CN103297227A - Attribute-based encryption supporting flexible and direct-revocatory ciphertext policy - Google Patents

Attribute-based encryption supporting flexible and direct-revocatory ciphertext policy Download PDF

Info

Publication number
CN103297227A
CN103297227A CN2013102748648A CN201310274864A CN103297227A CN 103297227 A CN103297227 A CN 103297227A CN 2013102748648 A CN2013102748648 A CN 2013102748648A CN 201310274864 A CN201310274864 A CN 201310274864A CN 103297227 A CN103297227 A CN 103297227A
Authority
CN
China
Prior art keywords
ciphertext
attribute
type
center
encipherer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2013102748648A
Other languages
Chinese (zh)
Other versions
CN103297227B (en
Inventor
陈晓峰
令狐雄展
张应辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201310274864.8A priority Critical patent/CN103297227B/en
Publication of CN103297227A publication Critical patent/CN103297227A/en
Application granted granted Critical
Publication of CN103297227B publication Critical patent/CN103297227B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses attribute-based encryption supporting flexible and direct-revocatory ciphertext policy. The encryption is characterized in that the encryption includes: (1) generating system public keys and main secret keys; (2) generating attributive secret keys; (3) encrypting to generate ciphertext; (4) generating and publishing public parameters by an attribute center; generating ciphertext updating secret keys and transmitting the ciphertext updating secret keys to cloud service providers through secure channels; (5) ciphertext updating procedure; (6) user decrypting procedure. The Attribute-based encryption supporting flexible and direct-revocatory ciphertext policy has the advantages that the size of ciphertext is constant, communication traffic is small, users do not need to update attribute, computation complexity and storage cost are low, users do not need to update secret keys every time, load of authority centers is greatly relieved and the like.

Description

Support flexibly and under the ciphertext strategy of directly cancelling based on the encryption of attribute
Technical field
The present invention relates to computer realm, be specifically related under a kind of ciphertext strategy of supporting flexibly and directly cancelling the encryption based on attribute.
Background technology
Along with developing rapidly of cloud computing, carrying out data sharing by third party service provider will be more and more economical and convenient.Meanwhile, data-privacy also just becomes the focus that everybody studies with relevant safety problem.
Encryption (ABE) based on attribute is the public key cryptography primitive that application prospect is arranged very much; can be used for realizing the extendible fine-grained access control system at the scale data, in this access control system various and flexibly access rights be authorized to different users.Based on the encryption (ABE) of attribute comprise under the key strategy based under the encryption (KP-ABE) of attribute and the ciphertext strategy based on two types of the encryptions (CP-ABE) of attribute.Especially, make that based on the encryption (CP-ABE) of attribute the data owner can specify access policies under the ciphertext strategy, and under this strategy, data are encrypted.When attribute of user that and if only if satisfied the access strategy of appointment in the ciphertext, the user can decipher given ciphertext.On the other hand, because the user can often change their attribute, and each attribute is shared by a plurality of users, so in encryption (ABE) system based on attribute, the problem of cancelling is very important, but also is very difficult.Any attribute is cancelled event all can have influence on the non-user of cancelling that other share this attribute.
At present, many researchs about voidable CP-ABE scheme have been arranged.Yet, also can not support flexibly based on the encipherment scheme of attribute at present and directly and be applicable to the revocation mechanism of cloud computing environment.
Summary of the invention
In view of the deficiencies in the prior art, encryption based on attribute is provided provide under a kind of ciphertext strategy of supporting flexibly and directly cancelling in the present invention, the present invention supports the mechanism that the fine granularity attribute is cancelled, specifically, after some attribute of a user is cancelled, the access rights that he still can use all the other attributes to have visit some resource, but can not visit again the shared data that are associated with reversed attribute.Simultaneously, an attribute of user cancels the access rights that do not influence the corresponding attribute of other users.The storage of realization data can be adopted the encipherment scheme based on attribute.
To achieve these goals, the technical solution used in the present invention is as follows:
Support flexibly and under the ciphertext strategy of directly cancelling based on the encryption of attribute, described strategy may further comprise the steps:
(1) generation system PKI, master key;
(2) generate the attribute key;
(3) be encrypted, generate ciphertext;
(4) the attribute center generates common parameter, and with its announcement; Generate more new key of ciphertext, and send it to cloud service provider by safe lane;
(5) ciphertext renewal process;
(6) user's decrypting process;
Need to prove that system's PKI of described generation is PK=<g, { u k} 1≤k≤2n, { g k} 1≤k≤2m, k ≠ m+1, v 〉; Master key is MK=<{ x 1, x 2..., x 2n, β 〉, wherein, order
Figure BDA00003451283200031
Be that rank are the multiplication loop group of prime number p,
Figure BDA00003451283200032
Be a bilinearity mapping, define a hash function
Figure BDA00003451283200033
A generator is selected at the attribute center
Figure BDA00003451283200034
And
Figure BDA00003451283200035
For i=1,2 ..., 2n, the order of attribute center
Figure BDA00003451283200036
It is also selected
Figure BDA00003451283200037
And make v=g β, the upper bound of total number of users is certain natural number m in the supposing the system, and is simple for explaining, order below
Figure BDA00003451283200038
For i=1,2 ..., m, m+2, m+3 ..., 2m, attribute center calculation
Figure BDA00003451283200039
Need to prove that described attribute key is
Figure BDA000034512832000310
Wherein, the attribute center is selected for the user
Figure BDA000034512832000311
Then to i ∈ 1,2 ..., n} calculates
Figure BDA000034512832000312
Formula is as follows:
σ ‾ i = σ i = g H ( i ) h x i , if w i + ∈ S , σ i + n = g H ( i + n ) h x i + n , if w i - ∈ S . ;
Also calculate at the attribute center Wherein sn ∈ 1,2 ..., m} is a sequence number, the attribute center represents that with sn the active user is the user of sn adding system.
Need to prove that the ciphertext of described generation has two types, be respectively Type-1 and Type-2, wherein, suppose that up to the present the attribute center discloses N altogether NowIndividual attribute revocation list,
Figure BDA000034512832000315
Formed by all properties revocation list. Wherein
Figure BDA000034512832000317
Be i attribute revocation list, be at the ciphertext strategy
Figure BDA000034512832000318
Following encrypting messages
Figure BDA000034512832000319
The encipherer calculates
Figure BDA000034512832000320
Wherein
Figure BDA000034512832000321
Be defined as follows:
< u &OverBar; i , Y &OverBar; i > = < u i , Y i > = < g - x i , e ^ ( g , g ) H ( i ) > if &omega; &OverBar; i = &omega; i + < u i + n , Y i + n > = < g - x i + n , e ^ ( g , g ) H ( i + n ) > if &omega; &OverBar; i = &omega; i - ;
For 1≤i≤N Now, the encipherer use W and
Figure BDA00003451283200042
Calling auxiliary function RevoIndex generates
Figure BDA00003451283200043
Then calculate
Figure BDA00003451283200045
The expression with
Figure BDA00003451283200046
In the corresponding attribute revocation information of W, then, the encipherer selects
Figure BDA00003451283200047
And calculate M with respect to the ciphertext CT of W W, as follows:
If
Figure BDA00003451283200048
What generate so is the ciphertext of Type-1 type, in this case, does not currently have a revocation information relevant with W, and encipherer's ciphertext is set to CT W=<W, C 0, C 1, C 2, wherein
Figure BDA00003451283200049
C 1=g s,
Figure BDA000034512832000410
If What generate so is the ciphertext of Type-2 type, and in this case, revocation information up to the present is relevant with W, and the encipherer calculates
Figure BDA000034512832000412
With
Figure BDA000034512832000413
Then, order
Figure BDA000034512832000414
C 1=g s,
Figure BDA000034512832000415
At last, ciphertext is
Figure BDA000034512832000416
Need to prove that described ciphertext is upgraded and can be generated two types ciphertext: Type-3 and Type-4 wherein, generate the ciphertext of Type-3 and Type-4 respectively after the Type-1 that is produced by the encipherer and the ciphertext of Type-2 are updated.
Beneficial effect of the present invention is that the present invention only needs server to handle containing those ciphertexts of being cancelled attribute, thereby greatly reduces computation complexity and storage cost.Simultaneously, other validated users do not need all to carry out each time key updating yet, and this has alleviated the burden at attribute authority (aa) center.In order further to raise the efficiency, we also introduce the open parameter that hash function comes generation system, thereby make that the size of system parameters can the linear increase along with the increase of system property number.The present invention also can be used for fine-grained access control.
To sum up, the present invention has the ciphertext constant magnitude, and the traffic is little, does not need the user to carry out attribute and upgrades, and computation complexity and storage cost are little, does not need user's new key more all each time, has alleviated the advantages such as burden at authoritative center greatly.
Embodiment
To be further described the present invention below.
Need to prove, for a better understanding of the present invention, do following the description earlier:
1, attribute and access structure
Suppose to have in the attribute space n attribute, i.e. u={ ω 1, ω 2..., ω n, wherein n is a definite natural number.Each attribute ω iThree kinds of situations are arranged: just
Figure BDA00003451283200051
Negative
Figure BDA00003451283200052
" unimportant ", The expression user has attribute ω i,
Figure BDA00003451283200054
The expression user does not have attribute ω iPerhaps ω iIt or not user's a correct attribute.Consider that access structure W is by single constituting with door of positive attribute and negative attribute, namely
Figure BDA00003451283200055
Wherein
Figure BDA00003451283200056
Be the index of the community set of appointment among the W, Be
Figure BDA00003451283200058
Or If certain attribute with door in do not occur, namely this attribute is " unimportant ".It should be noted that
Figure BDA000034512832000516
And if only if ω i∈ S works as
Figure BDA000034512832000510
The time,
Figure BDA000034512832000511
When
Figure BDA000034512832000512
The time, wherein
Figure BDA000034512832000513
2, auxiliary function
We introduce an auxiliary function RevoIndex and go to check whether access structure W is subjected to the attribute revocation list
Figure BDA000034512832000514
Influence.In other words be exactly, we can decide when k attribute cancelled the event generation according to auxiliary function RevoIndex, and whether the ciphertext under the access structure W needs to upgrade.Detail is as follows:
Figure BDA000034512832000515
Give fixed system PKI PK, access structure W, attribute revocation list
Figure BDA00003451283200061
Auxiliary function is inferred indexed set
Figure BDA00003451283200062
When namely k cancelled event and takes place, the user relevant with access structure W collected.
Figure BDA00003451283200063
Wherein
Figure BDA00003451283200064
Figure BDA00003451283200065
u (k)Be the property set that has cancelled at the attribute center,
Figure BDA00003451283200066
Expression when k attribute cancelled, the user's that attribute ω has been cancelled by the attribute center indexed set.Especially,
Figure BDA00003451283200067
With
Figure BDA00003451283200068
Representative respectively
Figure BDA00003451283200069
Middle attribute ω value is ω +And ω -The user.Order
Figure BDA000034512832000610
Auxiliary function RevoIndex returns then
Figure BDA000034512832000611
Wherein work as
Figure BDA000034512832000612
The time
Figure BDA000034512832000613
When
Figure BDA000034512832000614
The time
Figure BDA000034512832000615
Suppose
Figure BDA000034512832000616
If
Figure BDA000034512832000617
So, even k attribute cancelled, the ciphertext under the access structure W can not be updated yet.Otherwise,
Figure BDA000034512832000618
Ciphertext under the access structure W can be upgraded by the attribute center, thus make by
Figure BDA000034512832000619
The user of appointment can not visit the data of these ciphertext correspondences again.
Specific implementation process of the present invention is:
(1) generation system PKI, master key; (1 λ): order Be that rank are the multiplication loop group of prime number p,
Figure BDA000034512832000621
It is a bilinearity mapping.Define a hash function A generator is selected at the attribute center And
Figure BDA000034512832000624
For i=1,2 ..., 2n, the order of attribute center
Figure BDA000034512832000625
It is also selected
Figure BDA000034512832000626
And make v=g βThe upper bound of total number of users is certain natural number m in the supposing the system.Simple for explaining, order below
Figure BDA000034512832000627
For i=1,2 ..., m, m+2, m+3 ..., 2m, attribute center calculation
Figure BDA000034512832000628
The PKI of system is PK=<g, { u k} 1≤k≤2n, { g k} 1≤k≤2m, K ≠ m+1, v}.Master key is MK=<{ x 1, x 2..., x 2n, β }.
(2) generate the attribute key; (S): S is the attribute of user set that has the respective attributes key for PK, MK.The attribute center is selected for the user
Figure BDA00003451283200071
Then to i ∈ 1,2 ..., n} calculates As follows:
&sigma; &OverBar; i = &sigma; i = g H ( i ) h x i , if w i + &Element; S , &sigma; i + n = g H ( i + n ) h x i + n , if w i - &Element; S . ;
Also calculate at the attribute center
Figure BDA00003451283200074
Wherein sn ∈ 1,2 ..., m} is a sequence number.Notice that the attribute center represents that with sn the active user is the user of sn adding system.At last, corresponding attribute key is S K S = < sn , h , { &sigma; &OverBar; i } 1 &le; i &le; n , d > .
(3) be encrypted, generate ciphertext; This cryptographic algorithm can generate two types ciphertext: Type-1 and Type-2.Suppose that up to the present the attribute center discloses N altogether NowIndividual attribute revocation list, Formed by all properties revocation list. Wherein
Figure BDA00003451283200079
Be i attribute revocation list.Will be at the ciphertext strategy Following encrypting messages
Figure BDA000034512832000711
The encipherer calculates
Figure BDA000034512832000712
Wherein
Figure BDA000034512832000713
Be defined as follows:
< u &OverBar; i , Y &OverBar; i > = < u i , Y i > = < g - x i , e ^ ( g , g ) H ( i ) > if &omega; &OverBar; i = &omega; i + < u i + n , Y i + n > = < g - x i + n , e ^ ( g , g ) H ( i + n ) > if &omega; &OverBar; i = &omega; i - ;
In addition, for 1≤i≤N Now, the encipherer use W and Calling auxiliary function RevoIndex generates
Figure BDA000034512832000716
Then calculate
Figure BDA000034512832000717
Figure BDA000034512832000718
The expression with
Figure BDA000034512832000719
In the corresponding attribute revocation information of W.Then, the encipherer selects
Figure BDA000034512832000720
And calculate M with respect to the ciphertext CT of W W, as follows:
If What generate so is the ciphertext of Type-1 type.In this case, currently do not have a revocation information relevant with W, encipherer's ciphertext is set to CT W=<W, C 0, C 1, C 2, wherein
Figure BDA00003451283200081
C 1=g s,
Figure BDA00003451283200082
If
Figure BDA00003451283200083
What generate so is the ciphertext of Type-2 type.In this case, revocation information up to the present is relevant with W, and the encipherer calculates
Figure BDA00003451283200084
With
Figure BDA00003451283200085
Then, order
Figure BDA00003451283200086
C 1=g s,
Figure BDA00003451283200087
At last, ciphertext is
Figure BDA00003451283200088
(4) the attribute center generates common parameter, and with its announcement; Generate more new key of ciphertext, and send it to cloud service provider by safe lane;
Figure BDA00003451283200089
The attribute center is selected
Figure BDA000034512832000810
Make more new key UK of ciphertext (k)=uk (k)β calculates common parameter
Figure BDA000034512832000811
Then, PP is issued at public notice board in the attribute center (k), and by safe lane UK (k)Send to cloud service provider.
(5) ciphertext renewal process;
Figure BDA000034512832000812
This algorithm can generate two types ciphertext: Type-3 and Type-4.Particularly, generate the ciphertext of Type-3 and Type-4 after the ciphertext of the Type-1 that is produced by the encipherer and Type-2 is updated respectively.For according to k attribute revocation list
Figure BDA000034512832000813
Upgrade ciphertext CT W, we below will be according to CT WThe difference of type divides four kinds of situations to discuss.
First kind of situation: CT W=<W, C 0, C 1, C 2, i.e. CT WIt is the Type-1 type ciphertext that is generated by the encipherer.In this case, we know k=1.To 1≤i≤k, cloud service provider is calculated
Figure BDA000034512832000814
Subsequently, its order
Figure BDA000034512832000815
Wherein Then, if
Figure BDA000034512832000817
Ciphertext just there is no need to be updated so.Otherwise,
Figure BDA000034512832000818
Cloud service provider is calculated so K = e ^ ( g 1 , g m ) U K ( k ) . Then, order C 0 &prime; = C 0 &CenterDot; K , And
Figure BDA000034512832000821
Wherein
Figure BDA000034512832000822
At last, the ciphertext of renewal is
Figure BDA00003451283200091
Be Type-3 type ciphertext.
Second kind of situation:
Figure BDA00003451283200092
Be CT WIt is the Type-2 type ciphertext that is generated by the encipherer.Suppose
Figure BDA00003451283200093
We know j 〉=1 and k=j+1.In this case, cloud service provider is the same with first kind of situation, generates the ciphertext assembly
Figure BDA00003451283200094
With
Figure BDA00003451283200095
At last, the ciphertext of renewal is
Figure BDA00003451283200096
Be Type-4 type ciphertext.
The third situation:
Figure BDA00003451283200097
Be CT WIt is the Type-3 type ciphertext that is generated by cloud service provider.In this case, we know k 〉=2.The renewal process of ciphertext is as follows.To 1≤i≤k, cloud service provider is calculated:
Figure BDA00003451283200098
Subsequently, order Then, if Then ciphertext there is no need to be updated.Otherwise,
Figure BDA000034512832000911
Then cloud service provider is calculated K = e ^ ( g 1 , g m ) U K ( k ) . Then, C 0 &prime; = C 0 &CenterDot; K ,
Figure BDA000034512832000914
Wherein
Figure BDA000034512832000915
At last, the ciphertext of renewal is
Figure BDA000034512832000916
This ciphertext remains Type-3 type ciphertext.
The 4th kind of situation: Be CT WIt is the Type-4 type ciphertext that is generated by cloud service provider.Suppose
Figure BDA000034512832000918
We know j 〉=1 and k 〉=j+2.In this case, cloud service provider is the same with the third situation, upgrades ciphertext assembly C 0With At last, the ciphertext of renewal is This ciphertext remains Type-4 type ciphertext.
(6) user's decrypting process; (PK, PP, CT W, SK S): the user can use key
Figure BDA00003451283200101
Remove decrypting ciphertext CT WIf
Figure BDA00003451283200102
Then algorithm returns ⊥.Otherwise,
Figure BDA00003451283200103
Then according to CT WThe difference of type divide four kinds of situations to discuss.
First kind of situation: for Type-1 type ciphertext CT W=<W, C 0, C 1, C 2, the user calculates
Figure BDA00003451283200104
Can decrypt message according to following formula (1) then:
M = C 0 e ^ ( &sigma; W , C 1 ) &CenterDot; e ^ ( h , C 2 ) ; ( 1 )
Second kind of situation: for Type-2 type ciphertext Suppose
Figure BDA00003451283200107
J 〉=1 wherein.Then, to 1≤i≤j, the user calculates
Figure BDA00003451283200108
Next,
Figure BDA00003451283200109
If
Figure BDA000034512832001010
Algorithm returns ⊥.Otherwise the user calculates
Figure BDA000034512832001011
With At last, can decrypt message according to following formula (2).
Figure BDA000034512832001013
The third situation: ciphertext It is Type-3 type ciphertext.Suppose
Figure BDA000034512832001015
It is the up-to-date revocation list of being announced by the attribute center.To 1≤i≤N Now, the user calculates
Figure BDA000034512832001016
Then,
Figure BDA000034512832001017
If
Figure BDA000034512832001018
Then algorithm returns ⊥.Otherwise the user calculates
Figure BDA000034512832001019
With
Figure BDA000034512832001020
At last, can decrypt message according to following formula (3).
Figure BDA00003451283200111
The 4th kind of situation: for Type-4 type ciphertext
Figure BDA00003451283200112
Suppose
Figure BDA00003451283200113
With
Figure BDA00003451283200114
Be the up-to-date revocation list of being announced by the attribute center, wherein j 〉=1 and j+1≤N NowThen, to 1≤i≤N Now, the user calculates
Figure BDA00003451283200115
Next,
Figure BDA00003451283200116
Then, if
Figure BDA00003451283200118
Then algorithm returns ⊥.Otherwise the user calculates
Figure BDA000034512832001110
At last, can decrypt message according to following formula (4):
Figure BDA000034512832001112
For a person skilled in the art, can make other various corresponding changes and distortion according to technical scheme described above and design, and these all changes and distortion should belong within the protection range of claim of the present invention all.

Claims (5)

1. support flexibly and under the ciphertext strategy of directly cancelling based on the encryption of attribute, it is characterized in that described strategy may further comprise the steps:
(1) generation system PKI, master key;
(2) generate the attribute key;
(3) be encrypted, generate ciphertext;
(4) the attribute center generates common parameter, and with its announcement; Generate more new key of ciphertext, and send it to cloud service provider by safe lane;
(5) ciphertext renewal process;
(6) user's decrypting process.
2. ciphertext strategy according to claim 1 is characterized in that, system's PKI of described generation is PK=<g, { u k} 1≤k≤2n, { g k} 1≤k≤2m, k ≠ m+1, v 〉; Master key is MK=<{ x 1, x 2..., x 2n, β 〉, wherein, order
Figure FDA00003451283100011
Be that rank are the multiplication loop group of prime number p,
Figure FDA00003451283100012
Be a bilinearity mapping, define a hash function
Figure FDA00003451283100013
A generator is selected at the attribute center
Figure FDA00003451283100014
And For i=1,2 ..., 2n, the order of attribute center
Figure FDA00003451283100016
It is also selected
Figure FDA00003451283100017
And make v=g β, the upper bound of total number of users is certain natural number m in the supposing the system, and is simple for explaining, order below For i=1,2 ..., m, m+2, m+3 ..., 2m, attribute center calculation
Figure FDA00003451283100019
3. ciphertext strategy according to claim 1 is characterized in that, described attribute key is
Figure FDA000034512831000110
Wherein, the attribute center is selected for the user
Figure FDA000034512831000111
Then to i ∈ 1,2 ..., n} calculates Formula is as follows:
Figure FDA00003451283100021
Also calculate at the attribute center
Figure FDA00003451283100022
Wherein sn ∈ 1,2 ..., m} is a sequence number, the attribute center represents that with sn the active user is the user of sn adding system.
4. ciphertext strategy according to claim 1 is characterized in that, the ciphertext of described generation has two types, is respectively Type-1 and Type-2, wherein, supposes that up to the present the attribute center discloses N altogether NowIndividual attribute revocation list,
Figure FDA00003451283100023
Formed by all properties revocation list.
Figure FDA00003451283100024
Wherein
Figure FDA00003451283100025
Be i attribute revocation list, be at the ciphertext strategy Following encrypting messages
Figure FDA00003451283100027
The encipherer calculates Wherein
Figure FDA00003451283100029
Be defined as follows:
Figure FDA000034512831000210
For 1≤i≤N Now, the encipherer use W and
Figure FDA000034512831000211
Calling auxiliary function RevoIndex generates
Figure FDA000034512831000212
Then calculate
Figure FDA000034512831000213
The expression with
Figure FDA000034512831000214
In the corresponding attribute revocation information of W, then, the encipherer selects
Figure FDA000034512831000215
And calculate M with respect to the ciphertext CT of W W, as follows:
If What generate so is the ciphertext of Type-1 type, in this case, does not currently have a revocation information relevant with W, and encipherer's ciphertext is set to CT W=<W, C 0, C 1, C 2, wherein
Figure FDA000034512831000217
C 1=g s,
Figure FDA000034512831000218
If
Figure FDA000034512831000219
What generate so is the ciphertext of Type-2 type, and in this case, revocation information up to the present is relevant with W, and the encipherer calculates
Figure FDA000034512831000220
With
Figure FDA000034512831000221
Then, order C 1=g s,
Figure FDA000034512831000223
At last, ciphertext is
5. ciphertext strategy according to claim 1, it is characterized in that, described ciphertext is upgraded and can be generated two types ciphertext: Type-3 and Type-4 wherein, generate the ciphertext of Type-3 and Type-4 respectively after the Type-1 that is produced by the encipherer and the ciphertext of Type-2 are updated.
CN201310274864.8A 2013-07-02 2013-07-02 Support flexibly and based on the encryption of attribute under the Ciphertext policy of directly cancelling Active CN103297227B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310274864.8A CN103297227B (en) 2013-07-02 2013-07-02 Support flexibly and based on the encryption of attribute under the Ciphertext policy of directly cancelling

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310274864.8A CN103297227B (en) 2013-07-02 2013-07-02 Support flexibly and based on the encryption of attribute under the Ciphertext policy of directly cancelling

Publications (2)

Publication Number Publication Date
CN103297227A true CN103297227A (en) 2013-09-11
CN103297227B CN103297227B (en) 2016-03-23

Family

ID=49097585

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310274864.8A Active CN103297227B (en) 2013-07-02 2013-07-02 Support flexibly and based on the encryption of attribute under the Ciphertext policy of directly cancelling

Country Status (1)

Country Link
CN (1) CN103297227B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104113408A (en) * 2014-07-11 2014-10-22 西安电子科技大学 Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption
CN104618419A (en) * 2014-08-02 2015-05-13 江苏物泰信息科技有限公司 Scheme based on content sharing policy in cloud
CN104780179A (en) * 2015-05-07 2015-07-15 浙江工商大学 Secrete key strategy attribute encryption method capable of hiding attributes
CN105187201A (en) * 2015-07-13 2015-12-23 西安理工大学 Attribute encryption method capable of revoking key policies of two attributes
CN105978895A (en) * 2016-06-28 2016-09-28 电子科技大学 Attribute-based encryption scheme supporting non-monotonic access structure and fine-granularity cancellation
CN107005406A (en) * 2014-12-05 2017-08-01 三菱电机株式会社 Encryption system, master key updating device and master key more new procedures
CN108880801A (en) * 2018-07-09 2018-11-23 西南交通大学 The distributed nature base encryption method of fine granularity attribute revocation is supported on a kind of lattice
CN110011963A (en) * 2019-02-27 2019-07-12 西安电子科技大学 The information processing method with the more authorization CP-ABE effectively cancelled based on OBDD
CN113055168A (en) * 2021-03-29 2021-06-29 陕西师范大学 Ciphertext strategy attribute encryption method supporting strategy hiding and attribute updating
CN115189974A (en) * 2022-09-13 2022-10-14 北京邮电大学 Multi-organization access control method and device based on block chain

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111835516B (en) * 2020-06-14 2021-11-23 西安电子科技大学 Public key repudiatable encryption method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102916954A (en) * 2012-10-15 2013-02-06 南京邮电大学 Attribute-based encryption cloud computing safety access control method
CN103179114A (en) * 2013-03-15 2013-06-26 华中科技大学 Fine-grained access control method for data in cloud storage

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102916954A (en) * 2012-10-15 2013-02-06 南京邮电大学 Attribute-based encryption cloud computing safety access control method
CN103179114A (en) * 2013-03-15 2013-06-26 华中科技大学 Fine-grained access control method for data in cloud storage

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
张荣刚: "基于属性的加密及其应用研究", 《中国硕士学位论文全文数据库信息科技辑》, 30 December 2012 (2012-12-30), pages 136 - 75 *
王鹏翩等: "一种支持完全细粒度属性撤销的CP_ABE方案", 《软件学报》, vol. 23, no. 10, 15 October 2012 (2012-10-15), pages 2805 - 2816 *
罗颂等: "新型自适应安全的密钥策略ABE方案", 《通信学报》, vol. 33, no. 1, 25 September 2012 (2012-09-25), pages 270 - 275 *
苏金树等: "属性基加密机制_ 2011年06期", 《软件学报》, vol. 22, no. 6, 7 March 2011 (2011-03-07), pages 1299 - 1315 *
郭振洲: "基于属性的加密方案的研究", 《中国优秀博士学位论文全文数据库信息科技辑》, 30 September 2012 (2012-09-30), pages 138 - 7 *
黄杜煜等: "一个适应性安全的支持用户私钥撤销的KP_ABE方案", 《小型微型计算机系统》, vol. 33, no. 10, 15 October 2012 (2012-10-15), pages 2194 - 2198 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104113408B (en) * 2014-07-11 2017-12-08 西安电子科技大学 It is a kind of realize the revocation of timely user property based on ciphertext policy ABE encryption method
CN104113408A (en) * 2014-07-11 2014-10-22 西安电子科技大学 Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption
CN104618419A (en) * 2014-08-02 2015-05-13 江苏物泰信息科技有限公司 Scheme based on content sharing policy in cloud
CN107005406B (en) * 2014-12-05 2020-07-17 三菱电机株式会社 Function type encryption system, master key updating device and storage medium
CN107005406A (en) * 2014-12-05 2017-08-01 三菱电机株式会社 Encryption system, master key updating device and master key more new procedures
CN104780179A (en) * 2015-05-07 2015-07-15 浙江工商大学 Secrete key strategy attribute encryption method capable of hiding attributes
CN105187201A (en) * 2015-07-13 2015-12-23 西安理工大学 Attribute encryption method capable of revoking key policies of two attributes
CN105187201B (en) * 2015-07-13 2019-04-26 深圳市恒源昊信息科技有限公司 The encryption attribute method of the key strategy of revocable two attributes
CN105978895A (en) * 2016-06-28 2016-09-28 电子科技大学 Attribute-based encryption scheme supporting non-monotonic access structure and fine-granularity cancellation
CN108880801A (en) * 2018-07-09 2018-11-23 西南交通大学 The distributed nature base encryption method of fine granularity attribute revocation is supported on a kind of lattice
CN108880801B (en) * 2018-07-09 2020-11-27 西南交通大学 Distributed attribute-based encryption method for supporting fine-grained attribute revocation in lattice manner
CN110011963A (en) * 2019-02-27 2019-07-12 西安电子科技大学 The information processing method with the more authorization CP-ABE effectively cancelled based on OBDD
CN113055168A (en) * 2021-03-29 2021-06-29 陕西师范大学 Ciphertext strategy attribute encryption method supporting strategy hiding and attribute updating
CN113055168B (en) * 2021-03-29 2022-06-24 陕西师范大学 Ciphertext strategy attribute encryption method supporting strategy hiding and attribute updating
CN115189974A (en) * 2022-09-13 2022-10-14 北京邮电大学 Multi-organization access control method and device based on block chain

Also Published As

Publication number Publication date
CN103297227B (en) 2016-03-23

Similar Documents

Publication Publication Date Title
CN103297227B (en) Support flexibly and based on the encryption of attribute under the Ciphertext policy of directly cancelling
Li et al. An efficient attribute-based encryption scheme with policy update and file update in cloud computing
Wang et al. New directly revocable attribute-based encryption scheme and its application in cloud storage environment
Li et al. User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage
Yang et al. Extended proxy-assisted approach: Achieving revocable fine-grained encryption of cloud data
Ruj et al. DACC: Distributed access control in clouds
Han et al. Efficient and robust attribute-based encryption supporting access policy hiding in Internet of Things
Ali et al. Lightweight revocable hierarchical attribute-based encryption for internet of things
Fan et al. TraceChain: A blockchain‐based scheme to protect data confidentiality and traceability
Fan et al. Cross-domain based data sharing scheme in cooperative edge computing
Li et al. Large universe decentralized key‐policy attribute‐based encryption
CN106612271A (en) Encryption and access control method for cloud storage
Balamurugan et al. Extensive survey on usage of attribute based encryption in cloud
CN107040374A (en) The attribute base data encryption method of user&#39;s Dynamic Revocation is supported under a kind of cloud storage environment
Touati et al. Efficient cp-abe attribute/key management for iot applications
Liu et al. Dynamic attribute-based access control in cloud storage systems
Guo et al. Hierarchical attribute‐based encryption with continuous auxiliary inputs leakage
Pervez et al. SAPDS: self-healing attribute-based privacy aware data sharing in cloud
Zhang et al. A traceable and revocable multiauthority attribute-based encryption scheme with fast access
Ragesh et al. Cryptographically enforced data access control in personal health record systems
CN110611571A (en) Revocable access control method of smart grid system based on fog
He et al. Efficient fine-grained access control for secure personal health records in cloud computing
Ding et al. Policy based on homomorphic encryption and retrieval scheme in cloud computing
Wu et al. Attribute-based data access control scheme with secure revocation in fog computing for smart grid
Bai et al. Cross-domain access control based on trusted third-party and attribute mapping center

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant