CN104135473A - A method for realizing identity-based broadcast encryption by ciphertext-policy attribute-based encryption - Google Patents

Abstract

There is provided a method for realizing identity-based broadcast encryption by ciphertext-policy attribute-based encryption. The steps of the method are as follows: in step 1, a PKG (Private Key Generator) inputs a safety coefficient of a system to output an initialization parameter; in step 2, the PKG runs a random number generation algorithm to choose a random number required for the system; in step 3, the PKG executes operation to obtain a public key and a master secret key; in step 4, an encrypting party chooses the random number and completes operation to output a part of ciphertext; in step 5, the encrypting party executes calculation according to a set of identities of decrypting users to obtain the remaining part of the ciphertext; in step 6, the PKG runs a random number generation algorithm to obtain a random parameter; in step 7, the PKG executes calculation according to the master secret key and the identity of the user to obtain a private key SKID; in step 8, a decrypting party conforming to requirement is able to execute calculation according to the private key and the ciphertext to obtain K; and in step 9, the decrypting user is able to output correct plaintext by executing calculation according to the K. According to the invention, a development cycle and system load are reduced greatly, and chosen ciphertext attack can be resisted, which ensures safety and effectiveness of the scheme.

Description

A kind of attribute base by ciphertext strategy is encrypted the method that realizes identity base broadcast enciphering

(1) technical field:

The invention provides a kind of attribute base by ciphertext strategy and encrypt the method that realizes identity base broadcast enciphering,, referred to as a kind of method that is realized IBBE by CP-ABE, it can be used for the secure communication in data-driven network, belongs to field of cryptography in information security.

(2) technical background:

People propose and have designed many novel data-driven networks in recent years, such as social networks, radio sensing network, electronic health care network etc., and the collection that this network is data provides one mode more flexibly.It allows data to be collected by distributed terminal, shares for individual or group.For example, in electronic health care network, patient's IMR is collected and stored in data center, so that patient goes when medical for doctor's inquiry.Some researchers, authoritative institution etc. also likely can use these data.The storage of digital document, processing and easy to use, this makes these networks have obvious advantage compared to the management system of traditional paper document.

In these emerging networks, the secret protection of data is very important problems.For example, the user's personal information being stored in social networks is likely supplied business's abuse, even may reveal to offender.Once offender has obtained user's the information such as address, phone, may cause very serious consequence.Again for example, in electronic health care network, patient's medical record information is unusual secret, only has authorized individual or authoritative institution to access and obtains.Case history leakage event is not only the question of morality about individual privacy, more likely the spirit to patient and causing serious injury economically.

Can to protect privacy of user in order finding, to make again data obtain the method for rationally utilizing, people have proposed many encryption systems that are applicable to data-driven network, particularly public key encryption system.The public key encryption system of extensive use in this network system comprises broadcast enciphering (Broadcast Encryption, BE), identity base is encrypted (Identity-Based Encryption, IBE), identity base broadcast enciphering (Identity-Based Encryption, IBBE) and attribute base encrypt (Attribute-Based Encryption, ABE) etc.

In public-key cryptosystem, encryption and decryption are used respectively different keys: wherein encryption key (being PKI) is can be disclosed, and decruption key (being private key) only has deciphering people oneself to know.The open use of encryption key, makes the distribution of key and management simpler than DSE arithmetic.Broadcast enciphering (Broadcast Encryption, BE) be a kind of on insecure channels to the cryptographic system of one group of user's transmission encrypting information, in this system, system is user assignment user index (User Index), then it can make sender choose any user index set to carry out broadcast enciphering, only has the authorized user can decrypting ciphertext.Identity base is encrypted (Identity-Based Encryption, IBE) concept proposes by Shamir is creative, in this public-key cryptography scheme, user's the direct PKI as user of identity id information (as ID card No., telephone number and addresses of items of mail etc.), without binding by digital certificate.Identity base broadcast enciphering (Identity-Based Encryption, IBBE) be that the one that broadcast enciphering is encrypted with identity base is combined, it can user identity id information to message encryption, and be broadcast to one group of user, user uses the private key corresponding with its ID to decipher.Attribute base is encrypted (Attribute-Based Encryption, ABE) be the one expansion of IBE, it replaces identity as least unit with attribute, the attribute base that comprises key strategy is encrypted (Key-Policy Attribute-Based Encryption, KP-ABE) and the attribute base of ciphertext strategy encrypt (Ciphertext-Policy Attribute-Based Encryption, CP-ABE), KP-ABE refers to, construct key and construct ciphertext by community set by access structure (Access Structure), when can meeting this access structure, can decipher the attribute in community set, CP-ABE refers to, is constructed ciphertext and by the incompatible structure key of property set, in the time that the attribute in community set can meet this access structure, could be deciphered by access structure.Fig. 1 has provided the access control tree in a kind of electronic health care network, and access control policy is wherein:

Doctor (Doctor), nurse (Nurse) and operation (Surgery) wherein represents user's attribute, and above-mentioned access control policy specifically describes and is: only have doctor or the nurse of the operation be responsible for to access.

For example, in the time that these cryptographic systems are applied in data-driven network that (electronic health care network) realizes the access control of private data, there is a very actual problem: although the cryptographic system of many approved safes has various advantages (as regular length ciphertext/PKI, efficient encryption/decryption procedures etc.), nearly all system is all independent design separately.Owing to existing different access control demands in an objective network, Security Officer has to adopt multiple cryptographic system simultaneously, adapts to different demands for security.This has just caused the exploitation cost of repetition and heavy system management burden.We are as the example in next group electronic health care network.

First is the typical scene that uses IBBE in electronic health care network: patient prepares a consultation of doctors request to broadcast to doctor Alice, doctor Bob and doctor Carol.Whole process is used IBBE scheme, and patient, is broadcast in network by message encryption and by ciphertext as PKI with doctor's ID.Only having ID is that the doctor of Alice, Bob or Carol can be decrypted ciphertext, and knows patient's consultation of doctors demand, but the recipient that ID is Mallory can not know.

Second is the sight that uses ABE in electronic health care network: patient wants his case history to send to the doctor and the nurse that are responsible for his operation.Patient is encrypted case history by ABE scheme with access structure " (Doctor OR Nurse) AND Surgery ", then directly ciphertext is sent in electronic health care network, the recipient who only has attribute to meet access structure just can obtain patient's case history.

We can see, above two kinds of situations are closely similar.But because two kinds of situations have been used different cryptographic systems, developer must realize respectively IBBE and ABE system, thereby has increased development effort.How to realize different cryptographic systems by calling simply or heavily encapsulate same cipher function storehouse, become a considerable problem.

Intuitively, because the attribute base of ciphertext strategy is encrypted (Ciphertext-Policy Attribute-Based Encryption, CP-ABE) be the one expansion of IBE, also support broadcast, so seem just can realize simply conversion by the user identity user property in ABE being replaced with in IBBE simultaneously.But nearly all CP-ABE system has all been determined attribute at initial phase, but identity can be determined in encryption stage or key generation phase in IBBE system.So just make efficiently to convert to for a problem.

Based on above background, we have invented and have a kind ofly utilized CP-ABE system to realize the method for IBBE system by the calling and heavily encapsulation of existing function library, and by having experimental results demonstrate high efficiency and the availability of our methods.

(3) summary of the invention:

1, object:

The object of this invention is to provide a kind of attribute base by ciphertext strategy and encrypt the method that realizes identity base broadcast enciphering, realized the method for IBBE by CP-ABE, can be used for the secure communication in data-driven network, avoid the repeated work in development process, greatly reduce development effort, there is high security and high efficiency simultaneously.

2, technical scheme:

Main mathematic sign and algorithmic translation:

1) bilinear map in the present invention program's initialization module, by input coefficient of safety λ, executing arithmetic g (1 ^λ), can obtain the cyclic group that two exponent numbers are prime number p

Bilinear map meets following three characteristics:

1. bilinear characteristics: for all there is e (g ^a, h ^b)=e (g, h) ^abset up;

2. non-degeneracy: in group, at least there is an element g, the e (g, g) after calculating is existed in group, there is exponent number p;

3. computability: have effective algorithm, make all can effectively calculate the value of e (u, v);

2) hash algorithm: the anti-collision hash function using in the present invention possesses two fundamental characteristics: one-way and anti-collision; One-way refers to and can only derive output from hash function input, calculate input and can not export from hash function; Anti-collision refers to and can not find two different inputs to make its Hash result identical simultaneously.

3) access control tree: in access control tree, leaf node represents attribute, and nonleaf node represents threshold value door.Each nonleaf node is defined by its son node number and threshold value, makes num _xrepresent the son node number of x node, k _xrepresent the threshold value of x node.Work as k _x=1 o'clock, threshold value door was exactly or door (OR); Work as k _x=num _xtime, threshold value door is exactly and door (AND).

This programme comprises three entities, 1) private key generating center (Private Key Generator, PKG): there is identifying user identity, calculate the mechanism of generation, dispatch user private key functionality.2) data encryption side (Encrypting Party): individual or the social framework with encryption function; 3) user (User): individual or the social framework with decipher function.

This programme comprises four modules, is respectively initialization module, encrypting module, private key generation module and deciphering module.As shown in Figure 2, each module is carried out according to " initialization module " → " encrypting module " → " private key generation module " → " deciphering module " order.

A kind of attribute base by ciphertext strategy of the present invention is encrypted the method that realizes broadcast enciphering, is realized the method for IBBE by CP-ABE, and implementation step is as follows:

Module one: initialization module

Private key generating center be PKG in this module using system safety parameter lambda as input, output PKI PK and master key MSK.PKI PK external disclosure, master key MSK is by PKG keeping.The specific implementation of this functions of modules is divided into three steps:

Step 1:PKG is input system security parameter λ first, then executing arithmetic g (1 ^λ), export two groups that exponent number is prime number p with a bilinear map computing

Step 2:PKG moves Generating Random Number, and selecting at random exponent number is p ₁'s a generator g in group, selects a hash function and Z _p: 0,1 ..., and two element α in p-1} territory, β is as Stochastic.

Step 3:PKG carries out following computing:

MSK＝(β，g ^α)

PK is as PKI external disclosure, and MSK is taken care of by PKG as master key.

Wherein, at " the executing arithmetic g (1 described in step 1 ^λ) ", its way is as follows: PKG, according to the size of the security parameter λ of input, selects suitable elliptic curve: Y ²=X ³+ aX+b (a and b are coefficients).Form group according to the point on selected elliptic curve select a kind of Function Mapping e, by group in element map to group in go; Security parameter numerical value is larger, and the point on selected elliptic curve is also more, and group is also larger.

Wherein, at " Generating Random Number " described in step 2, its way is as follows: according to selected elliptic curve: y in step 1 ²=x ³+ ax+b, selects a value x of independent variable x at random ₁, calculate the value y of corresponding dependent variable y ₁; If point (x ₁, y ₁) want, in the group of mapping, successfully to have generated random element at us.If point (x ₁, y ₁) not in group, continue to select the value of x, until find the point appearing in group.Generating Random Number is hereinafter identical.

Wherein, at " the hash function described in step 2 " represent: the character being made up of binary number 0 and 1 is mapped to by hash function H in group.

Module two: encrypting module

Encryption side using PKI PK and message M to be encrypted and user identity S set to be received as input, obtains the ciphertext CT of output in this module after encryption.The realization of this functions of modules is divided into two steps:

Step 4: the random Z that selects in encryption side _p: 0,1 ..., an element t in p-1} territory, as index, completes following computing:

C ₀＝M·e(g，g) ^αt

C ₁＝h ^t

C ₂＝g ^t

Step 5: for calculate:

C _ID＝H(ID) ^t

Final ciphertext is output as:

$\mathrm{CT}=(C_0,C_1,C_2,$

$\∀\mathrm{ID}\∈S:C_{\mathrm{ID}}=H{\left(\mathrm{ID}\right)}^t)$

Module three: private key generation module

In this module, PKG is using master key MSK and user identity ID as input, the private key SK of respective user identity ID _iDfor output.The private key SK obtaining _iDto send to user with secured fashion.Be implemented as follows:

Step 6:PKG moves Generating Random Number, generates at random Z _p: 0,1 ..., and two element γ in p-1} territory, γ ' is as index.

Step 7:PKG, according to the MSK and the upper step income index that generate in module one, does following computing:

${\mathrm{SK}}_{\mathrm{ID}}=(D=g^{\frac{\mathrm{\α}+\mathrm{\γ}}{\mathrm{\β}}},D_{\mathrm{ID}}=g^{\mathrm{\γ}}\·H{\left(\mathrm{ID}\right)}^{{\mathrm{\γ}}^{\′}},D_{\mathrm{ID}}^{\′}=g^{\mathrm{\γ}\′})$

Obtain private key SK corresponding to user ID _iD.

Module four: deciphering module

User in S, as deciphering side, can be decrypted ciphertext.This module is with PKI PK, the private key SK that user ID is corresponding _iDfor inputting, output obtains message M with ciphertext CT, and concrete steps are as follows:

Step: 8: for the decrypted user in S, by the private key SK of self _iDfirst do following calculating:

$K=\frac{e(D,C_1)}{\frac{e(D_{\mathrm{ID}},C_2)}{e(D_{\mathrm{ID}},C_{\mathrm{ID}})}}=\frac{e(g^{\frac{\mathrm{\α}+\mathrm{\γ}}{\mathrm{\β}}},h^s)}{\frac{e(g^{\mathrm{\γ}}\·H{\left(\mathrm{ID}\right)}^{{\mathrm{\γ}}^{\′}},g^t)}{e(g^{\mathrm{\γ}},H\left({\left(\mathrm{ID}\right)}^t\right))}}=\frac{e(g^{\frac{\mathrm{\α}+\mathrm{\γ}}{\mathrm{\β}}},g^{\mathrm{\βs}})}{\frac{e(g^{\mathrm{\γ}},g^s)\·e(H{\left(\mathrm{ID}\right)}^{{\mathrm{\γ}}^{\′}},g^t)}{e(g^{\mathrm{\γ}},H{\left(\mathrm{ID}\right)}^t))}}$

$=\frac{e{(g,g)}^{(\mathrm{\α}+\mathrm{\γ})t}}{e{(g,g)}^{\mathrm{\γt}}}={e(g,g)}^{\mathrm{\αt}}$

Step 9: decrypted user, according to the K of upper step gained, by carrying out following computing, can calculate output message M:

$\frac{C_0}{K}=\frac{M\·e{(g,g)}^{\mathrm{\αt}}}{e{(g,g)}^{\mathrm{\αt}}}=M$

By above-mentioned module and step, we have completed the scheme that is realized IBBE by CP-ABE.By using existing CP-ABE kit, can realize easily the function of identity base broadcast enciphering, avoid unnecessary development effort.

3, advantage and effect:

A kind of attribute base by ciphertext strategy of the present invention is encrypted the method that realizes identity base broadcast enciphering, can be used for the secure communication between user in data-driven network, and its advantage and effect are:

1) the present invention utilizes existing CP-ABE encipherment scheme to realize respectively the function of IBBE, and developer can be realized with same instrument in the time of the encryption requirements in the face of different, has greatly reduced construction cycle and system burden.

2) the present invention has passed through the safety analysis under approved safe model, can resist selection ciphertext only attack, has guaranteed the fail safe of scheme;

3) the present invention has completed the realization of scheme by use cpabe toolkit, has proved the validity of scheme.

(4) brief description of the drawings:

A kind of access structure example in Fig. 1 electronic health care network;

Fig. 2 the method for the invention is realized the FB(flow block) of IBBE by CP-ABE;

Access structure used when Fig. 3 the method for the invention realizes IBBE by CP-ABE.

In figure, symbol description is as follows:

In Fig. 1, nonleaf node represents with circle, represents threshold value door (i.e. OR in figure or AND); Leaf node box indicating, representative of consumer attribute (i.e. Doctor in figure, Nurse or Surgery).

In Fig. 3, circle (OR) represents or door, the ID in square frame _irepresent user identity ID.

(5) embodiment

See shown in Fig. 1-3, this programme comprises four modules, is respectively initialization module, encrypting module, private key generation module and deciphering module.As shown in Figure 3, each module is carried out according to " initialization module " → " encrypting module " → " private key generation module " → " deciphering module " order.

A kind of attribute base by ciphertext strategy of the present invention is encrypted the method that realizes broadcast enciphering, is realized the method for IBBE by CP-ABE, and implementation step is as follows:

Module one: initialization module

PKG using system safety parameter lambda as input, exports PKI PK and master key MSK in this module.PKI PK external disclosure, master key MSK is by PKG keeping.The specific implementation of this functions of modules is divided into three steps:

Step 1:PKG is input system security parameter λ first, then executing arithmetic g (1 ^λ), export two groups that exponent number is prime number p with a bilinear map computing

Step 2:PKG moves Generating Random Number, and selecting at random exponent number is p ₁'s a generator g in group, selects a hash function and Z _p: 0,1 ..., and two element α in p-1} territory, β is as Stochastic.

Step 3:PKG carries out following computing:

MSK＝(β，g ^α)

Wherein, PK is as PKI parameter external disclosure, and MSK is taken care of by PKG as master key.

Module two: encrypting module

Encryption side using PKI PK and message M to be encrypted and user identity S set to be received as input, obtains the ciphertext CT of output in this module after encryption.The realization of this functions of modules is divided into two steps:

Step 4: the random Z that selects in encryption side _p: 0,1 ..., an element t in p-1} territory, as index, completes following computing:

C ₀＝M·e(g,g) ^αt

C ₁＝h ^t

C ₂＝g ^t

Step 5: for calculate:

C _ID＝H(ID) ^t

Final ciphertext is output as:

$\mathrm{CT}=(C_0,C_1,C_2,$

$\∀\mathrm{ID}\∈S:C_{\mathrm{ID}}=H{\left(\mathrm{ID}\right)}^t)$

Module three: private key generation module

In this module, PKG is using master key MSK and user ID as input, output private key for user SK _iD.Be implemented as follows:

Step 6:PKG moves Generating Random Number, generates at random Z _p: 0,1 ..., and two element γ in p-1} territory, γ ' is as index.

Step 7:PKG, according to the MSK and the upper step income index that generate in module one, does following computing:

${\mathrm{SK}}_{\mathrm{ID}}=(D=g^{\frac{\mathrm{\α}+\mathrm{\γ}}{\mathrm{\β}}},D_{\mathrm{ID}}=g^{\mathrm{\γ}}\·H{\left(\mathrm{ID}\right)}^{{\mathrm{\γ}}^{\′}},D_{\mathrm{ID}}^{\′}=g^{\mathrm{\γ}\′})$

Obtain private key SK corresponding to user ID _iD.

Module four: deciphering module

User in S, as deciphering side, can be decrypted ciphertext.This module is with PKI PK, the private key SK that user ID is corresponding _iDfor inputting, output obtains message M with ciphertext CT, and concrete steps are as follows:

Step: 8: for the decrypted user in S, by the private key SK of self _iDfirst do following calculating:

$K=\frac{e(D,C_1)}{\frac{e(D_{\mathrm{ID}},C_2)}{e(D_{\mathrm{ID}},C_{\mathrm{ID}})}}=\frac{e(g^{\frac{\mathrm{\α}+\mathrm{\γ}}{\mathrm{\β}}},h^s)}{\frac{e(g^{\mathrm{\γ}}\·H{\left(\mathrm{ID}\right)}^{{\mathrm{\γ}}^{\′}},g^t)}{e(g^{\mathrm{\γ}},H\left({\left(\mathrm{ID}\right)}^t\right))}}=\frac{e(g^{\frac{\mathrm{\α}+\mathrm{\γ}}{\mathrm{\β}}},g^{\mathrm{\βs}})}{\frac{e(g^{\mathrm{\γ}},g^s)\·e(H{\left(\mathrm{ID}\right)}^{{\mathrm{\γ}}^{\′}},g^t)}{e(g^{\mathrm{\γ}},H{\left(\mathrm{ID}\right)}^t))}}$

$=\frac{e{(g,g)}^{(\mathrm{\α}+\mathrm{\γ})t}}{e{(g,g)}^{\mathrm{\γt}}}={e(g,g)}^{\mathrm{\αt}}$

Step 9: decrypted user, according to the K of upper step gained, by carrying out following computing, can calculate output message M:

$\frac{C_0}{K}=\frac{M\·e{(g,g)}^{\mathrm{\αt}}}{e{(g,g)}^{\mathrm{\αt}}}=M$

By above-mentioned module and step, we have completed the scheme that is realized IBBE by CP-ABE.

Claims (4)

1. the attribute base by ciphertext strategy is encrypted the method that realizes broadcast enciphering, it is characterized in that: it comprises four modules, be respectively initialization module, encrypting module, private key generation module and deciphering module, each module is carried out according to " initialization module " → " encrypting module " → " private key generation module " → " deciphering module " order, and implementation step is as follows:

Module one: initialization module

Private key generating center be PKG in this module using system safety parameter lambda as input, output PKI PK and master key MSK; PKI PK external disclosure, master key MSK is by PKG keeping; The specific implementation of this functions of modules is divided into three steps:

Step 1:PKG is input system security parameter λ first, then executing arithmetic g (1 ^λ), export two groups that exponent number is prime number p with a bilinear map computing

Step 2:PKG moves Generating Random Number, and selecting at random exponent number is p ₁'s a generator g in group, selects a hash function and Z _p: 0,1 ..., and two element α in p-1} territory, β is as Stochastic;

Step 3:PKG carries out following computing:

MSK＝(β，g ^α)

PK is as PKI external disclosure, and MSK is taken care of by PKG as master key;

Module two: encrypting module

Encryption side using PKI PK and message M to be encrypted and user identity S set to be received as input, obtains the ciphertext CT of output in this module after encryption; The realization of this functions of modules is divided into two steps:

Step 4: the random Z that selects in encryption side _p: 0,1 ..., an element t in p-1} territory, as index, completes following computing:

C ₀＝M·e(g，g) ^αt

C ₁＝h ^t

C ₂＝g ^t；

Step 5: for calculate:

C _ID＝H(ID) ^t

Final ciphertext is output as:

$\mathrm{CT}=(C_0,C_1,C_2,$

$\∀\mathrm{ID}\∈S:C_{\mathrm{ID}}=H{\left(\mathrm{ID}\right)}^t);$

Module three: private key generation module

In this module, PKG is using master key MSK and user identity ID as input, the private key SK of respective user identity ID _iDfor output, the private key SK obtaining _iDto send to user with secured fashion; Be implemented as follows:

Step 6:PKG moves Generating Random Number, generates at random Z _p: 0,1 ..., and two element γ in p-1} territory, γ ' is as index;

Step 7:PKG, according to the MSK and the upper step income index that generate in module one, does following computing:

${\mathrm{SK}}_{\mathrm{ID}}=(D=g^{\frac{\mathrm{\α}+\mathrm{\γ}}{\mathrm{\β}}},D_{\mathrm{ID}}=g^{\mathrm{\γ}}\·H{\left(\mathrm{ID}\right)}^{{\mathrm{\γ}}^{\′}},D_{\mathrm{ID}}^{\′}=g^{\mathrm{\γ}\′})$

Obtain private key SK corresponding to user ID _iD;

Module four: deciphering module

User in S, as deciphering side, can be decrypted ciphertext; This module is with PKI PK, the private key SK that user ID is corresponding _iDfor inputting, output obtains message M with ciphertext CT, and concrete steps are as follows:

Step: 8: for the decrypted user in S, by the private key SK of self _iDfirst do following calculating:

$K=\frac{e(D,C_1)}{\frac{e(D_{\mathrm{ID}},C_2)}{e(D_{\mathrm{ID}},C_{\mathrm{ID}})}}=\frac{e(g^{\frac{\mathrm{\α}+\mathrm{\γ}}{\mathrm{\β}}},h^s)}{\frac{e(g^{\mathrm{\γ}}\·H{\left(\mathrm{ID}\right)}^{{\mathrm{\γ}}^{\′}},g^t)}{e(g^{\mathrm{\γ}},H\left({\left(\mathrm{ID}\right)}^t\right))}}=\frac{e(g^{\frac{\mathrm{\α}+\mathrm{\γ}}{\mathrm{\β}}},g^{\mathrm{\βs}})}{\frac{e(g^{\mathrm{\γ}},g^s)\·e(H{\left(\mathrm{ID}\right)}^{{\mathrm{\γ}}^{\′}},g^t)}{e(g^{\mathrm{\γ}},H{\left(\mathrm{ID}\right)}^t))}}$

$=\frac{e{(g,g)}^{(\mathrm{\α}+\mathrm{\γ})t}}{e{(g,g)}^{\mathrm{\γt}}}={e(g,g)}^{\mathrm{\αt}};$

Step 9: decrypted user, according to the K of upper step gained, by carrying out following computing, calculates output message M:

$\frac{C_0}{K}=\frac{M\·e{(g,g)}^{\mathrm{\αt}}}{e{(g,g)}^{\mathrm{\αt}}}=M;$

By above-mentioned module and step, we have completed the scheme that is realized IBBE by CP-ABE, by using existing CP-ABE kit, can realize easily the function of identity base broadcast enciphering, have avoided unnecessary development effort.

2. a kind of attribute base by ciphertext strategy according to claim 1 is encrypted the method that realizes broadcast enciphering, it is characterized in that: at " the executing arithmetic g (1 described in step 1 ^λ) ", its way is as follows: PKG, according to the size of the security parameter λ of input, selects suitable elliptic curve: Y ²=X ³+ aX+b, a and b are coefficients; Form group according to the point on selected elliptic curve select a kind of Function Mapping e, by group in element map to group in go; Security parameter numerical value is larger, and the point on selected elliptic curve is also more, and group is also larger.

3. a kind of attribute base by ciphertext strategy according to claim 1 is encrypted the method that realizes broadcast enciphering, it is characterized in that: at " Generating Random Number " described in step 2, its way is as follows: according to selected elliptic curve: y in step 1 ²=x ³+ ax+b, selects a value x of independent variable x at random ₁, calculate the value y of corresponding dependent variable y ₁; If point (x ₁, y ₁) want, in the group of mapping, successfully to have generated random element at us; If point (x ₁, y ₁) not in group, continue to select the value of x, until find the point appearing in group.

4. a kind of attribute base by ciphertext strategy according to claim 1 is encrypted the method that realizes broadcast enciphering, it is characterized in that: at " the hash function described in step 2 " represent: the character being made up of binary number 0 and 1 is mapped to by hash function H in group.