CN105100083A - Attribute-based encryption method and attribute-based encryption system capable of protecting privacy and supporting user Undo - Google Patents
Attribute-based encryption method and attribute-based encryption system capable of protecting privacy and supporting user Undo Download PDFInfo
- Publication number
- CN105100083A CN105100083A CN201510392617.7A CN201510392617A CN105100083A CN 105100083 A CN105100083 A CN 105100083A CN 201510392617 A CN201510392617 A CN 201510392617A CN 105100083 A CN105100083 A CN 105100083A
- Authority
- CN
- China
- Prior art keywords
- prime
- ciphertext
- private key
- user
- centerdot
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an attribute-based encryption method and an attribute-based encryption system capable of protecting privacy and supporting user Undo. The attribute-based encryption system comprises eight modules including a Setup module, a KeyGen module, an Encrypt module, a Decrypt module, a ReKey module, a TKGen module, a TK-Encrypt module and a TK-Decrypt module. Moreover, the method provided by the invention can solve the problem of privacy protection in cloud computation, and support user Undo and safe outsourcing operations to a ciphertext. Meanwhile, a function of authentication to transformed ciphertext is provided, illegal substitution of the transformed ciphertext and adverse consequences caused by illegal substitution are prevented, and system flexibility is high.
Description
Technical field
The invention belongs to information security field, relate to a kind of encryption technology based on attribute, specifically a kind of user of support cancel, protection privacy of user, supported data outsourcing support the encryption method based on attribute of correctness of checking conversion ciphertext.
Background technology
Today, in the information age that computer is widely used, flourish due to network technology, the concept of cloud computing is in addition suggested in succession, and bulk information is stored in public high in the clouds and computer system has in digital form become a kind of trend.Information be conveyed through common signal channel, and these systems and common signal channel when in the air standby be very fragile, than being easier under attack and destroying, if stolen being not easy of information is found, consequence is quite serious.In today of the development of cloud computing technology, the demand of people to the worry of cloud computing data storage safety and safety measure can be further strong, so it is a kind of inevitable for data being stored in an encrypted form public high in the clouds, do not have the visitor of decrypted rights can only intercept ciphertext from public high in the clouds, and corresponding plaintext can not be obtained.Can does how about guarantee only have the user of reasonable authority decrypting ciphertext instead of provide the private key of data owner oneself or data owner and share data have authority deciphering person to those one by one?
Within 2005, the concept based on encryption attribute is introduced into, the application value special because of it and the popularity of use scenes are being subject to all circles and are more and more attracting attention, this encryption system utilizes access control structure to carry out the decryption capabilities of user in control system, and becomes one of the most effective approach.Encryption system (ABE) based on attribute can solve the problem of above-mentioned large data in cloud computing well.In this encryption system, encipherer need not know the detailed identification information of deciphering person, but has grasped a series of description attribute of deciphering person, and this description attribute is tightr than contacting of detailed identification information and user.Based in the cryptographic system of attribute, be use attribute definition access rule in ciphering process, when phase " is mated " under this access rule for key and the ciphertext of user, decrypted user just can decrypting ciphertext.In order to better represent the flexibility of system, the encryption based on attribute is divided into two classes, i.e. the encryption based on attribute (KP-ABE) of key strategy and the encryption based on attribute (CP-ABE) of Ciphertext policy.In KP-ABE, ciphertext is marked by multitude of descriptive property set, and the access strategy that the key of user and authorization center are specified is associated.In CP-ABE, the key of user is marked by multitude of descriptive property set, and the access strategy that ciphertext and encipherer specify is associated.
CP-ABE mechanism is comparatively close to the application scenarios in reality.Suppose that each user obtains key according to self-condition or attribute from authorization center, then encipherer formulates the access control to message, is more suitable for the application of access control class, as the access, electronic medical system etc. of social network sites.Basic CP-ABE scheme comprises system parameter setting (Setup), secret generating (KeyGeneration), encryption (Encryption) and deciphering (Decryption) four modules.
1. system parameter setting module (Setup)
Input security parameter σ, the open parameter p arams and main private key MK of retrieval system.
2. key production module (KeyGen)
It is that in system, user generates private key that authorization center runs key schedule.Authorization center inputs main private key MK, the descriptive attributes collection of user, calculates the private key SK that user property set is relevant
l.Here L represents the property set corresponding with user.
3. encrypting module (Encryption)
Input system open parameter p arams, message M, and access strategy W, encipherer's encryption obtains a ciphertext CT.Only have when the user property collection L be associated with private key meets access strategy W time, user could decrypting ciphertext CT.
4. deciphering module (Decryption)
Recipient inputs his decruption key SK
land ciphertext CT, deciphering obtains message M.Only have when the user property collection L be associated with private key meets access strategy W time, user could decrypting ciphertext CT.
As can be seen from above-mentioned flow process; although the encryption system based on attribute of Ciphertext policy can provide safe access control beyond the clouds; but access strategy sends to recipient together with ciphertext; recipient can decipher and will obtain relevant effective information from access strategy; any intermediate user can obtain the information of the list of potential recipient by access strategy; thus revealed the privacy of user, this is engaged in business activity to some or wishes that the encipherer protected access strategy is not the favourable thing of part.So the scheme based on attribute of a structure hiding access structure has more realistic meaning.
It can also be seen that from the flow process of above-mentioned CP-ABE scheme, authorization center is responsible for distribution private key and management attribute.In actual life, especially in present large data age, the regular change of Chang Huicun old and new users in systems in which, this with regard to the authority that requires system to change flexibly to authorize user to ensure fail safe and the flexibility of system.So the CP-ABE scheme that structure one support user cancels can improve the flexibility of system greatly.
In this day and age, the data grows in high in the clouds is accessed by resource-constrained wireless side user manyly, wireless user is sayed, calculation cost and communication cost are the factors first needing to consider, and the cost expending with communicate of traditional battery brought based on a large amount of Bilinear map computings of encryption attribute scheme in decryption oprerations is uneconomic, is contracted out to cloud and stores provider so part is calculated and carry out operating very large economy, the well system expandability and access property.May exist in actual life high in the clouds misdeed or to high in the clouds malicious attack, conversion ciphertext correctness cannot verify to there is ciphertext and illegally replaced thus cause adverse consequences.
Based on above analysis, the present inventor carries out Improvement to the existing encipherment scheme based on attribute, thus improves the flexibility of system, and ensure that the privacy of user, has more realistic meaning.
Summary of the invention
Goal of the invention: for the above-mentioned defect based on encryption attribute, a kind of completely hiding access structure is provided, supports that user cancels, supported data outsourcing also supports that the encryption method based on attribute of the correctness of ciphertext is changed in checking, the flexibility of raising system, ensure the privacy of user, reduce total communications cost of the user of wireless side, after ensure that conversion, ciphertext is not illegally replaced and avoids causing adverse consequences.
Technical scheme: a kind of secret protection and support user cancel based on encryption attribute method and system, this encryption system comprises eight modules, is specially:
System parameter setting module: the open parameter of generation system, and send to other modules; Key production module: the private key for decrypt generating user according to the community set of user; Encrypting module: for encrypting messages; Deciphering module: for decrypt; Re-encryption module: generate re-encrypted private key, and upgrade the private key of ciphertext and user; Transition key generation module: T.G Grammar key and recovery private key; Conversion portion ciphertext module: the part ciphertext on original ciphertext basis after T.G Grammar; Conversion deciphering module: for deciphering the ciphertext after conversion;
These encryption method concrete steps are as follows:
Step 1, the open parameter p arams and master key MK of initialization system;
Step 2, according to the open parameter p arams of described system, generates the private key SK of user
l;
Step 3, to be encrypted message M according to the open parameter p arams of described system and selected access strategy and to obtain ciphertext CT;
Step 4, discloses the private key SK of parameter p arams and user according to described system
lciphertext CT is decrypted and obtains message M;
Step 5, according to the open parameter p arams of described system and group private key u
xgenerate re-encrypted private key ck
vn, obtain the ciphertext CT after re-encryption
vn, and upgrade the part private key D of authorized user
2, vn;
Step 6, discloses the private key SK of parameter p arams and user according to described system
l, T.G Grammar cipher key T K
lwith recovery private key HK
l;
Step 7, according to described system open parameter p arams, original cipher text CT and transition key TK
l, the ciphertext CT ' after T.G Grammar;
Step 8, according to the ciphertext CT ' after described system open parameter p arams, original cipher text CT, conversion and recovery private key HK
l, message M is obtained to decrypt ciphertext.
Further, described step 1 also comprises:
Step 1-1, chooses Big prime p, p factorial method cyclic group G and G
t, bilinear map e:G × G → G
t; Generator g is selected, u, v, d from G;
Step 1-2, authorization center Stochastic choice
t
i,j∈ Z
p(i ∈ [1, n], j ∈ [1, n
i]),
{ α, g
α, δ }, as its private key; Calculate Y=e (g, g)
α,
define a hash function H:
here
expression set 1,2 ..., p-2, p-1};
Step 1-3, data owner selects random value
as the private key SK of data owner
dO, and calculate its PKI
be sent to public domain, SK
dOprivate key as data owner is not revealed; Here
expression set 1,2 ..., p-2, p-1};
Step 1-4, authorization center arranges initial version vn=0, and selects random value
as group private key GSK, and the user of registration will be sent under its line, calculate
public domain is sent to as group PKI;
The open parameter of system
wherein (i ∈ [1, n], j ∈ [1, n
i]), system master key is MK={ α, g
α, δ }, the private key of data owner is SK
dO={ β };
Wherein, in step 1-2, for two different user property collection L and L ', should meet
Further, described step 2 also comprises:
Step 2-1, the property set L of input user;
Step 2-2, authorization center random selecting r,
And calculate
as the private key of user, wherein t
i,j∈ L
i(i ∈ [1, n], j ∈ [1, n
i]); The user authorized is calculated simultaneously
and version number vn=0 is set; Here
expression set 1,2 ..., p-2, p-1};
The private key that authorization center is presented to user is
Further, described step 3 also comprises:
Step 3-1, encipherer selects clear-text message m ∈ G
t, a random message m ' ∈ G
t, access structure W=[W
1, W
2..., W
n], and calculate
here H is that G arrives
cryptographic Hash function;
Step 3-2, for the message m will carrying out sharing, encipherer's random selecting
and calculate
Encipherer arranges relevant properties cipher text part, if s is the root node of access structure, it is unmarked for setting all childs, mark root node is for mark, for each unlabelled non-leaf nodes recursively carries out following computing: non-leaf nodes is AND gate, and its child state is unmarked, select random value
and the value arranging last child is
and mark this node for mark; If otherwise OR-gate, the value marking the arbitrary node under this node is s, and arranges this node for mark; For leaf node, encipherer calculates as follows:
step 3-3, for will random message m ', encipherer's random selecting
and calculate
Step 3-4, encipherer arranges version number vn=0; Encrypting the ciphertext obtained is
Further, described step 4 also comprises:
Step 5-1, deciphering person checks private key SK
lwith the version number of ciphertext CT, if inconsistent, upgrade private key to authorization center application, if unanimously, then continue step below;
Step 5-2, if deciphering person does not have the attribute mated with access strategy subscript, then deciphers failure, otherwise can recover expressly by step below;
Deciphering person calculates
S=e(C
1,D
0),
Calculate
Calculate simultaneously
S′=e(C
4,D
0),
Calculate
simultaneous verification
if then output message m, otherwise export ⊥.
Further, described step 5 also comprises:
Step 5-1, authorization center receives the information that user cancels, and selects new random value
as new group private key GSK
x, wherein x is that now version number identifies, and sends to them when the validated user in system needs visit data by the line lower channel of safety; Here Z
pexpression set 1,2 ..., p-1, p};
Step 5-2, authorization center upgrades the private component of authorized user
Step 5-3, authorization center calculates re-encrypted private key and is
and sending to cloud to store provider, cloud stores the new ciphertext CT that provider's calculated version number is vn=x
vn;
For the Part I CT of ciphertext
own1, vn, calculate as follows:
Similarly, for the Part II CT of ciphertext
own2, vn, calculate as follows:
Ciphertext CT after renewal
vn={ CT
own1, vn, CT
own2, vnas follows:
Further, described step 6 also comprises:
Step 6-1, authorization center selects random value
with the private key of system common parameter params and user
As input, and calculate transition key and be
And preserve HK
l=z as recovery key to user, wherein, Z
pexpression set 1,2 ..., p-1, p}.
Further, described step 7 also comprises:
Step 7-1, cloud stores provider by ciphertext CT={CT
own1, CT
own2and transition key TK
l={ D
0', D
2', { D
i, 1', D
i, 2'
i ∈ [1, n]as input, the part ciphertext calculated after conversion is as follows:
After exporting conversion, ciphertext is as follows:
Described step 8 also comprises:
Step 8-1, it is as follows that deciphering person carries out inspection, if
k
1≠ C
0, K
2≠ C
3, then ⊥ is exported; Otherwise the step continued below;
Step 8-2, if deciphering person does not have the attribute mated with access strategy subscript, then deciphers failure, otherwise can recover expressly by step below; 6 deciphering persons calculate m=K
1/ K '
own1 z, m '=K
2/ K '
own2 z, and verify K '=u
h (m)v
h (m ')d carrys out correct decrypting ciphertext CT and obtains message m; Otherwise algorithm failure also exports ⊥.
The mathematical knowledge explanation that the present invention is used:
1, Bilinear map (BilinearPairing)
The character that the basic definition briefly introducing bilinear map need meet with it.
Make G, G
tbe the multiplication loop group on two p rank, wherein p is prime number, and g is the generator of G.The bilinear map defined on two groups is: e:G × G → G
t, and meet character below:
(1) bilinearity: e (g
a, g
b)=e (g, g)
ab, to all g ∈ G, a, b ∈ Z
pall set up.
(2) non-degeneracy: e (g, g) ≠ 1.
(3) computability: there is efficient algorithm to calculate e (g, g), all sets up all g ∈ G.
2, access structure (AccessStructure)
If { P
1, P
2..., P
nit is the set of n participant.If
represent the set that the subset gathered by participant is formed, B, C represent the subset that participant gathers, for all B, C: if B ∈ A and
so
then say that A is a dull access structure.The subset belonging to the participant of A is called authorization set, and the subset not belonging to the participant of A is called unauthorized collection.
3, the supposition of bilinearity DH (DecisionalBilinearDiffie-Hellman) difficult problem is judged
Given p rank cyclic group G, wherein p is prime number, and g is the generator of G.DBDH problem then on group G is: known t
1, t
2, t
3, z is from Z
prandom selecting, distinguish with the probability of can not ignore
With
These two tuples.Here Z
pexpression set 1,2 ..., p-1, p}.
Beneficial effect: compared with prior art, a kind of encryption method based on attribute provided by the present invention, compared with the common encryption method based on attribute, supports user and cancels, improve the flexibility of system.In addition, this encipherment scheme reaches hides access structure completely to protect the privacy of user, prevents the user of malice from obtaining the property value needed for decrypted user by access strategy, thus obtains the privacy information of user.The also supported data outsourcing of this encipherment scheme, and the correctness supporting checking conversion ciphertext, thus reduce total communications cost of the user of wireless side, and after ensure that conversion, ciphertext is not illegally replaced and avoids causing adverse consequences.Therefore a kind of encryption method based on attribute provided by the present invention is a kind of safe and effective flexibly based on the encryption method of attribute.
Accompanying drawing explanation
Fig. 1 is the operating diagram of encryption system of the present invention;
Fig. 2 is the flow chart of encryption method of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments, illustrate the present invention further.
Below in conjunction with accompanying drawing, detailed process of the present invention is described.
As shown in Figure 1, a kind of ABE system provided by the invention comprises following eight modules:
1. system parameter setting module (Setup): input security parameter κ, the open parameter p arams and master key MK of retrieval system.
2. key production module (KeyGen): authorization center is run key schedule and generated private key for user.The open parameter p arams of authorization center input system, a descriptive attributes collection L, calculates the private key SK that user is associated with property set L
l.
3. encrypting module (Encrypt): the open parameter p arams of input system, message m, access strategy W, encipherer's encryption obtains a ciphertext CT.To only have when the user property collection L be associated with private key meets access strategy and by ciphertext verification of correctness, user could decrypting ciphertext CT.
4. deciphering module (Decrypt): recipient inputs decruption key SK
land ciphertext CT, deciphering obtains message m.
5. re-encryption module (ReKey): authorization center is according to described system open parameter p arams, master key MK, group private key u
xgenerate re-encrypted private key ck
vn, obtain the ciphertext CT after re-encryption
vn, and upgrade the part private key D of authorized user
2, vn.
6. transition key generation module (TKGen): authorization center discloses the private key SK of parameter p arams and user according to system
l, T.G Grammar cipher key T K
lwith recovery private key HK
l.
7. conversion portion ciphertext module (TK-Encrypt): system open parameter p arams, original cipher text CT and transition key TK
l, the ciphertext CT ' after T.G Grammar.
8. change deciphering module (TK-DEcrypt): authorization center is according to the ciphertext CT ' after system open parameter p arams, original cipher text CT, conversion and recover private key HK
l, message M is obtained to decrypt ciphertext.
The modules of flow chart to this encryption system below in conjunction with this method is specifically described.
As shown in Figure 2, a kind of execution of the encryption method based on attribute flow process provided by the invention is specific as follows:
The system parameter setting modules A of this system specifically comprises following operation, it is characterized in that described step 1 comprises:
Choose Big prime p, p factorial method cyclic group G and G
t, bilinear map e:G × G → G
t.Generator g is selected, u, v, d from G.
Authorization center Stochastic choice
t
i,j∈ Z
p(i ∈ [1, n], j ∈ [1, n
i]), { α, g
α, δ }, as its private key.Calculate Y=e (g, g)
α,
define a hash function
here
expression set 1,2 ..., p-2, p-1}.
Data owner selects random value
as the private key SK of data owner
dO, and calculate its PKI
be sent to public domain, SK
dOprivate key as data owner is not revealed.Here
expression set 1,2 ..., p-2, p-1}.
Authorization center arranges initial version vn=0, and selects random value
as group private key GSK, and
(i ∈ [1, n], j ∈ [1, n
i]), system master key is MK={ α, g
α, δ }, the private key of data owner is SK
dO={ β }.
In step 1-3, for two different user property collection L and L ', should meet
Key production module B specifically comprises following operation:
The property set of user is L.
Authorization center random selecting
And calculate
Do
For the private key of user, wherein t
i,j∈ L
i(i ∈ [1, n], j ∈ [1, n
i]).The user authorized is calculated simultaneously
and version number vn=0 is set.Here
expression set 1,2 ..., p-2, p-1}.
The private key that authorization center is presented to user is
Encrypting module C specifically comprises following operation:
Encipherer selects clear-text message m ∈ G
t, a random message m ' ∈ G
t, access structure W=[W
1, W
2..., W
n], and calculate
here H is that G arrives
cryptographic Hash function.
For the message m will carrying out sharing, encipherer's random selecting
and calculate
c
1=g
β s, C
2=g
δ s.Encipherer arranges relevant properties cipher text part, if s is the root node of access structure, it is unmarked for setting all childs, mark root node is for mark, for each unlabelled non-leaf nodes recursively carries out following computing: non-leaf nodes is AND gate, and its child state is unmarked, select random value
and the value arranging last child is
and mark this node for mark.If otherwise OR-gate, the value marking the arbitrary node under this node is s, and arranges this node for mark.For leaf node, encipherer calculates as follows:
For will random message m ', encipherer's random selecting
and calculate
c
4=g
β s ', C
5=g
δ s '.Encipherer arranges relevant properties cipher text part, if the root node that s ' is access structure, it is unmarked for setting all childs, mark root node is for mark, for each unlabelled non-leaf nodes recursively carries out following computing: non-leaf nodes is AND gate, and its child state is unmarked, select random value
and the value arranging last child is
and mark this node for mark.If otherwise OR-gate, the value marking the arbitrary node under this node is s ', and arranges this node for mark.For leaf node, encipherer calculates as follows:
here
expression set 1,2 ..., p-2, p-1}.
Encipherer arranges version number vn=0.Encrypting the ciphertext obtained is
Deciphering module D specifically comprises following operation:
Deciphering person checks private key SK
lwith the version number of ciphertext CT, if inconsistent, upgrade private key to authorization center application, if unanimously, then continue step below.
If deciphering person does not have the attribute mated with access strategy subscript, then decipher failure, otherwise can be recovered expressly by step below.
Deciphering person calculates
S=e(C
1,D
0),
Calculate
Calculate simultaneously
S′=e(C
4,D
0),
Calculate
simultaneous verification
if then output message m, otherwise export ⊥.
Re-encryption module E specifically comprises following operation:
Authorization center receives the information that user cancels, and selects new random value
as new group private key GSK
x, wherein x is that now version number identifies, and sends to them when the validated user in system needs visit data by the line lower channel of safety.Here Z
pexpression set 1,2 ..., p-1, p}.
Authorization center upgrades the private component of authorized user
Authorization center calculates re-encrypted private key
and sending to cloud to store provider, cloud stores the new ciphertext CT that provider's calculated version number is vn=x
vn.
For the Part I CT of ciphertext
own1, vn, calculate as follows:
Similarly, for the Part II CT of ciphertext
own2, vn, calculate as follows:
Ciphertext CT after renewal
vn={ CT
own1, vn, CT
own2, vnas follows:
Transition key generation module F specifically comprises following operation:
Authorization center selects random value
with the private key of system common parameter params and user
for recovering key to user.Here Z
pexpression set 1,2 ..., p-1, p}.
Conversion portion ciphertext module specifically comprises following operation:
Cloud stores provider by ciphertext CT={CT
own1, CT
own2and transition key TK
l={ D
0', D
2', { D
i, 1', D
i, 2'
i ∈ [1, n]as input, the part ciphertext calculated after conversion is as follows:
After exporting conversion, ciphertext is as follows:
Conversion deciphering module specifically comprises following operation:
It is as follows that deciphering person carries out inspection, if
k
1≠ C
0, K
2≠ C
3, then ⊥ is exported.Otherwise the step continued below.
If deciphering person does not have the attribute mated with access strategy subscript, then decipher failure, otherwise can be recovered expressly by step below.Deciphering person calculates m=K
1/ K '
own1 z, m '=K
2/ K '
own2 z, and verify K '=u
h (m)v
h (m ')d carrys out correct decrypting ciphertext CT and obtains message m.Otherwise algorithm failure also exports ⊥.
More than set forth and describe general principle of the present invention, major advantage and operating procedure.
Below the situation be applied in cloud computing ABE system as above is described.
According to step of the present invention, when data will be stored into public high in the clouds by user A time, authorization center executing arithmetic obtains common parameter params, and user A formulates an access strategy W and is encrypted the data that will store under common parameter params.When certain user B wants the data of accessing this user encryption, he first according to self attributes to authorization center application private key, if when the community set of user B meets the access strategy and verification of correctness by ciphertext that encipherer formulates, B can utilize the private key of oneself, common parameter params is decrypted ciphertext and obtains expressly.Supposing the system Central Plains has user C, D to leave office, and authorization center needs to carry out re-encryption to ensure security of system to the ciphertext of the decrypted rights that C, D have, and is that in system, other users upgrade private key.Because this programme can hide access strategy completely, therefore namely deciphering person allows to decipher the occurrence of also not knowing access strategy, thus protects the privacy of user.In addition, supported data outsourcing is gone back in this programme support, and provides the verification of correctness function to conversion ciphertext, thus reduces total communications cost of the user of wireless side, and after ensure that conversion, ciphertext is not illegally replaced and avoids causing adverse consequences, improves the flexibility of system.
Those of ordinary skill in the art should understand, and the present invention does not limit by above-mentioned example, and the description of above-mentioned example, just for general principle of the present invention and feature are described, the basis of above-mentioned example can be associated other advantage and distortion easily.Not deviating from the scope of present inventive concept, the technical scheme that those of ordinary skill in the art can be obtained by various equivalent replacement according to above-mentioned instantiation, but within these technical schemes scope that all should be included in claim of the present invention and equivalent scope thereof.
Claims (9)
1. secret protection and support user cancel based on an encryption attribute method and system, it is characterized in that: this encryption system comprises eight modules, is specially:
System parameter setting module: the open parameter of generation system, and send to other modules;
Key production module: the private key for decrypt generating user according to the community set of user;
Encrypting module: for encrypting messages;
Deciphering module: for decrypt;
Re-encryption module: generate re-encrypted private key, and upgrade the private key of ciphertext and user;
Transition key generation module: T.G Grammar key and recovery private key;
Conversion portion ciphertext module: the part ciphertext on original ciphertext basis after T.G Grammar;
Conversion deciphering module: for deciphering the ciphertext after conversion;
These encryption method concrete steps are as follows:
Step 1, the open parameter p arams and master key MK of initialization system;
Step 2, according to the open parameter p arams of described system, generates the private key SK of user
l;
Step 3, to be encrypted message M according to the open parameter p arams of described system and selected access strategy and to obtain ciphertext CT;
Step 4, discloses the private key SK of parameter p arams and user according to described system
lciphertext CT is decrypted and obtains message M;
Step 5, according to the open parameter p arams of described system and group private key u
xgenerate re-encrypted private key ck
vn, obtain the ciphertext CT after re-encryption
vn, and upgrade the part private key D of authorized user
2, vn;
Step 6, discloses the private key SK of parameter p arams and user according to described system
l, T.G Grammar cipher key T K
lwith recovery private key HK
l;
Step 7, according to described system open parameter p arams, original cipher text CT and transition key TK
l, the ciphertext CT ' after T.G Grammar;
Step 8, according to the ciphertext CT ' after described system open parameter p arams, original cipher text CT, conversion and recovery private key HK
l, message M is obtained to decrypt ciphertext.
2. a kind of secret protection according to claim 1 and support user cancel based on encryption attribute method and system, it is characterized in that: described step 1 also comprises:
Step 1-1, chooses Big prime p, p factorial method cyclic group G and G
t, bilinear map e:G × G → G
t; Generator g is selected, u, v, d from G;
Step 1-2, authorization center Stochastic choice
t
i,j∈ Z
p(i ∈ [1, n], j ∈ [1, n
i]), { α, g
α, δ }, as its private key; Calculate Y=e (g, g)
α,
define a hash function
here
expression set 1,2 ..., p-2, p-1};
Step 1-3, data owner selects random value
as the private key SK of data owner
dO, and calculate its PKI
be sent to public domain, SK
dOprivate key as data owner is not revealed; Here
expression set 1,2 ..., p-2, p-1};
Step 1-4, authorization center arranges initial version vn=0, and selects random value
as group private key GSK, and the user of registration will be sent under its line, calculate
public domain is sent to as group PKI;
The open parameter of system
Wherein (i ∈ [1, n], j ∈ [1, n
i]), system master key is MK={ α, g
α, δ }, the private key of data owner is SK
dO={ β };
Wherein, in step 1-2, for two different user property collection L and L ', should meet
3. a kind of secret protection according to claim 1 and support user cancel based on encryption attribute method and system, it is characterized in that: described step 2 also comprises:
Step 2-1, the property set L of input user;
Step 2-2, authorization center random selecting
And calculate
as the private key of user, wherein t
i,j∈ L
i(i ∈ [1, n], j ∈ [1, n
i]); The user authorized is calculated simultaneously
and version number vn=0 is set; Here
expression set 1,2 ..., p-2, p-1};
The private key that authorization center is presented to user is
4. a kind of secret protection according to claim 1 and support user cancel based on encryption attribute method and system, it is characterized in that: described step 3 also comprises:
Step 3-1, encipherer selects clear-text message m ∈ G
t, a random message m ' ∈ G
t, access structure W=[W
1, W
2..., W
n], and calculate
here H is that G arrives
cryptographic Hash function;
Step 3-2, for the message m will carrying out sharing, encipherer's random selecting
and calculate
C
1=g
β s, C
2=g
δ s; Encipherer arranges relevant properties cipher text part, if s is the root node of access structure, it is unmarked for setting all childs, mark root node is for mark, for each unlabelled non-leaf nodes recursively carries out following computing: non-leaf nodes is AND gate, and its child state is unmarked, select random value
and the value arranging last child is
and mark this node for mark; If otherwise OR-gate, the value marking the arbitrary node under this node is s, and arranges this node for mark; For leaf node, encipherer calculates as follows:
Step 3-3, for will random message m ', encipherer's random selecting
and calculate
C
4=g
β s ', C
5=g
δ s '; Encipherer arranges relevant properties cipher text part, if the root node that s ' is access structure, it is unmarked for setting all childs, mark root node is for mark, for each unlabelled non-leaf nodes recursively carries out following computing: non-leaf nodes is AND gate, and its child state is unmarked, select random value
and the value arranging last child is
and mark this node for mark; If otherwise OR-gate, the value marking the arbitrary node under this node is s ', and arranges this node for mark; For leaf node, encipherer calculates as follows:
here
expression set 1,2 ..., p-2, p-1};
Step 3-4, encipherer arranges version number vn=0; Encrypting the ciphertext obtained is
5. a kind of secret protection according to claim 1 and support user cancel based on encryption attribute method and system, it is characterized in that: described step 4 also comprises:
Step 5-1, deciphering person checks private key SK
lwith the version number of ciphertext CT, if inconsistent, upgrade private key to authorization center application, if unanimously, then continue step below;
Step 5-2, if deciphering person does not have the attribute mated with access strategy subscript, then deciphers failure, otherwise can recover expressly by step below;
Deciphering person calculates
S=e(C
1,D
0),
Calculate
Calculate simultaneously
S′=e(C
4,D
0),
Calculate
simultaneous verification
if then output message m, otherwise export ⊥.
6. a kind of secret protection according to claim 1 and support user cancel based on encryption attribute method and system, it is characterized in that: described step 5 also comprises:
Step 5-1, authorization center receives the information that user cancels, and selects new random value
as new group private key GSK
x, wherein x is that now version number identifies, and sends to them when the validated user in system needs visit data by the line lower channel of safety; Here Z
pexpression set 1,2 ..., p-1, p};
Step 5-2, authorization center upgrades the private component of authorized user
Step 5-3, authorization center calculates re-encrypted private key and is
and sending to cloud to store provider, cloud stores the new ciphertext CT that provider's calculated version number is vn=x
vn;
For the Part I CT of ciphertext
own1, vn, calculate as follows:
Similarly, for the Part II CT of ciphertext
own2, vn, calculate as follows:
Ciphertext CT after renewal
vn={ CT
own1, vn, CT
own2, vnas follows:
7. a kind of secret protection according to claim 1 and support user cancel based on encryption attribute method and system, it is characterized in that: described step 6 also comprises:
Step 6-1, authorization center selects random value
with the private key of system common parameter params and user
As input, and calculate transition key and be
And preserve HK
l=z as recovery key to user, wherein, Z
pexpression set 1,2 ..., p-1, p}.
8. a kind of secret protection according to claim 1 and support user cancel based on encryption attribute method and system, it is characterized in that: described step 7 also comprises:
Step 7-1, cloud stores provider by ciphertext CT={CT
own1, CT
own2and transition key TK
l={ D
0', D
2', { D
i, 1', D
i, 2'
i ∈ [1, n]as input, the part ciphertext calculated after conversion is as follows:
After exporting conversion, ciphertext is as follows:
9. a kind of secret protection according to claim 1 and support user cancel based on encryption attribute method and system, it is characterized in that: described step 8 also comprises:
Step 8-1, it is as follows that deciphering person carries out inspection, if
k
1≠ C
0, K
2≠ C
3, then ⊥ is exported; Otherwise the step continued below;
Step 8-2, if deciphering person does not have the attribute mated with access strategy subscript, then deciphers failure, otherwise can recover expressly by step below; 6 deciphering persons calculate m=K
1/ K '
own1 z, m '=K
2/ K '
own2 z, and verify K '=u
h (m)v
h (m ')d carrys out correct decrypting ciphertext CT and obtains message m; Otherwise algorithm failure also exports ⊥.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510392617.7A CN105100083B (en) | 2015-07-06 | 2015-07-06 | A kind of secret protection and support user's revocation based on encryption attribute method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510392617.7A CN105100083B (en) | 2015-07-06 | 2015-07-06 | A kind of secret protection and support user's revocation based on encryption attribute method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105100083A true CN105100083A (en) | 2015-11-25 |
CN105100083B CN105100083B (en) | 2019-04-30 |
Family
ID=54579630
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510392617.7A Active CN105100083B (en) | 2015-07-06 | 2015-07-06 | A kind of secret protection and support user's revocation based on encryption attribute method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105100083B (en) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105530087A (en) * | 2015-12-28 | 2016-04-27 | 北京航空航天大学 | Attribute-based encryption method of adaptive chosen ciphertext security |
CN105848139A (en) * | 2016-03-17 | 2016-08-10 | 安徽大学 | Privacy protection query processing method based on position and oriented to mobile cloud platform |
CN105933287A (en) * | 2016-04-05 | 2016-09-07 | 江苏电力信息技术有限公司 | Protection method of mobile security data |
CN106101131A (en) * | 2016-07-06 | 2016-11-09 | 杨炳 | A kind of encryption system realizing supporting fine-granularity access control |
CN106209357A (en) * | 2016-07-06 | 2016-12-07 | 杨炳 | A kind of ciphertext based on cloud computing platform accesses control system |
CN106487659A (en) * | 2016-10-20 | 2017-03-08 | 宇龙计算机通信科技(深圳)有限公司 | Information ciphering method and device, information decryption method and device and terminal |
CN106656997A (en) * | 2016-11-09 | 2017-05-10 | 湖南科技学院 | Mobile social network based agent proxy re-encryption cross-domain friend-making privacy protection method |
CN106790185A (en) * | 2016-12-30 | 2017-05-31 | 深圳市风云实业有限公司 | Authority based on CP ABE dynamically updates concentrates information security access method and device |
CN105848139B (en) * | 2016-03-17 | 2019-07-16 | 安徽大学 | Privacy protection query processing method based on position and oriented to mobile cloud platform |
CN110855613A (en) * | 2019-10-12 | 2020-02-28 | 湖南大学 | Outsourcing revocation method and system in attribute-based encryption system |
CN111431715A (en) * | 2020-03-30 | 2020-07-17 | 中南民族大学 | Policy control signature method supporting privacy protection |
CN111641501A (en) * | 2020-04-27 | 2020-09-08 | 国网山东省电力公司 | Attribute encryption method for removing bilinear pairings |
CN111680306A (en) * | 2020-03-31 | 2020-09-18 | 贵州大学 | Attribute-based collaborative access control revocation method |
CN113452706A (en) * | 2021-06-28 | 2021-09-28 | 长沙学院 | Attribute encryption method and system supporting numerical attribute comparison access strategy |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104363215A (en) * | 2014-11-04 | 2015-02-18 | 河海大学 | Encryption method and system based on attributes |
CN104580205A (en) * | 2015-01-05 | 2015-04-29 | 南京邮电大学 | CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing |
CN104717297A (en) * | 2015-03-30 | 2015-06-17 | 上海交通大学 | Safety cloud storage method and system |
CN104753947A (en) * | 2015-04-02 | 2015-07-01 | 河海大学 | Attribute-based verifiable outsourcing decryption system and method with fixed ciphertext length |
-
2015
- 2015-07-06 CN CN201510392617.7A patent/CN105100083B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104363215A (en) * | 2014-11-04 | 2015-02-18 | 河海大学 | Encryption method and system based on attributes |
CN104580205A (en) * | 2015-01-05 | 2015-04-29 | 南京邮电大学 | CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing |
CN104717297A (en) * | 2015-03-30 | 2015-06-17 | 上海交通大学 | Safety cloud storage method and system |
CN104753947A (en) * | 2015-04-02 | 2015-07-01 | 河海大学 | Attribute-based verifiable outsourcing decryption system and method with fixed ciphertext length |
Non-Patent Citations (2)
Title |
---|
GUO SHANQING,ET AL.: "Attribute-Based Re-Encryption Scheme in the Standard Model", 《WUHAN UNIVERSITY JOURNAL OF NATURAL SCIENCES》 * |
JUNZUO LAI: "Attribute-based encryption with verifable outsourced", 《IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY》 * |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105530087B (en) * | 2015-12-28 | 2019-05-10 | 北京航空航天大学 | The attribute base encryption method of adaptability selection ciphertext safety |
CN105530087A (en) * | 2015-12-28 | 2016-04-27 | 北京航空航天大学 | Attribute-based encryption method of adaptive chosen ciphertext security |
CN105848139A (en) * | 2016-03-17 | 2016-08-10 | 安徽大学 | Privacy protection query processing method based on position and oriented to mobile cloud platform |
CN105848139B (en) * | 2016-03-17 | 2019-07-16 | 安徽大学 | Privacy protection query processing method based on position and oriented to mobile cloud platform |
CN105933287A (en) * | 2016-04-05 | 2016-09-07 | 江苏电力信息技术有限公司 | Protection method of mobile security data |
CN106209357A (en) * | 2016-07-06 | 2016-12-07 | 杨炳 | A kind of ciphertext based on cloud computing platform accesses control system |
CN106101131A (en) * | 2016-07-06 | 2016-11-09 | 杨炳 | A kind of encryption system realizing supporting fine-granularity access control |
CN106487659A (en) * | 2016-10-20 | 2017-03-08 | 宇龙计算机通信科技(深圳)有限公司 | Information ciphering method and device, information decryption method and device and terminal |
CN106656997A (en) * | 2016-11-09 | 2017-05-10 | 湖南科技学院 | Mobile social network based agent proxy re-encryption cross-domain friend-making privacy protection method |
CN106656997B (en) * | 2016-11-09 | 2019-06-18 | 湖南科技学院 | One kind being based on the cross-domain friend-making method for secret protection of mobile social networking proxy re-encryption |
CN106790185A (en) * | 2016-12-30 | 2017-05-31 | 深圳市风云实业有限公司 | Authority based on CP ABE dynamically updates concentrates information security access method and device |
CN110855613A (en) * | 2019-10-12 | 2020-02-28 | 湖南大学 | Outsourcing revocation method and system in attribute-based encryption system |
CN111431715A (en) * | 2020-03-30 | 2020-07-17 | 中南民族大学 | Policy control signature method supporting privacy protection |
CN111680306A (en) * | 2020-03-31 | 2020-09-18 | 贵州大学 | Attribute-based collaborative access control revocation method |
CN111680306B (en) * | 2020-03-31 | 2023-04-25 | 贵州大学 | Cooperative access control revocation method based on attribute |
CN111641501A (en) * | 2020-04-27 | 2020-09-08 | 国网山东省电力公司 | Attribute encryption method for removing bilinear pairings |
CN111641501B (en) * | 2020-04-27 | 2022-04-19 | 国网山东省电力公司 | Attribute encryption method for removing bilinear pairings |
CN113452706A (en) * | 2021-06-28 | 2021-09-28 | 长沙学院 | Attribute encryption method and system supporting numerical attribute comparison access strategy |
CN113452706B (en) * | 2021-06-28 | 2022-05-03 | 长沙学院 | Attribute encryption method and system supporting numerical attribute comparison access strategy |
Also Published As
Publication number | Publication date |
---|---|
CN105100083B (en) | 2019-04-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105100083A (en) | Attribute-based encryption method and attribute-based encryption system capable of protecting privacy and supporting user Undo | |
CN104486315B (en) | A kind of revocable key outsourcing decryption method based on contents attribute | |
CN104363215B (en) | A kind of encryption method and system based on attribute | |
CN108881314B (en) | Privacy protection method and system based on CP-ABE ciphertext under fog computing environment | |
CN1910848B (en) | Efficient management of cryptographic key generations | |
WO2018046008A1 (en) | Storage design method of blockchain encrypted radio frequency chip | |
CN108512662A (en) | The hiding multimachine structure encryption method of support policy on a kind of lattice | |
CN104584509A (en) | An access control method, a device and a system for shared data | |
CN103618729A (en) | Multi-mechanism hierarchical attribute-based encryption method applied to cloud storage | |
CN105306194B (en) | For encrypted file and/or the multiple encryption method and system of communications protocol | |
CN105245328A (en) | User and file key generation and management method based on third party | |
CN102567688B (en) | File confidentiality keeping system and file confidentiality keeping method on Android operating system | |
CN104468615A (en) | Data sharing based file access and permission change control method | |
CN1939028A (en) | Accessing protected data on network storage from multiple devices | |
CN104158880B (en) | User-end cloud data sharing solution | |
CN115296817B (en) | Data access control method based on block chain technology and attribute encryption | |
CN107070660A (en) | A kind of design Storage method of block chain encrypted radio-frequency chip | |
CN106612169A (en) | Safe data sharing method in cloud environment | |
CN107135062A (en) | A kind of encryption method of improved big file | |
CN105721146B (en) | A kind of big data sharing method towards cloud storage based on SMC | |
CN106059763A (en) | Attribute-based multi-mechanism hierarchical ciphertext-policy weight encryption method under cloud environment | |
CN104135473A (en) | A method for realizing identity-based broadcast encryption by ciphertext-policy attribute-based encryption | |
CN101582760A (en) | Key encrypting and storing method based on tree structure | |
CN113411323B (en) | Medical record data access control system and method based on attribute encryption | |
CN108462575A (en) | Upload data ciphering method based on no trusted party thresholding Hybrid Encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |