CN101150394B - User end extension method for subset difference/layered subset difference mechanism - Google Patents

User end extension method for subset difference/layered subset difference mechanism Download PDF

Info

Publication number
CN101150394B
CN101150394B CN200610113331A CN200610113331A CN101150394B CN 101150394 B CN101150394 B CN 101150394B CN 200610113331 A CN200610113331 A CN 200610113331A CN 200610113331 A CN200610113331 A CN 200610113331A CN 101150394 B CN101150394 B CN 101150394B
Authority
CN
China
Prior art keywords
key
difference
subclass
user side
tree
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN200610113331A
Other languages
Chinese (zh)
Other versions
CN101150394A (en
Inventor
王劲林
武蓓
倪宏
陈君
曾学文
单明辉
牛尔力
贡佳炜
杨木伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Acoustics CAS
Beijing Intellix Technologies Co Ltd
Original Assignee
Institute of Acoustics CAS
Beijing Intellix Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Acoustics CAS, Beijing Intellix Technologies Co Ltd filed Critical Institute of Acoustics CAS
Priority to CN200610113331A priority Critical patent/CN101150394B/en
Publication of CN101150394A publication Critical patent/CN101150394A/en
Application granted granted Critical
Publication of CN101150394B publication Critical patent/CN101150394B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

This invention discloses an expading method for user terminals of a subset difference/hierarchical subset difference system including: setting up an expanded logic ciphered key tree with an expanded user terminal as the leaf node, merging the expanded tree with the original tree before expansion to form expanded ciphered key trees, distributing independent key labels for other sub-trees and nodes to set up a key system with unchanged key label and system of the original user terminal before expansion, setting up pre-distributed keys of the expanded user terminals with unchanged pre-distrubuted keys of the user terminals before expansion, encrypting M and setting up broadcast information transmitted in channels when transmiting tip to any subset of the user terminal, which analyzes and deciphers the broadcast information to get cleartext of M.

Description

The user side extended method of a kind of subclass difference/layering subclass differential mechanism
Technical field
The present invention relates to a kind of method that a classified information is given the random subset of user side of on broadcasting and multicast channel, transmitting safely, be particularly related to a kind of subclass difference (Subset Difference, abbreviate SD as)/the machine-processed user side extended method of layering subclass difference (Layered Subset Difference abbreviates LSD as).
Background technology
Broadcast enciphering (broadcast encryption) technology is meant and only adopts one-way channel, need not the key management distribution mechanisms that two-way handshake communication just can be broadcasted classified information to the random subset of large-scale consumer.The development of broadcast encryption mechanisms can be divided into according to structure type: based on the broadcast encryption mechanisms of matrix type structure with based on two stages of broadcast encryption mechanisms of tree.Calendar year 2001, D.Naor, M.Naor and Lotspiech unite and proposed a kind of new tree type broadcast encryption mechanisms: subclass difference (Subset Difference) method abbreviates NNL mechanism or SD mechanism as.This mechanism covers by adopting the difference subclass, and the key expense of compromised communication overhead and user side has improved key distribution efficient, is applicable to real system.Halevi D and Shamir A have proposed layering subclass difference (Layered Subset Difference, abbreviate LSD as) mechanism, carry out secondary and split by SD mechanism being split the difference subclass that obtains, reduced the cipher key number that user side needs safe storage, reduced the key expense.
But SD mechanism and LSD mechanism all are to be that the logic key tree that leaf node is set up a static state comes the preassignment key of distributing user with all user sides, therefore the problem that existence can't the extending user end.
Summary of the invention
Thereby the objective of the invention is to solve subclass difference/layering subclass differential mechanism since based on static keys tree distributing user preassignment key can't the extending user end problem, the user side extended method of a kind of subclass difference/layering subclass differential mechanism is provided.
To achieve these goals, the invention provides the user side extended method of a kind of subclass difference/layering subclass differential mechanism, comprise the steps:
1) user side with all expansions is that leaf node is set up expansion logic key tree, i.e. expansion tree;
2) with previous step rapid 1) expansion tree and expansion before the primary key tree (original tree) of system merge, make up the user key tree after the expansion;
3) key-label and the cipher key system in the primary key tree is constant, for other nodes and other subtree distributing independent key-labels, sets up cipher key system;
4) the preassignment key of system subscriber terminal is constant before the expansion, the key-label of the node that the road from the root node of this cipher key system to the node of user side correspondence in all cipher key systems that the preassignment key of the user side of expansion belongs to for this user side hangs;
When 5) transmission classified information M gives the random subset S of user side, classified information M is encrypted, construct the broadcast of in channel, transmitting;
6) treatment mechanism of user side is: according to the preassignment key described broadcast is resolved deciphering, obtain the plaintext M of classified information.
In technique scheme, further, broadcast is made up of three parts described in the described step 5): ciphertext M ', disjoint difference subclass { S that S is split into I, jAnd encrypt respectively with the difference key after random key K; The construction method of the broadcast of transmitting in channel is: utilize and generate ciphertext M ' behind the random key K secret encryption message M, the disjoint difference subclass { S that splits into S I, jCorresponding difference key difference encrypted random keys K.
Further, S is split into disjoint difference subclass { S I, jMethod comprise: the user side that progressively shifts out each expansion in system key tree is the subtree of leaf node, carries out the fractionation of subclass according to subclass difference/layering subclass differential mechanism again.
Further, user side u comprises the processing method of described broadcast in the described step 6): the difference subclass in the described broadcast is partly resolved, and (m n) makes u ∈ S to find the difference subclass M, n, wherein, u represents user side, (m, n) expression difference subclass; Preassignment cipher key calculation according to user side oneself goes out S again M, nCorresponding difference key, the key after utilizing this difference key to the encryption in the described broadcast is partly deciphered and is calculated random key K, and deciphering obtains the plaintext of classified information M to the ciphertext M ' in the described broadcast to utilize random key K at last.
Further, repeating said steps 1)---step 6), can carry out the repeatedly expansion of system subscriber terminal.
Compared with prior art, the invention has the advantages that:
1) solved the problem that subclass difference/layering subclass differential mechanism can't the extending user end, on the basis of preassignment key that does not influence the original user of system and decryption processing, can be dynamically the user side of expanding system in bulk;
2) extended method of the present invention is transparent to the original user of system, and the original user of system is not aware of the existence of extending user.
Description of drawings
User key tree when Fig. 1 is the extending user end makes up schematic diagram;
Fig. 2 is for splitting into random subset S disjoint difference in collection { S I, jFlow chart.
Fig. 3 is for to split into disjoint difference subclass { S with random subset S I, jThe method schematic diagram.
Embodiment
Below in conjunction with the drawings and specific embodiments the present invention is described in further detail:
Before method of the present invention is described, at first subclass difference/layering subclass differential mechanism is carried out simple declaration.Subclass difference (SD) mechanism is that leaf node is set up key tree with all user sides, in this key tree, and node v iAnd v j(wherein, v iBe v jAncestor node) difference subclass S I, jExpression,
Figure G2006101133311D00031
Be one of each subtree definition of key tree independently cipher key system and distributing independent key-label.The characteristics of this cipher key system are in any one cipher key system, a known node v iLabel, just can calculate descendants's node v of all these nodes jLabel and difference subclass S I, jCorresponding difference key, but when the label of the ancestor node of a node is unknown, the label of this node and difference key are exactly pseudorandom. and the preassignment cipher key calculation that each user side u can preserve by oneself go out the difference key that difference subspace set pair that all u belong to is answered, the preassignment key of user side u is the label of the node that this road of node from this cipher key system root node to the u correspondence hangs in all cipher key systems of belonging to of this user side. when transmitting a classified information safely and give the random subset S of user side, only S need be divided into disjoint difference subclass, the difference key of answering with these difference subspace set pairs is encrypted this classified information respectively and is transferred out. and the user side that mandate arranged goes out the difference key that its difference subspace set pair that belongs to is answered according to the preassignment cipher key calculation of own preservation, just can be to the classified information after encrypting being deciphered with this difference key, the plaintext .LSD mechanism that obtains classified information is carried out the secondary fractionation by the difference subclass that SD mechanism is obtained, having reduced user side, to need the cipher key number .SD mechanism of safe storage and LSD mechanism all be to be that the logic key tree that leaf node is set up a static state comes the preassignment key of distributing user with all user sides, therefore has the i.e. problem of the logic key tree regrowth of static state of user side expansion.
Describe in further detail below in conjunction with the user side extended method of the drawings and specific embodiments subclass difference of the present invention/layering subclass differential mechanism.
When system initially set up, promptly before the extending user end, server was that preassignment key and encrypted transmission classified information are set up, distributed to all original users (user before the expansion) according to SD/LSD mechanism.
During the extending user end, make up user key tree and preassignment key by the method that merges expansion tree and original tree.Supposing the system has been expanded t user side (t is 〉=0 integer, and t=0 represents that system did not expand user side), and this moment, the system key tree was T, and then the construction step set of the user key behind the t+1 time extending user end is:
1) user side with all expansions is that leaf node is set up logic key tree T ' completely;
2) be left subtree with T, T ' is combined into a new logic key tree T for right subtree with these two key trees ";
3) keep the cipher key system and the key-label of all subtrees among the T and node constant, be T " other nodes and other subtree distributing independent key-labels, create a mechanism according to the key of SD/LSD and to set up cipher key system;
4) the preassignment key of original user end is constant.The key-label of the node that the road from the root node of this cipher key system to the node of user side correspondence in all cipher key systems that the preassignment key of extending user end belongs to for this user side hangs.
Behind the t+1 time extending user end, the user key of system tree is exactly key tree T ".
User side of every expansion, server are just used the user key tree that said method is set up system, distribute the preassignment key of extending user end.Because the preassignment key of original user side remains unchanged, the decryption processing mechanism of original user side is constant.
With the first half among Fig. 1 (a) part is example, and when system initially set up (t=0), user's set was The user key tree of system is root for root node 0Tree T 0(representing with white nodes in the drawings).When the terminal extension user is t=1 for the first time, with the user side set of expansion
Figure G2006101133311D00042
The member is root ' for leaf node to setting up root node 1Key tree T ' 1(representing with dark node in the drawings).Merge T 0And T ' 1, obtaining root node is root 1Bearing-age tree T 1Keep T 0In cipher key system and key-label constant, be T 1Other nodes and other subtree distributing independent key-labels, set up cipher key system, i.e. U according to SD/LSD mechanism 0Middle member's preassignment key is according to key tree T 0The SD/LSD preassignment key of setting up, U 1Middle member's preassignment key is according to key tree T 1The SD/LSD preassignment key of setting up.The rest may be inferred, and the user key tree that makes up during t=2 is shown in the latter half among Fig. 1 (b) part.
When transmission classified information M gives the random subset S of user side, classified information M is encrypted, construct the broadcast of in channel, transmitting.The user side extended method of subclass difference according to claim 1/layering subclass differential mechanism, it is characterized in that, the construction method of the broadcast of transmitting in channel is: generate ciphertext M ' after utilizing random key K to encrypt M, the disjoint difference subclass { S that splits into S I, jCorresponding difference key encrypts K respectively, described broadcast is made up of three parts: disjoint difference subclass S that ciphertext M ', S split into I, jWith the key K after the secret key encryption of usefulness difference.
Server security ground transmission classified information M is for the process of the random subset S of user side:
1, server is selected a random key K that classified information M is encrypted and is generated ciphertext M ', cryptographic algorithm F KExpression, i.e. M '=F K(M);
2, in described user key tree, S is divided into disjoint difference subclass
Figure G2006101133311D00051
And calculate { S I, jThe difference key of correspondence
Figure G2006101133311D00052
3, with described difference key
Figure G2006101133311D00053
Respectively the key K of encrypting private information is encrypted and transferred out, encrypt number of times and be the number of the disjoint difference subclass that is divided into, cryptographic algorithm E The difference keyExpression.
Then the broadcast that makes up of server is by ciphertext M ', the difference subclass S that S splits into I, jForm with this three part of key K after the secret key encryption of usefulness difference:
Figure G2006101133311D00054
In having expanded t user's system, use U n(0≤n≤t) represents user's set (U of the n time expansion respectively 0Be the original user set), T nExpression U nCorresponding user key tree (T nRoot node v nExpression), then server S is divided into disjoint difference subclass method as shown in Figure 2: at first allow T n=T t, v n=v t, carry out following operating procedure then repeatedly, from T nIn shift out subtree, the difference subclass that increase to split is until subtree T nRoot node v nBe exactly T 0Root node v 0:
(1) if key tree T nRoot node v nNot T 0Root node v 0, then with T nLeft subtree T N-1Shift out, with T N-1Root node v N-1Be v nLeft child node, and with v N-1Being designated does not have the node of authorizing, and according to SD/LSD mechanism S is being shifted out T N-1Key tree T nIn the authorized user set of having split into disjoint difference subclass
Figure G2006101133311D00055
The number of the subclass that splits is m n
(2) as tree T nRoot node v nBe original user set U 0Affiliated subtree T 0Root node v 0The time, according to the method for splitting of SD/LSD mechanism to S at key tree T nIn the authorized user set of having split into disjoint difference subclass
Figure G2006101133311D00061
The number of the subclass that splits is m 0
In having expanded t user's system, the process that server is divided into disjoint difference subclass with S as shown in Figure 3.Use respectively
Figure G2006101133311D00062
Represent
Figure G2006101133311D00063
Corresponding difference key, then the broadcast of server structure is:
< [ i 1 ( 0 ) , &CenterDot; &CenterDot; &CenterDot; , i m 0 ( 0 ) , &CenterDot; &CenterDot; &CenterDot; i 1 ( t ) , &CenterDot; &CenterDot; &CenterDot; , i m t ( t ) , E L i 1 ( 0 ) ( K ) , &CenterDot; &CenterDot; &CenterDot; , E L i m 0 ( 0 ) ( K ) , E L i 1 ( t ) ( K ) , &CenterDot; &CenterDot; &CenterDot; , E L i m t ( t ) ( K ) ] , F K ( M ) > .
For user side u, the broadcast that it receives is:
< [ i 1 ( 0 ) , &CenterDot; &CenterDot; &CenterDot; , i m 0 ( 0 ) , &CenterDot; &CenterDot; &CenterDot; , i 1 ( t ) , &CenterDot; &CenterDot; &CenterDot; , i m t ( t ) , C 1 ( 0 ) , &CenterDot; &CenterDot; &CenterDot; , C m 1 ( 0 ) , C 1 ( t ) , &CenterDot; &CenterDot; &CenterDot; , C m t ( t ) ] , M &prime; > .
Because the preassignment key of original user side is constant, therefore the treatment mechanism of original user side can not change, user side u does not need to know oneself to be the original user side or the user side of expansion, and the treatment mechanism of user side is the same in its treatment mechanism and the SD/LSD mechanism:
(a) user side u partly resolves the difference subclass in the described broadcast, finds i j (n)Make
Figure G2006101133311D00066
(when can not find i j (n)Make
Figure G2006101133311D00067
The time, when promptly u was not in having user's S set of authorizing the reception classified information, u finished dealing with to described broadcast, does not carry out following step).
(b) the preassignment cipher key calculation of preserving from user side u i j (n)Corresponding difference key
Figure G2006101133311D00068
(c) pass through C jDeciphering:
Figure G2006101133311D00069
Calculate the decruption key K of M '.
(d) pass through with key K M ' deciphering: D K(M ') obtains private message M.
Because the difference subclass that server end will have user's set of mandate to be divided into is non-intersect, then u at most only belongs to one of them subclass, can only obtain a result in the promptly above-mentioned first step at most.
It should be noted last that, although above embodiment is only unrestricted in order to technical scheme of the present invention to be described. with reference to embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that, technical scheme of the present invention is made amendment or is equal to replacement, the spirit and scope that do not break away from technical solution of the present invention, it all should be encompassed in the middle of the claim scope of the present invention.

Claims (5)

1. the user side extended method of subclass difference/layering subclass differential mechanism comprises the steps:
1) user side with all expansions is that leaf node is set up expansion logic key tree;
2) with previous step rapid 1) expansion logic key tree and expansion before the primary key tree of system merge, make up the user key tree after the expansion;
3) key-label and the cipher key system in the primary key tree is constant, for other nodes and other subtree distributing independent key-labels, sets up cipher key system;
4) the preassignment key of system subscriber terminal is constant before the expansion, the key-label of the node that the road from the root node of this cipher key system to the node of user side correspondence in all cipher key systems that the preassignment key of the user side of expansion belongs to for this user side hangs;
When 5) transmission classified information M gives the random subset S of user side, classified information M is encrypted, construct the broadcast of in channel, transmitting;
6) treatment mechanism of user side is: according to the preassignment key described broadcast is resolved deciphering, obtain the plaintext of classified information M.
2. according to the user side extended method of the described subclass difference of claim 1/layering subclass differential mechanism, it is characterized in that, the broadcast of transmitting in channel described in the described step 5) is made up of three parts: ciphertext M ', disjoint difference subclass { S that described random subset S is split into I, jAnd encrypt respectively with the difference key after random key K; The construction method of described broadcast is: utilize and generate ciphertext M ' behind the random key K secret encryption message M, the disjoint difference subclass { S that splits into S I, jCorresponding difference key difference encrypted random keys K.
3. according to the user side extended method of the described subclass difference of claim 2/layering subclass differential mechanism, it is characterized in that, S is split into disjoint difference subclass { S I, jMethod comprise: the user side that progressively shifts out each expansion in system key tree is the subtree of leaf node, carries out the fractionation of subclass according to subclass difference/layering subclass differential mechanism again.
4. according to the user side extended method of claim 1,2 or 3 described subclass difference/layering subclass differential mechanisms, it is characterized in that, user side comprises the processing method of described broadcast in the described step 6): the difference subclass in the described broadcast is partly resolved, find difference subclass { S I, jMake u ∈ S M, n, wherein, u represents user side; Preassignment cipher key calculation according to user side oneself goes out S again M, nCorresponding difference key, the key after utilizing this difference key to the encryption in the described broadcast is partly deciphered and is calculated random key K, and deciphering obtains the plaintext of classified information M to the ciphertext M ' in the described broadcast to utilize random key K at last.
5. according to the user side extended method of the described subclass difference of claim 1/layering subclass differential mechanism, it is characterized in that, also comprise: by repeating said steps 1)---step 6) realizes the repeatedly expansion of system subscriber terminal.
CN200610113331A 2006-09-22 2006-09-22 User end extension method for subset difference/layered subset difference mechanism Expired - Fee Related CN101150394B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200610113331A CN101150394B (en) 2006-09-22 2006-09-22 User end extension method for subset difference/layered subset difference mechanism

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200610113331A CN101150394B (en) 2006-09-22 2006-09-22 User end extension method for subset difference/layered subset difference mechanism

Publications (2)

Publication Number Publication Date
CN101150394A CN101150394A (en) 2008-03-26
CN101150394B true CN101150394B (en) 2010-05-12

Family

ID=39250750

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200610113331A Expired - Fee Related CN101150394B (en) 2006-09-22 2006-09-22 User end extension method for subset difference/layered subset difference mechanism

Country Status (1)

Country Link
CN (1) CN101150394B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102394744B (en) * 2011-11-10 2014-04-16 香港应用科技研究院有限公司 System of using broadcast encryption to carry out content distribution and method thereof

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1359574A (en) * 1999-07-06 2002-07-17 松下电器产业株式会社 Distributed group key management scheme for secure many-to-many communication

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1359574A (en) * 1999-07-06 2002-07-17 松下电器产业株式会社 Distributed group key management scheme for secure many-to-many communication

Also Published As

Publication number Publication date
CN101150394A (en) 2008-03-26

Similar Documents

Publication Publication Date Title
CN101217362B (en) RFID communication security mechanism established based on dynamic randomization DRNTRU public key encryption system
Boneh et al. Function-private identity-based encryption: Hiding the function in functional encryption
US11734435B2 (en) Image encryption and decryption communication algorithm based on two-dimensional lag complex logistic map
Li et al. Privacy-aware attribute-based encryption with user accountability
Huang et al. Cryptosystem using chaotic keys
Wang et al. A key-policy attribute-based encryption scheme with constant size ciphertext
CN108880801B (en) Distributed attribute-based encryption method for supporting fine-grained attribute revocation in lattice manner
US20080075287A1 (en) Method and apparatus for tracing the source of decryption keys used by a decoder
CN101170404B (en) Method for secret key configuration based on specified group
CN108880796A (en) It is a kind of for server efficiently based on the outsourcing decryption method of encryption attribute algorithm
CN101465725A (en) Key distribution method for public key system based on identification
Xu et al. Efficient ciphertext-policy attribute-based encryption with blackbox traceability
CN101873214A (en) Method for generating, encrypting and decrypting key in broadcast encryption as well as device
CN106992871A (en) A kind of broadcast encryption method towards many groups
CN106533656A (en) Key multilayer mixed encryption/decryption method based on WSN
CN104836657A (en) Identity anonymity-based broadcast encryption method having efficient decryption characteristic
Lian et al. Large universe ciphertext-policy attribute-based encryption with attribute level user revocation in cloud storage.
Al-Arjan et al. Intelligent security in the era of AI: The key vulnerability of RC4 algorithm
Gay et al. Tight adaptively secure broadcast encryption with short ciphertexts and keys
Albu-Rghaif et al. A data structure encryption algorithm based on circular queue to enhance data security
CN104868963A (en) Broadcast encryption scheme based on multi-linear mapping
Bodur et al. Implementing Diffie-Hellman key exchange method on logical key hierarchy for secure broadcast transmission
CN101150394B (en) User end extension method for subset difference/layered subset difference mechanism
Touati et al. Instantaneous proxy-based key update for cp-abe
JP2002152189A (en) Open key distributing method, and open key transmitting device and open key receiving device used for the same method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100512

Termination date: 20110922