户;According to the system public key, the system master key, the obtained key generation information and the identity information of the access user, the user private key of the access user is obtained, wherein the identity information is separately bound to the an access user, the key generation information is associated with the access user;当确定存在对所述访问用户的待加密明文进行加密处理得到密文的情况,根据所述访问用户的所述用户私钥,对所述密文进行解密处理得到所述待加密明文。When it is determined that the plaintext to be encrypted of the accessing user is encrypted to obtain a ciphertext, according to the user private key of the accessing user, the ciphertext is decrypted to obtain the plaintext to be encrypted.
- 根据权利要求1所述的数据加密方法,其中,所述访问用户为多个;所述方法还包括:The data encryption method according to claim 1, wherein there are multiple access users; the method further comprises:根据多个所述访问用户的所述身份标识信息、所述用户私钥以及与所述访问用户关联的所述密钥生成信息,对多个所述访问用户进行身份追踪。Perform identity tracking on the plurality of access users according to the identity information of the plurality of access users, the user private key, and the key generation information associated with the access users.
- 根据权利要求2所述的数据加密方法,其中,所述根据多个所述访问用户的所述身份标识信息、所述用户私钥以及与所述访问用户关联的所述密钥生成信息,对多个所述访问用户进行身份追踪,包括:The data encryption method according to claim 2, wherein, according to the identity information of multiple access users, the user private key, and the key generation information associated with the access user, the Identity tracking of multiple said access users, including:对多个所述访问用户的所述身份标识信息、所述用户私钥以及与所述访问用户关联的所述密钥生成信息进行处理,生成携带多组数据验证信息的密钥泄露追踪列表,其中,一组所述数据验证信息包括一个所述访问用户的所述身份标识信息和所述用户私钥;processing the identity information of multiple access users, the user private key, and the key generation information associated with the access users to generate a key leakage tracking list carrying multiple sets of data verification information, Wherein, a set of the data verification information includes the identity information of the accessing user and the user private key;根据所述密钥泄露追踪列表对各个所述访问用户进行身份追踪。Perform identity tracking on each of the accessing users according to the key leakage tracking list.
- 根据权利要求2所述的数据加密方法,其中,所述根据多个所述访问用户的所述身份标识信息、所述用户私钥以及与所述访问用户关联的所述密钥生成信息,对多个所述访问用户进行身份追踪,包括:The data encryption method according to claim 2, wherein, according to the identity information of multiple access users, the user private key, and the key generation information associated with the access user, the Identity tracking of multiple said access users, including:根据多个所述访问用户的所述身份标识信息、所述用户私钥以及与所述访问用户关联的所述密钥生成信息,确定密钥泄露追踪条件;determining key leakage tracking conditions according to the identity information of multiple access users, the user private key, and the key generation information associated with the access users;根据所述密钥泄露追踪条件对各个所述访问用户进行身份追踪。Perform identity tracking on each of the accessing users according to the key leakage tracking conditions.
- 根据权利要求1所述的数据加密方法,其中,所述密钥生成信息为与所述访问用户关联的访问控制结构;所述根据所述系统公钥、所述系统主密钥、获取的密钥生成信息以及访问用户的身份标识信息,得到所述访问用户的用户私钥,包括:The data encryption method according to claim 1, wherein the key generation information is an access control structure associated with the accessing user; Key generation information and the identity information of the access user to obtain the user private key of the access user, including:对所述系统公钥、所述系统主密钥和获取的所述访问控制结构进行密钥生成处理,得到第一属性私钥;performing key generation processing on the system public key, the system master key, and the acquired access control structure to obtain a first attribute private key;将所述访问用户的所述身份标识信息插入到所述第一属性私钥中,得到所述访问用户的用户私钥。inserting the identity information of the visiting user into the first attribute private key to obtain the user private key of the visiting user.
- 根据权利要求5所述的数据加密方法,其中,所述对所述访问用户的待加密明文进行加密处理得到密文,包括:The data encryption method according to claim 5, wherein said encrypting the plaintext to be encrypted by the accessing user to obtain the ciphertext comprises:根据所述系统公钥和所述访问用户的属性集合,对所述访问用户的待加密明文进行加密处理得到密文。According to the system public key and the attribute set of the accessing user, encrypt the plaintext to be encrypted of the accessing user to obtain ciphertext.
- 根据权利要求1所述的数据加密方法,其中,所述密钥生成信息为与所述访问用户关联的属性集合;所述根据所述系统公钥、所述系统主密钥、获取的密钥生成信息以及访问用户的身份标识信息,得到所述访问用户的用户私钥,包括:The data encryption method according to claim 1, wherein the key generation information is a set of attributes associated with the accessing user; the key obtained according to the system public key, the system master key, and the Generate information and the identity information of the access user to obtain the user private key of the access user, including:对所述系统公钥、所述系统主密钥和获取的所述属性集合进行密钥生成处理,得到第二属性私钥;performing key generation processing on the system public key, the system master key, and the acquired attribute set to obtain a second attribute private key;将所述访问用户的所述身份标识信息插入到所述第二属性私钥中,得到所述访问用户的用户私钥。inserting the identity information of the visiting user into the second attribute private key to obtain the user private key of the visiting user.
- 根据权利要求7所述的数据加密方法,其中,所述对所述访问用户的待加密明文进行加密处理得到密文,包括:The data encryption method according to claim 7, wherein said encrypting the plaintext to be encrypted by the accessing user to obtain the ciphertext comprises:根据所述系统公钥和所述访问用户的访问控制结构,对所述访问用户的待加密明文进行加密处理得到密文。According to the system public key and the access control structure of the access user, encrypt the plaintext to be encrypted of the access user to obtain ciphertext.
- 根据权利要求1所述的数据加密方法,其中,所述获取系统公钥和系统主密钥,包括:The data encryption method according to claim 1, wherein said obtaining the system public key and the system master key comprises:对输入的安全参数进行初始化处理,得到系统公钥和系统主密钥。Initialize the input security parameters to obtain the system public key and system master key.
- 一种属性授权中心,包括:存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,其中,所述处理器执行所述计算机程序时实现如权利要求1至9中任意一项所述的数据加密方法。An attribute authorization center, comprising: a memory, a processor, and a computer program stored on the memory and operable on the processor, wherein, when the processor executes the computer program, any one of claims 1 to 9 is realized. The data encryption method described in the item.
- 一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行权利要求1至9中任意一项所述的数据加密方法。A computer-readable storage medium storing computer-executable instructions for executing the data encryption method according to any one of claims 1-9.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210049415.2A CN116484392A (en) | 2022-01-17 | 2022-01-17 | Data encryption method, attribute authorization center and storage medium |
| CN202210049415.2 | 2022-01-17 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2023134576A1 true WO2023134576A1 (en) | 2023-07-20 |
Family
ID=87218336
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/CN2023/071009 WO2023134576A1 (en) | 2022-01-17 | 2023-01-06 | Data encryption method, attribute authorization center, and storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN116484392A (en) |
| WO (1) | WO2023134576A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117195295A (en) * | 2023-09-14 | 2023-12-08 | 淮北师范大学 | Data access right verification method and system based on attribute encryption |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111310214A (en) * | 2020-02-24 | 2020-06-19 | 福建师范大学 | Attribute-based encryption method and system capable of preventing key abuse |
| CN111447209A (en) * | 2020-03-24 | 2020-07-24 | 西南交通大学 | Black box traceable ciphertext policy attribute-based encryption method |
| US20200322142A1 (en) * | 2019-04-05 | 2020-10-08 | Arizona Board Of Regents On Behalf Of Arizona State University | Method and Apparatus for Achieving Fine-Grained Access Control with Discretionary User Revocation Over Cloud Data |
| CN113098849A (en) * | 2021-03-23 | 2021-07-09 | 鹏城实验室 | Access control method based on attribute and identity encryption, terminal and storage medium |
-
2022
- 2022-01-17 CN CN202210049415.2A patent/CN116484392A/en active Pending
-
2023
- 2023-01-06 WO PCT/CN2023/071009 patent/WO2023134576A1/en unknown
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20200322142A1 (en) * | 2019-04-05 | 2020-10-08 | Arizona Board Of Regents On Behalf Of Arizona State University | Method and Apparatus for Achieving Fine-Grained Access Control with Discretionary User Revocation Over Cloud Data |
| CN111310214A (en) * | 2020-02-24 | 2020-06-19 | 福建师范大学 | Attribute-based encryption method and system capable of preventing key abuse |
| CN111447209A (en) * | 2020-03-24 | 2020-07-24 | 西南交通大学 | Black box traceable ciphertext policy attribute-based encryption method |
| CN113098849A (en) * | 2021-03-23 | 2021-07-09 | 鹏城实验室 | Access control method based on attribute and identity encryption, terminal and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| MA XIAOXIAO, YU GANG: "Publicly Accountable Ciphertext-policy Attribute-based Encryption Scheme", COMPUTER SCIENCE, KEXUE JISHU WENXIAN CHUBANSHE CHONGQING FENSHE, CN, vol. 44, no. 5, 15 May 2017 (2017-05-15), CN , pages 160 - 165, XP093081030, ISSN: 1002-137X, DOI: 10.11896/j.issn.1002-137X.2017.05.028 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117195295A (en) * | 2023-09-14 | 2023-12-08 | 淮北师范大学 | Data access right verification method and system based on attribute encryption |
| CN117195295B (en) * | 2023-09-14 | 2024-05-14 | 淮北师范大学 | Data access right verification method and system based on attribute encryption |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116484392A (en) | 2023-07-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112019591B (en) | Cloud data sharing method based on block chain | |
| Li et al. | Full verifiability for outsourced decryption in attribute based encryption | |
| Yang et al. | Privacy-preserving attribute-keyword based data publish-subscribe service on cloud platforms | |
| JP5562687B2 (en) | Securing communications sent by a first user to a second user | |
| Maffei et al. | Privacy and access control for outsourced personal records | |
| CN111130757A (en) | Multi-cloud CP-ABE access control method based on block chain | |
| Guo et al. | TABE-DAC: Efficient traceable attribute-based encryption scheme with dynamic access control based on blockchain | |
| CN104967693B (en) | Towards the Documents Similarity computational methods based on full homomorphism cryptographic technique of cloud storage | |
| CN111614680B (en) | CP-ABE-based traceable cloud storage access control method and system | |
| Ying et al. | Adaptively secure ciphertext-policy attribute-based encryption with dynamic policy updating | |
| CN109714157B (en) | SDN cross-domain access control method for resisting encryption of key exposure attribute | |
| CN113987554B (en) | Method, device and system for obtaining data authorization | |
| Ali et al. | Attribute-based fine-grained access control for outscored private set intersection computation | |
| CN110933033A (en) | Cross-domain access control method for multiple Internet of things domains in smart city environment | |
| Jiang et al. | Anonymous and efficient authentication scheme for privacy-preserving distributed learning | |
| Jiang et al. | Efficient identity-based broadcast encryption with keyword search against insider attacks for database systems | |
| Wang et al. | Efficient verifiable key-aggregate keyword searchable encryption for data sharing in outsourcing storage | |
| WO2023134576A1 (en) | Data encryption method, attribute authorization center, and storage medium | |
| Ali et al. | Authorized attribute-based encryption multi-keywords search with policy updating | |
| Liu et al. | Multiauthority attribute-based access control for supply chain information sharing in blockchain | |
| Zhang et al. | A traceable and revocable multi-authority access control scheme with privacy preserving for mHealth | |
| CN107360252B (en) | Data security access method authorized by heterogeneous cloud domain | |
| Jiang et al. | Secure-channel free keyword search with authorization in manager-centric databases | |
| CN114629640B (en) | White box disciplinable attribute-based encryption system and method for solving key escrow problem | |
| CN116318663A (en) | Multi-strategy safe ciphertext data sharing method based on privacy protection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 23739919 Country of ref document: EP Kind code of ref document: A1 |