CN104038341B - A kind of cross-system of identity-based acts on behalf of re-encryption method - Google Patents
A kind of cross-system of identity-based acts on behalf of re-encryption method Download PDFInfo
- Publication number
- CN104038341B CN104038341B CN201410280293.3A CN201410280293A CN104038341B CN 104038341 B CN104038341 B CN 104038341B CN 201410280293 A CN201410280293 A CN 201410280293A CN 104038341 B CN104038341 B CN 104038341B
- Authority
- CN
- China
- Prior art keywords
- encryption
- ibe
- identity
- ibbe
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
A kind of cross-system of identity-based acts on behalf of re-encryption method, the step of PKG runs:1st, input coefficient λ, output system parameter;2nd, run Generating Random Number;3rd, Bilinear map, exponentiation and multiplication are calculated;4th, a kind of impact resistant hash function is selected, exports public key;5th, run impact resistant hash function;6th, calculate addition, ask down and power, export private key;The step of authorized party runs:7th, run impact resistant hash function;8th, Generating Random Number, multiplication and exponentiation are run, exports ciphertext;9th, select blinding factor k;10th, run impact resistant hash function;11st, Generating Random Number, multiplication and exponentiation are run, exports transition key;The step of agent runs:12nd, Bilinear map and division are calculated, exports re-encryption ciphertext;The step of being authorized to side's operation:13rd, run impact resistant hash function;14th, Bilinear map, addition are calculated, is connected and is taken advantage of and division, export k;15th, Bilinear map and multiplication are calculated, output is in plain text.
Description
(1) technical field:
The present invention relates to a kind of cross-system of identity-based acts on behalf of re-encryption method, ciphertext under difference encryption system is capable of achieving
Agency conversion, belong to field of cryptography in information security.
(2) technical background:
With the raising of communications security, various cipher systems are suggested data are encrypted with transmission, it is ensured that
Communication privacy safety between user, identity-based encryption schemes system are exactly the one kind being widely used.It is double according to communication
Whether the key adopted by side is identical, and the system of data encryption is divided into two kinds:Single key encryption system and public encryption system;It is public
Key encryption is a kind of encryption system relative with the encryption of single key, and both of which emphasizes that AES can be disclosed, and decruption key must
Must hold in close confidence, it is dangerous once the data entirely encrypted if the Key Exposure.Both differences are that single key is encrypted
Encryption key and decruption key be identical, and the encryption key of public key encryption is different from decruption key.In public key plus
In dense body system, public key is to information to be encrypted (here we term it in plain text) encryption, and private key is then for after to encryption
Information (here we term it ciphertext) encryption.
Identity based encryption method --- Identity-Based Encryption (IBE) are most initially by Shamir
Propose, belong to public encryption system.Participant is usually Encrypt and Decrypt side and private key generates center.In IBE systems, decryption
Public key of identity ID of side as encryption, identity ID can be ID card No., email address or the phone number of decryption side
Code etc..Encryption root is encrypted to plaintext according to public key, and private key generates center --- Private Key Generator (PKG)
It is responsible for providing private key to user according to the identity of user in system, the identity of only decryption side is consistent with public key, can decrypt.Should
The advantage of encryption method is to relieve PKIX --- Public Key Infrastructure (PKI) is to user
The link of certification certificate is provided, the expense of system is alleviated, it is more of practical meaning.
The multi-functional encryption side of many identity-baseds is derived on the basis of the AES of this efficient quicks of IBE again
Method, wherein just including broadcast encryption method --- the Identity-Based Broadcast Encryption of identity-based
(IBBE).IBBE encryption methods are mainly used in solving encryption user while the application that many decrypted users are carried out with broadcast enciphering is needed
Ask, the public key that encryption user is used in encryption is the set of the identity composition of all decrypted users, only in the identity set
In user just can successfully to ciphertext decrypt.For example, we refer to such a application scenarios:The doctor in charge A of certain hospital
Want that the n positions doctor with other various big hospitals discusses the medical record information of certain patient of analysis jointly, it is contemplated that patient information
Sensitiveness the consideration for protection patient privacy, doctor A were encrypted to medical record information before case history is sent.If herein
Using IBE encryption methods, A first needs to encrypt medical record information according to the identity of n doctor respectively, generates n part ciphertexts;If adopting
Use IBBE encryption methods, A only must be encrypted once to medical record information according to the identity set of the identity of n doctor composition, generate one
Part ciphertext, the doctor in identity set can be decrypted to ciphertext;The method greatlys save the time of encryption user and energy, drop
The expense of low ciphertext storage, method are more efficient.
In addition, it is contemplated that another kind of application scenarios:Mailbox user Alice has an envelope privacy enhanced mail to think and another use
Family Bob shares, but the mail is, using the identity of Alice as public key, to encrypt under IBE encryption systems, and Bob is unaware of
Decryption cannot be completed during the private key of Alice.And on the premise of Alice is not desired to reveal oneself private key, traditional way is:Alice
Mail is decrypted using the private key of oneself, the identity for reusing Bob is encrypted again to the plaintext after decryption.Ciphertext is transmitted
To Bob;Ciphertext decryption of the Bob using the private key of oneself to receiving, so as to complete the shared of Mail Contents.Undoubtedly above-mentioned way
It is numerous and diverse and time-consuming, thus derives one kind and be referred to as:" acting on behalf of re-encryption " --- Proxy re-encryption's (PRE)
Solution.The concept for acting on behalf of re-encryption is in Europe of 1998 earliest by tri- scientists of Blaze, Bleumer and Strauss
Proposing in the cryptography annual meeting of continent, in PRE schemes, communication participant is respectively private key and generates center --- PKG, decryption are authorized
Square (Delegator), act on behalf of re-encryption side (Proxy) and be authorized to side (Delegatee).Under above-mentioned application scenarios, if adopting
With re-encryption method is acted on behalf of, Alice only needs as Delegator the identity of the private key and Bob according to oneself to calculate and generates one
Transition key --- Re-encryption Key (RK), and ciphertext and transition key are acted on behalf of into re-encryption side while being sent to;Generation
Reason re-encryption side uses transition key, by only Alice on the premise of clear content and Alice private key informations is unaware of completely
The ciphertext re-encryption that can decrypt of private key obtain the ciphertext that the private key of Bob can be decrypted.So, Bob only need to be from acting on behalf of re-encryption side
Place downloads the ciphertext after re-encryption, completes the decryption of ciphertext using the private key of oneself.Act on behalf of the mistake of re-encryption method operation
Cheng Zhong, eliminates Delegator and first decrypts the step of re-encrypting to original cipher text, saved the spending of user and system;Except this
Outside, to act on behalf of re-encryption side and not would know that any about information in plain text with private key for user in re-encryption link, data are whole
All it is exist with ciphertext form during individual extraneous storage, has ensured the data peace under the distributed network environment of complexity
Entirely.
According to the difference in the encryption direction for acting on behalf of re-encryption, act on behalf of re-encryption and can be divided into and unidirectional act on behalf of re-encryption and double
To act on behalf of re-encryption;It is unidirectional to act on behalf of re-encryption and realize being converted into being awarded by the ciphertext of the public key encryption of Delegator
The ciphertext of the public key encryption of power side Delegatee, reversely cannot;Two-way re-encryption of acting on behalf of then can be while realize reverse
Ciphertext is changed.
With the proposition for acting on behalf of re-encryption method, increasing encryption method is combined with the thought for acting on behalf of re-encryption
Define and act on behalf of re-encryption scheme under different encryption systems.Consideration is existing at present to act on behalf of re-encryption scheme, before ciphertext conversion
Encryption system afterwards is identical;If that is, after acting on behalf of re-encryption using the ciphertext process that IBE encryption systems are encrypted
It is still the ciphertext under IBE encryption systems, this has limited to the scope of application of user under some application scenarios.With the use under cloud environment
As a example by the information encryption storage of family, under the not enough restriction of oneself storage capacity, selection upload the data to high in the clouds clothes to such user
Business device, the purpose of security and saving storage overhead for protection data, will hold the user of distributed storage data with IBE
Encryption system is organized, and each data is held user and is assigned with unique public, private key pair by PKG;Hold use in data
Before family upload the data to cloud server, the public key being assigned to according to oneself first is encrypted to data, then is transmitted
Store to high in the clouds.Data after encryption only have the user oneself decrypt, it is to avoid data suffer what malicious server was divulged a secret
It is dangerous.
However, when data are held user and want to carry out data sharing with multiple users, acting on behalf of re-encryption according to existing
Method, then occur in that 2 points of restrictions:Authorized user needs also exist for possessing legal identity among the IBE encryption systems first;
Secondly authorized user needs to be sent to agent according to the identity of each authorized user generation transition key.It is square when being authorized to
Be organized with other encryption systems in the case of, it is existing to act on behalf of re-encryption and just successfully carry out.Therefore, we invent
A kind of scope of application wider, function more comprehensive " acting on behalf of re-encryption across encryption system " method --- can easily realize from
IBE encryption systems are changed to the ciphertext of acting on behalf of of IBBE encryption systems.IBE encryption systems and IBBE encrypt system in the methods of the invention
System is exist independently of one another, respectively the systematic parameter with oneself, and agent act as bridge beam action in transfer process,
IBE systems are got up with IBBE interconnections.By transition key, the ciphertext after public key encryption in IBE systems is converted into
Ciphertext in IBBE systems after public key encryption, realizes the cross-system decryption of user.
Due to IBE encryption systems it is different with the public key not only used by IBBE encryption systems and close in IBE encryption systems
Text is that, according to an identity ciphering, IBBE is the identity set encryption constituted according to multiple identity, close after both encryptions
Literary version necessarily has very big difference, how successfully to realize that ciphertext is changed, and is the problem that our invention is mainly solved.Base
In a kind of existing efficiently succinct IBBE encipherment schemes, we construct a kind of brand-new IBE encryption systems.First, we
Make authorized party that origination message is used the public key of oneself, the IBE encryption systems encryption designed according to us, only authorized party are certainly
Oneself private key can be with successful decryption.Subsequently, authorized party side selects random number, blinds the private key of oneself, by the random number according to quilt
The identity set of authorized user, is encrypted using the systematic parameter in IBBE systems.Meet identity authorized user set in
User can obtain the random value with successful decryption, finally recover cleartext information.Additionally, the present invention acts on behalf of re-encryption for unidirectional
Method, authorized party cannot conspire to reach the purpose of the ciphertext that decryption is authorized to side with agent, so as to farthest protect
The data safety of licensee.
(3) content of the invention:
1st, purpose:A kind of cross-system of identity-based acts on behalf of re-encryption method
The purpose of the present invention is to propose to a kind of cross-system of identity-based acts on behalf of re-encryption method, it is that one kind adds different
Identity base under close system acts on behalf of re-encryption method, and the method combines existing identity base encryption technology and acts on behalf of Re-encryption Technology
Advantage, easily can realize from authorized party to the ciphertext of authorized side change, while protect cleartext information in whole re-encryption
Will not suffer in journey that the malice for acting on behalf of re-encryption side is revealed;We are according to existing identity base broadcast enciphering (IBBE) scheme simultaneously
Identity base encryption (IBE) system of novelty is redesigned, existing IBBE encryption systems decryption speed is fast, ciphertext remaining
While the characteristic such as short, the ciphertext across IBE to IBBE systems is made to be converted into possibility.
2nd, technical scheme:
The present invention includes five entities:1) private key generates center (Private Key Generator, PKG):With checking
User identity, calculates generation, the mechanism of dispatch user private key functionality;2) decrypt authorized party (Delegator):With encryption, life
Into the personal or social framework of transition key function;3) act on behalf of re-encryption side (Proxy):With according to re-encrypted private key Re-
The personal or social framework of encryption Key (RK) conversion ciphertexts;4) decrypt and be authorized to side (Delegatee):With decryption
The personal or social framework of function;5) file management side (File Manager):Social framework with data storage function.
First, we define the identity of user --- ID, represent user's identity in systems, be expressed as a string it is arbitrary
Character string.Secondly, we define user identity set --- S in IBBE systems, represent broadcast enciphering towards user identity collection
Close, the element in set is the identity of user in IBBE systems.As bilinearity is reflected used in the algorithm designed by the present invention
Penetrate the mathematical knowledge with impact resistant hash function these two aspects.The special definition at this to bilinear map and impact resistant hash function
Make explanations with characteristic.
2.1 Bilinear map
We define a kind of Function Mapping e (. .), by groupIn element be mapped to groupIn, i.e.,:
The characteristic that Bilinear map meets has:
1. bilinear characteristics:ForThere are e (ga,hb)=e (g, h)abSet up;
2. non-degeneracy:At least there is an element g in group so that the e (g, g) after calculating isCertain generation of group
Unit;
3. computability:There is effective algorithm so that all ofThe value of e (u, v) can effectively be calculated;
Wherein, ZpExpression set 0,1,2 ..., p-1 }.
2.2 impact resistant hash functions
Hash function used in the present invention possesses two fundamental characteristics:One-way and anti-collision;One-way is only referred to
Output can be derived from the input of hash function, and input can not be calculated from the output of hash function;Anti-collision is referred to not
Two different hash functions inputs can be found makes the result after its Hash identical.Hash algorithm input in the present invention is user
Identity ID, represented with arbitrary string form;It is output as being mapped to domain ZpIn element.
2.3 plan content
The present invention acts on behalf of re-encryption method for a kind of cross-system of identity-based, and the method is added by initialization module, data
Close module, private key generation module, transition key generation module, re-encryption module and deciphering module are acted on behalf of, six modules totally 15
Step realizes its function, and the system architecture diagram for acting on behalf of re-encryption method designed by the present invention will be as shown in figure 1, will in conjunction with Fig. 1
The function introduction of the method for the invention and each module is as follows.
A kind of cross-system of identity-based of the present invention acts on behalf of re-encryption method, and its practice is as follows:
Module one:Initialization module
The user that authorized user's set in system security parameter λ, IBBE system can be included in this module by PKG
Transformation (m-1) exports master key MSK as inputIBE、MSKIBBE, and public key PKIBE、PKIBBE.Public key can be disclosed,
And master key then must PKG hold in close confidence, can not reveal.The realization of the functions of modules is specifically divided into following four steps:
Step 1:PKG input system security parameter λ first, then run algorithm g (1λ), two exponent numbers of output are prime number p
GroupWith a bilinear map computing
Step 2:
Next PKG runs Generating Random Number, random selectionCertain in group generates unit g,One in group
Element h, andAn element α in domain is used as Stochastic;
Step 3:PKG runs a Bilinear map computing, twice exponentiation and (m-1) secondary multiplying, obtainsGroup
In element e (g, h), and(m+1) individual element in group
Step 4:Finally, PKG selects a kind of impact resistant hash function H (), the function to meet impact resistant hash function
All characteristics, input can be arbitrary character string, be output as being mapped to domainIn a certain element.Walk through aforementioned four
Suddenly the parameter for obtaining:
Can be with external disclosure as the public key of IBBE encryption systems;The public key of IBE encryption systems is different from above-mentioned public key,
For:
The master key of IBE with IBBE encryption systems is identical, is:
MSKIBE=MSKIBBE=(g, α)
Taken care of by PKG;
Wherein, " algorithm g (1 described in step 1λ) ", its operation method is as follows:Private key generates center (PKG) input
System security parameter λ, according to the size of λ, the corresponding elliptic curve of Systematic selection:Y2=X3+ aX+b (a and b are coefficients), then by
Point on elliptic curve constitutes the group of two prime number p ranksA kind of Function Mapping e is selected, by groupIn element mapping
To groupIn;Security parameter numerical value is bigger, and the point on selected elliptic curve is also more, and group is also bigger.
Wherein, described in step 2 " Generating Random Number ", its way are as follows:According to ellipse selected in step 1
Curve:Y2=X3+ aX+b, randomly chooses value x of independent variable X1, calculate value y of correspondence dependent variable Y1;If point (x1,y1)
We are wanted in the group for mapping, then be successfully generated random element.If point (x1,y1) not in group, then continue to select the value of X, directly
To finding the point occurred in group.Additionally, domainSet { 1,2 ..., p-1 } is represented, domain is randomly choosedMiddle element it is random
Number generating function can call built-in function to run from Pairing-Based Cryptosystems function bags.Hereinafter mention
Generating Random Number all run as stated above.
Wherein, described in step 3 " operation Bilinear map computing ", its way is as follows:The input of independent variable is group
In element g, h, be output as groupIn element:e(g,h).
Wherein, described in step 4 " impact resistant hash function H () ", equally can be from Pairing-Based
Built-in function is called to run in Cryptosystems function bags.
Module two:Private key generation module
The module is input into a certain user and is existed by the user's distribution private key in PKG respectively IBE systems and IBBE systems, module
Identity ID and master key MSK in systemIBEOr MSKIBBE, generate corresponding private key SKIBEOr SKIBBE, and the private key of output is sent out
Give each system user keeping.The functions of modules is embodied as following two steps:
Step 5:PKG operations impact resistant hash function H (), is calculated
ID in formulaIBERepresent the identity of user in IBE encryption systems, IDIBBERepresent user in IBBE encryption systems
Identity, with a string arbitrary string representations;
Step 6:PKG runs an add operation, once seeks derivative action and seeks exponent arithmetic, calculates according to formula below
Obtain the private key for user in IBE encryption systems:
And, the private key of user in IBBE encryption systems:
Module three:Data encryption module
Authorized party (Delegator) in IBE encryption systems is in this module by public key PKIBEWith the identity of oneself
IDIBEAnd message M to be encrypted is used as input, ciphertext CT after output encryptionIBE, and ciphertext data are uploaded to into file management
Square outsourcing storage.The realization of the functions of modules is divided to following two steps:
Step 7:Authorized party is Delegator operations impact resistant hash function H (), is calculated
Step 8:Authorized party is Delegator operation Generating Random Numbers, randomly chooses domainIn element s make
For index, multiplication and three exponentiations twice are run according to formula below, obtained:
C0=Me (g, h)s,
Last ciphertext is output as:CTIBE=(C0,C1), the ciphertext is identity ID according to DelegatorIBEEncryption, therefore
The private key SK of only Delegator oneselfIBECan decrypt;
Module four:Transition key generation module
The private that from PKG at obtain of the authorized party (Delegator) in IBE encryption systems in this module according to oneself
Key SKIBE, in IBBE encryption systems the identity set S and IBBE encryption system of authorized user (Delegatee) public key
PKIBBE, calculate and generate transition key --- RKIBE→IBBE, and the transition key of generation is sent to act on behalf of re-encryption side to weight
Use during encryption.The realization of the functions of modules is specifically divided into following three steps:
Step 9:Authorized party is that Delegator runs Generating Random Number first, random selectionCertain unit in group
ElementAs blinding factor;
Step 10:For each identity in authorized user (Delegatee) identity set S, Delegator operation n
Secondary impact resistant hash function H (), obtains:
H(ID1IBBE),H(ID2IBBE)…H(IDnIBBE)
Wherein n represents the identity quantity in user's set;
Step 11:Authorized party is Delegator operation Generating Random Numbers, randomly chooses domainIn an element v
As index;Multinomial time exponentiation and multiplying are run according to the following formula, are obtained:
C0'=ke (g, h)v,
The result for obtaining is expressed as by we:
R=(C0',C1')
Through final step multiplying SKIBEK, mandate conveniently generate transition key:
RKIBE→IBBE=(SKIBE·k,R)
Wherein, the use that the identity set S of authorized user (Delegatee) is defaulted as in all set knows per family.
Module five:Act on behalf of re-encryption module
Act on behalf of re-encryption side (Proxy) obtain Delegator generation transition key after, from from file management side under
Carry encryption data CT that authorized party uploadsIBE, and according to transition key RKIBE→IBBEWith ciphertext CT for needing conversionIBE, calculating side
Ciphertext after must changing, the function of the module is calculated by following steps to be realized:
Step 12:Proxy runs a Bilinear map and a division arithmetic according to the following formula, obtains:
Ciphertext after acting on behalf of re-encryption is:
CTIBE→IBBE=(D0,C1,R);
Module six:Deciphering module
We assume that identity of a certain authorized side (Delegatee) in the identity set S of authorized user is
IDiIBBE, the private key in correspondence IBBE encryption systems is SKiIBBE.Delegatee receives the private key of PKG generations and adds from agency again
Download and obtain re-encryption ciphertext CT in close side (Proxy) placeIBE→IBBEAfterwards, private key information SK according to oneselfIBBEWith authorized use
The identity set S at family, can decrypt and obtain blinding factor k, and mono- step simple calculations of Jing is just obtained clear-text message M, the module
Functional realiey be specifically divided into following 3 steps:
Step 13:Be authorized to side be Delegatee first against each identity in the identity set S of authorized user,
Impact resistant hash function H () of operation obtains:
H(ID1IBBE),H(ID2IBBE)…H(IDnIBBE)
N in formula represents the identity quantity in user's set;
Step 14:Be authorized to side be Delegatee run according to the following formula Bilinear map computing twice and multinomial sub-addition,
Even multiplication is obtained:
A division arithmetic is carried out again, and blinding factor k is obtained:
Step 15:Finally, be authorized to side be Delegatee according to the following formula through a Bilinear map and multiplying, obtain
To last clear-text message M:
3rd, advantage and effect:
The present invention provides a kind of cross-system of identity-based and acts on behalf of re-encryption method, can be used at authorized party and authorized side
Ciphertext conversion under different encryption systems, its advantage and effect are:
1) the inventive method constructs a kind of identity base first on the basis of existing identity base broadcast enciphering (IBBE) scheme
Encryption (IBE) scheme, the program have the advantages that key is little, ciphertext is short.
2) the inventive method is introduced and acts on behalf of re-encryption side, and the ciphertext of the public key encryption with authorized party is converted into being awarded
The ciphertext of the public key encryption of Quan Fang so that the ciphertext that can only be decrypted with the private key of authorized party before re-encryption is converted to authorized
The ciphertext that can also decrypt of private key of side so that the step of encryption information shared had both been saved loaded down with trivial details decryption and re-encrypt, together
When ensured the security of sharing information.
3) the inventive method with the conventional maximum advantage of re-encryption method of acting on behalf of with innovative point is:The method passes through generation
User under different encryption systems is connected by the thought of reason re-encryption, easily realizes the shared of encryption information;It is existing
Act on behalf of re-encryption method to be only applicable to authorized party and be authorized to situation of the side under identical encryption system, which greatly limits use
The scope of application at family.The inventive method combines the encryption of identity base and identity base broadcast enciphering side extensively come into operation now
Method, causes the encryption file-sharing of cross-system to be possibly realized by the participation of agent.
4) authorized party in the inventive method only need to be according to the private key of oneself and IBBE encryption systems before proxy-encrypted
Under user identity set S, transition key can be generated according to the public key information of IBBE systems;Blind authorized party's oneself first
Private key, then IBBE system encryptions are used to blinding information, it is ensured that only user of the identity in S can decrypt the information of blinding
So as to recover final plaintext.
5) in the inventive method act on behalf of ciphertext and transition key of the re-encryption side in the case where IBE systems are obtained after ciphertext is entered
During row re-encryption, any information of relevant user private key and plaintext can not be known, the method is particularly suitable in agency's weight
In encryption side's not exclusively believable applied environment.
(4) illustrate:
System architecture diagrams of the Fig. 1 for the method for the invention.
FB(flow block)s of the Fig. 2 for the method for the invention.
(5) specific embodiment
The present invention acts on behalf of re-encryption method for a kind of cross-system of identity-based, and as shown in Fig. 1,2, the method is by initializing
Module, private key generation module, data encryption module, transition key generation module, act on behalf of re-encryption module and deciphering module this six
Individual module is realized.The system flow for entirely acting on behalf of the operation of re-encryption method is shown in Fig. 2, with reference to FB(flow block), by the concrete of the method
Realize that step is described below:
Module one:Initialization module
The realization of the functions of modules is specifically divided into four steps:
Step 1:PKG input system security parameter λ first, operation algorithm g (1λ), export group of two exponent numbers for prime number pWith a bilinear map computing
Step 2:
Next PKG runs Generating Random Number, random selectionCertain in group generates unit g,A unit in group
Plain h, andAn element α in domain is used as Stochastic.
Step 3:PKG runs a Bilinear map computing, twice exponentiation and (m-1) secondary multiplying, obtainsGroup
In element e (g, h), and(m+1) individual element in group
Step 4:Finally, PKG selects a kind of impact resistant hash function H (), the function to meet impact resistant hash function
All characteristics, input can be the character string of random length, be output as being mapped to domainIn a certain element.
Through the parameter that aforementioned four step is obtained:
Can be with external disclosure as the public key of IBBE encryption systems;The public key of IBE encryption systems is different from above-mentioned public key,
For:
The master key of IBE with IBBE encryption systems is identical, is:
MSKIBE=MSKIBBE=(g, α)
Taken care of by PKG.
Wherein, " algorithm g (1 described in step 1λ) ", its operation method is as follows:Private key generates center (PKG) input
System security parameter λ, according to the size of λ, the corresponding elliptic curve of Systematic selection:Y2=X3+ aX+b (a and b are coefficients), then by
Point on elliptic curve constitutes the group of two prime number p ranksA kind of Function Mapping e is selected, by groupIn element mapping
To groupIn;Security parameter numerical value is bigger, and the point on selected elliptic curve is also more, and group is also bigger.
Wherein, " Generating Random Number " described in step 2, its way are as follows:It is bent according to ellipse selected in step 1
Line:Y2=X3+ aX+b, randomly chooses value x of independent variable X1, calculate value y of correspondence dependent variable Y1;If point (x1,y1) at me
Want map group in, then be successfully generated random element.If point (x1,y1) not in group, then continue to select the value of X, until
Find the point occurred in group.Additionally, domainSet { 1,2 ..., p-1 } is represented, domain is randomly choosedThe random number of middle element
Generating function can call built-in function to run from Pairing-Based Cryptosystems function bags.Hereinafter mention
Generating Random Number is all run as stated above.
Wherein, " the operation Bilinear map computing " described in step 3, its way is as follows:The input of independent variable is groupIn
Element g, h, are output as groupIn element:e(g,h).
Wherein, impact resistant hash function H () described in step 4 equally can be from Pairing-Based
Built-in function is called to run in Cryptosystems function bags.
Module two:Private key generation module
The functions of modules is embodied as two steps:
Step 5:PKG operations impact resistant hash function H (), is calculated:
ID in formulaIBERepresent the identity of user in IBE encryption systems, IDIBBERepresent user in IBBE encryption systems
Identity, with a string arbitrary string representations.
Step 6:PKG runs an add operation, once seeks derivative action and seeks exponent arithmetic, calculates according to formula below
Obtain the private key for user in IBE encryption systems:
And, the private key of user in IBBE encryption systems:
Module three:Data encryption module
Three steps of the realization of the functions of modules point:
Step 7:Delegator operations impact resistant hash function H (), is calculated
Step 8:Delegator runs Generating Random Number, randomly chooses domainIn an element s as index,
Multiplication and three exponentiations twice are run according to formula below, is obtained:
Last ciphertext is output as:CTIBE=(C0,C1), the ciphertext is identity ID according to DelegatorIBEEncryption, therefore
The private key SK of only Delegator oneselfIBECan decrypt.
Module four:Transition key generation module
The realization of the functions of modules is specifically divided into three steps:
Step 9:Delegator runs Generating Random Number first, random selectionCertain element in group
As blinding factor.
Step 10:For each identity in authorized user (Delegatee) identity set S, Delegator operation n
Secondary impact resistant hash function H (), obtains:
H(ID1IBBE),H(ID2IBBE)…H(IDnIBBE)
Wherein n represents the identity quantity in user's set.
Step 11:Delegator runs Generating Random Number, randomly chooses domainIn an element v as index;
Multinomial time exponentiation and multiplying are run according to the following formula, are obtained:
C0'=ke (g, h)v,
The result for obtaining is expressed as by we:
R=(C0',C1')
Through final step multiplying SKIBEK, mandate conveniently generate transition key:
RKIBE→IBBE=(SKIBE·k,R)
Wherein, the use that the identity set S of authorized user (Delegatee) is defaulted as in all set knows per family.
Module five:Act on behalf of re-encryption module
The function of the module is calculated by a step and is realized:
Step 12:Proxy runs a Bilinear map and a division arithmetic according to the following formula, obtains:
Ciphertext after acting on behalf of re-encryption is:
CTIBE→IBBE=(D0,C1,R)
Module six:Deciphering module
The functional realiey of the module is specifically divided into 3 steps:
Step 13:Delegatee once resists first against each identity in the identity set S of authorized user, operation
Collision hash function H () is obtained:
H(ID1IBBE),H(ID2IBBE)…H(IDnIBBE)
N in formula represents the identity quantity in user's set.
Step 14:Delegatee runs Bilinear map computing twice according to the following formula and multinomial sub-addition, company's multiplication are obtained
Arrive:
A division arithmetic is carried out again, and blinding factor k is obtained:
Step 15:Finally, Delegatee is according to the following formula through a Bilinear map and multiplying, obtains last bright
Literary message M:
Claims (5)
1. a kind of cross-system of identity-based acts on behalf of re-encryption method, and the enforcement of the method is based on following modules:
Module one:Initialization module
Private key generate center be PKG in this module by system security parameter λ, the broadcast encryption method i.e. IBBE of identity-based
Number of users upper limit m-1 that authorized user's set can be included in system exports master key MSK as inputIBE、MSKIBBE,
And public key PKIBE、PKIBBE;Public key can disclose, and master key then must PKG hold in close confidence, can not reveal;
Module two:Private key generation module
The module is input into a certain user in system by the user's distribution private key in PKG respectively IBE systems and IBBE systems, module
In identity ID and master key MSKIBEOr MSKIBBE, generate corresponding private key SKIBEOr SKIBBE, and the private key of output is sent to
Each system user keeping;
Module three:Data encryption module
Authorized party Delegator in IBE encryption systems is in this module by public key PKIBEWith identity ID of oneselfIBEAnd
Message M to be encrypted is used as input, ciphertext CT after output encryptionIBE, and ciphertext data are uploaded to into the outsourcing of file management side deposit
Storage;
Module four:Transition key generation module
Authorized party in IBE encryption systems is the private keys that from PKG at obtain of the Delegator according to oneself in this module
SKIBE, authorized user is the public key of the identity set S and IBBE encryption system of Delegatee in IBBE encryption systems
PKIBBE, calculate and generate transition key --- RKIBE→IBBE, and the transition key of generation is sent to act on behalf of re-encryption side to weight
Use during encryption;
Module five:Act on behalf of re-encryption module
Re-encryption side i.e. Proxy is acted on behalf of after the transition key for obtaining Delegator generations, is downloaded from from file management side and is awarded
Encryption data CT that Quan Fang is uploadedIBE, and according to transition key RKIBE→IBBEWith ciphertext CT for needing conversionIBE, calculate Fang get Zhuan
Ciphertext after changing;
Module six:Deciphering module
Assume that identity of a certain i.e. Delegatee of authorized side in the identity set S of all authorized sides is IDiIBBE, correspondence
Private key in IBBE encryption systems is SKiIBBE;It is that Delegatee receives the private key of PKG generations and adds from agency again to be authorized to side
Close side is to download to obtain re-encryption ciphertext CT at ProxyIBE→IBBEAfterwards, private key information SK according to oneselfIBBEAwarded with all
The identity set S of Quan Fang, can decrypt and obtain blinding factor k, and mono- step simple calculations of Jing can just obtain clear-text message M;
It is characterized in that:The encryption method step is as follows:
Step 1:PKG input system security parameter λ first, then run algorithmGroup of two exponent numbers of output for prime number p With a bilinear map computing
Step 2:
Next PKG runs Generating Random Number, random selectionCertain in group generates unit g,An element h in group,
AndAn element α in domain is used as Stochastic;
Step 3:PKG runs a Bilinear map computing, twice exponentiation and (m-1) secondary multiplying, obtainsIn group
One element e (g, h), and(m+1) individual element in group
Step 4:PKG selects a kind of impact resistant hash function H (), the function to meet all characteristics of impact resistant hash function,
It is input into as arbitrary character string, is output as being mapped to domainIn a certain element;
Through the parameter that aforementioned four step is obtained:
As the public key energy external disclosure of IBBE encryption systems;The public key of IBE encryption systems is different from above-mentioned public key, is:
The master key of IBE with IBBE encryption systems is identical, is:
MSKIBE=MSKIBBE=(g, α)
Taken care of by PKG;
Step 5:PKG operations impact resistant hash function H (), is calculated
ID in formulaIBERepresent the identity of user in IBE encryption systems, IDIBBEThe identity of user in IBBE encryption systems is represented,
With a string arbitrary string representations;
Step 6:PKG runs an add operation, once seeks derivative action and seeks exponent arithmetic, is calculated according to formula below
Private key for user in IBE encryption systems:
And, the private key of user in IBBE encryption systems:
Step 7:Authorized party is Delegator operations impact resistant hash function H (), is calculated
Step 8:Authorized party is Delegator operation Generating Random Numbers, randomly chooses domainIn an element s as finger
Number, runs multiplication and three exponentiations twice according to formula below, obtains:
Last ciphertext is output as:CTIBE=(C0,C1), the ciphertext is identity ID according to DelegatorIBEEncryption, therefore only
Authorized party is the private key SK of Delegator oneselfIBECan decryption;
Step 9:Authorized party is that Delegator runs Generating Random Number first, random selectionCertain element in groupAs blinding factor;
Step 10:It is each identity in Delegatee identity set S for being authorized to side, authorized party is Delegator operations
N impact resistant hash function H (), obtains:
H(ID1IBBE),H(ID2IBBE)…H(IDnIBBE)
Wherein n represents the identity quantity in user's set;
Step 11:Authorized party is Delegator operation Generating Random Numbers, randomly chooses domainIn an element v conduct
Index;Multinomial time exponentiation and multiplying are run according to the following formula, are obtained:
C0'=ke (g, h)v,By the result for obtaining
It is expressed as:
R=(C0',C1')
Through final step multiplying SKIBEK, authorized party are that Delegator just generates transition key:
RKIBE→IBBE=(SKIBE·k,R)
Wherein, it is authorized to the use that is defaulted as in all set of identity set S that side is Delegatee to know per family;
Step 12:Act on behalf of re-encryption side i.e. Proxy and run a Bilinear map and a division arithmetic according to the following formula,
Obtain:
Ciphertext after acting on behalf of re-encryption is:
CTIBE→IBBE=(D0,C1,R);
Step 13:Authorized side is Delegatee first against each identity in the identity set S of authorized user, operation
One time impact resistant hash function H () obtains:
H(ID1IBBE),H(ID2IBBE)…H(IDnIBBE)
N in formula represents the identity quantity in user's set;
Step 14:It is that Delegatee runs Bilinear map computing twice and multinomial sub-addition, Lian Cheng according to the following formula to be authorized to side
Computing is obtained:
A division arithmetic is carried out again can obtain blinding factor k:
Step 15:Finally, be authorized to side be Delegatee according to the following formula through a Bilinear map and multiplying, obtain most
Clear-text message M afterwards:
2. a kind of cross-system of identity-based according to claim 1 acts on behalf of re-encryption method, it is characterised in that:In step
" algorithm described in 1", its operation method is as follows:It is PKG input system security parameter λ that private key generates center, according to λ
Size, the corresponding elliptic curve of Systematic selection:Y2=X3+ aX+b, a and b are coefficients, then constitute two by the point on elliptic curve
The group of individual prime number p rank A kind of Function Mapping e is selected, by groupIn element be mapped to groupIn;Security parameter number
Value is bigger, and the point on selected elliptic curve is also more, and group is also bigger.
3. a kind of cross-system of identity-based according to claim 2 acts on behalf of re-encryption method, it is characterised in that:Step 1
In selected elliptic curve:Y2=X3+ aX+b, randomly chooses value x of independent variable X1, calculate value y of correspondence dependent variable Y1;
If point (x1,y1) in the group for wanting to map, then it has been successfully generated random element;If point (x1,y1) not in group, then continue choosing
The value of X is selected, until finding the point occurred in group;Additionally, domainSet { 1,2 ..., p-1 } is represented, domain is randomly choosedIn
The random number generation function of element can call built-in function to run from Pairing-BasedCryptosystems function bags.
4. a kind of cross-system of identity-based according to claim 1 acts on behalf of re-encryption method, it is characterised in that:In step
" operation Bilinear map computing " described in 3, its way is as follows:The input of independent variable is groupIn element g, h, be output as groupIn element:e(g,h).
5. a kind of cross-system of identity-based according to claim 1 acts on behalf of re-encryption method, it is characterised in that:In step
" impact resistant hash function H () " described in 4, equally can adjust from Pairing-Based Cryptosystems function bags
Run with built-in function.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410280293.3A CN104038341B (en) | 2014-06-20 | 2014-06-20 | A kind of cross-system of identity-based acts on behalf of re-encryption method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410280293.3A CN104038341B (en) | 2014-06-20 | 2014-06-20 | A kind of cross-system of identity-based acts on behalf of re-encryption method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104038341A CN104038341A (en) | 2014-09-10 |
CN104038341B true CN104038341B (en) | 2017-04-05 |
Family
ID=51468938
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410280293.3A Active CN104038341B (en) | 2014-06-20 | 2014-06-20 | A kind of cross-system of identity-based acts on behalf of re-encryption method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104038341B (en) |
Families Citing this family (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104320393B (en) * | 2014-10-24 | 2018-04-17 | 西安电子科技大学 | The controllable efficient attribute base proxy re-encryption method of re-encryption |
CN104539610B (en) * | 2014-12-25 | 2017-10-27 | 华中科技大学 | A kind of proxy re-encryption method for improving outsourcing encryption data sharing functionality |
CN104519071B (en) | 2015-01-12 | 2017-08-11 | 北京科技大学 | It is a kind of that there is the group's encryption and decryption method and system for selecting and excluding function |
CN104811450B (en) * | 2015-04-22 | 2017-10-17 | 电子科技大学 | The date storage method and integrity verification method of a kind of identity-based in cloud computing |
CN104836657B (en) * | 2015-05-27 | 2018-01-26 | 华中科技大学 | A kind of identity-based anonymity broadcast encryption method with efficient decryption features |
CN105763528B (en) * | 2015-10-13 | 2018-11-13 | 北方工业大学 | The encryption device of diversity person's anonymity under a kind of mixed mechanism |
CN105743646B (en) * | 2016-02-03 | 2019-05-10 | 四川长虹电器股份有限公司 | A kind of Identity based encryption method and system |
WO2017139652A1 (en) * | 2016-02-10 | 2017-08-17 | MobileIron, Inc. | Securely storing and distributing sensitive data in a cloud-based application |
CN106100844B (en) * | 2016-05-24 | 2020-08-18 | 天津大学 | Optimized automatic bilinear pairing encryption method and device based on point blinding method |
CN106790259A (en) * | 2017-01-25 | 2017-05-31 | 国家电网公司 | A kind of asymmetric across cryptographic system re-encryption, decryption method and system |
CN107086912B (en) * | 2017-04-10 | 2020-02-07 | 国家电网公司 | Ciphertext conversion method, decryption method and system in heterogeneous storage system |
CN108063752B (en) * | 2017-11-02 | 2020-05-08 | 暨南大学 | Credible gene detection and data sharing method based on block chain and agent re-encryption |
CN110858243B (en) * | 2018-08-24 | 2024-04-12 | 京东科技控股股份有限公司 | Page acquisition method and device for gateway |
CN109471610B (en) * | 2018-10-25 | 2021-03-19 | 北京链化未来科技有限公司 | Serial random number generation method, device and storage medium |
CN110505233A (en) * | 2019-08-29 | 2019-11-26 | 苏州同济区块链研究院有限公司 | A kind of method of anti-conspiracy/secret protection proxy re-encryption |
CN110719295B (en) * | 2019-10-21 | 2020-12-29 | 武汉大学 | Identity-based food data security-oriented proxy re-encryption method and device |
CN111698083A (en) * | 2020-06-03 | 2020-09-22 | 湖南大学 | Attribute-based encryption method capable of outsourcing multiple authorization centers |
CN114531293B (en) * | 2022-02-25 | 2024-05-24 | 东南大学 | Cross-trust-domain based identity agent re-encryption method |
CN117056983B (en) * | 2023-10-13 | 2024-01-02 | 中国移动紫金(江苏)创新研究院有限公司 | Multistage controllable data sharing authorization method, device and blockchain system |
CN118041694A (en) * | 2024-04-11 | 2024-05-14 | 恒生电子股份有限公司 | Encrypted data authorization method, storage medium, program product and related device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101807991A (en) * | 2009-02-18 | 2010-08-18 | 上海交通大学 | Ciphertext policy attribute-based encryption system and method |
EP2372948A1 (en) * | 2010-03-19 | 2011-10-05 | Huawei Technologies Co., Ltd. | Method, device, and system for an identity-based forward-secure digital signature |
CN102624522A (en) * | 2012-03-30 | 2012-08-01 | 华中科技大学 | Key encryption method based on file attribution |
CN103647644A (en) * | 2013-12-26 | 2014-03-19 | 北京航空航天大学 | Attribute-based encryption method for achieving hierarchical certification authority |
-
2014
- 2014-06-20 CN CN201410280293.3A patent/CN104038341B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101807991A (en) * | 2009-02-18 | 2010-08-18 | 上海交通大学 | Ciphertext policy attribute-based encryption system and method |
EP2372948A1 (en) * | 2010-03-19 | 2011-10-05 | Huawei Technologies Co., Ltd. | Method, device, and system for an identity-based forward-secure digital signature |
CN102624522A (en) * | 2012-03-30 | 2012-08-01 | 华中科技大学 | Key encryption method based on file attribution |
CN103647644A (en) * | 2013-12-26 | 2014-03-19 | 北京航空航天大学 | Attribute-based encryption method for achieving hierarchical certification authority |
Non-Patent Citations (1)
Title |
---|
"Experimental performance comparisons between (H)IBE schemes over composite-order and prime-order bilinear groups";Weiran Liu, Xiao Liu, Qianhong Wu, Bo Qin;《Proceedings of 2014 11th International Bhurban Conference on Applied Sciences & Technology (IBCAST)》;20140327;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN104038341A (en) | 2014-09-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104038341B (en) | A kind of cross-system of identity-based acts on behalf of re-encryption method | |
CN103647642B (en) | A kind of based on certification agency re-encryption method and system | |
Song et al. | Efficient Attribute‐Based Encryption with Privacy‐Preserving Key Generation and Its Application in Industrial Cloud | |
CN104168108B (en) | It is a kind of to reveal the traceable attribute base mixed encryption method of key | |
CN104135473B (en) | A kind of method that identity base broadcast enciphering is realized by the attribute base encryption of Ciphertext policy | |
CN102811125B (en) | Certificateless multi-receiver signcryption method with multivariate-based cryptosystem | |
CN104158880B (en) | User-end cloud data sharing solution | |
CN101977112B (en) | Public key cipher encrypting and decrypting method based on neural network chaotic attractor | |
CN102523093B (en) | Encapsulation method and encapsulation system for certificate-based key with label | |
CN104320393B (en) | The controllable efficient attribute base proxy re-encryption method of re-encryption | |
CN104301108B (en) | It is a kind of from identity-based environment to the label decryption method without certificate environment | |
CN109831430A (en) | Safely controllable efficient data sharing method and system under a kind of cloud computing environment | |
CN103746811B (en) | Anonymous signcryption method from identity public key system to certificate public key system | |
CN106375346A (en) | Condition-based broadcast agent re-encryption data protection method for cloud environment | |
CN104363218A (en) | Proxy re-encryption method and system on basis of certificate conditions | |
CN107172043B (en) | A kind of smart power grid user sale of electricity method based on homomorphic cryptography | |
CN113141247B (en) | Homomorphic encryption method, homomorphic encryption device, homomorphic encryption system and readable storage medium | |
CN107086912B (en) | Ciphertext conversion method, decryption method and system in heterogeneous storage system | |
CN106790259A (en) | A kind of asymmetric across cryptographic system re-encryption, decryption method and system | |
CN106713349A (en) | Inter-group proxy re-encryption method capable of resisting selected ciphertext attack | |
CN104993929B (en) | A kind of attribute-based encryption system that system property is supported to extend and method | |
Ming et al. | Proxy signcryption scheme in the standard model | |
CN103746810B (en) | Anonymous sign-cryption method from certificate public key system to identity public key system | |
Chen et al. | A restricted proxy re‐encryption with keyword search for fine‐grained data access control in cloud storage | |
CN114095171A (en) | Identity-based wearable proxy re-encryption method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |