CN105635135A - Encryption system based on attribute sets and relational predicates and access control method - Google Patents

Encryption system based on attribute sets and relational predicates and access control method Download PDF

Info

Publication number
CN105635135A
CN105635135A CN201511000960.9A CN201511000960A CN105635135A CN 105635135 A CN105635135 A CN 105635135A CN 201511000960 A CN201511000960 A CN 201511000960A CN 105635135 A CN105635135 A CN 105635135A
Authority
CN
China
Prior art keywords
user
attribute
access
key
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201511000960.9A
Other languages
Chinese (zh)
Other versions
CN105635135B (en
Inventor
朱岩
路红英
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Technology
University of Science and Technology Beijing USTB
Original Assignee
University of Science and Technology Beijing USTB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Science and Technology Beijing USTB filed Critical University of Science and Technology Beijing USTB
Priority to CN201511000960.9A priority Critical patent/CN105635135B/en
Publication of CN105635135A publication Critical patent/CN105635135A/en
Application granted granted Critical
Publication of CN105635135B publication Critical patent/CN105635135B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0847Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Abstract

The invention discloses an encryption system based on attribute sets and relational predicates and an access control method. The method comprises the following steps of: 1) outputting a public key mpk and a master key msk of a security encryption system according to a given security parameter k; 2) for each given attribute set, generating the public key pki and a private key ski of the attribute set through msk, adding the pki into the mpk, and adding the ski into the msk, wherein attributes or identifications having the same properties are in the same data set; 3) generating a private key sk(k) for a user according to an identify attribute value list input by the user; 4) encrypting a data resource M according to the mpk and an access strategy, and obtaining a ciphertext C[phi]; and 5) judging, by the system, whether the user can access the data resource M according to the identify attribute value list input by the user, if so, encrypting the C[phi] according to the user private key. The encryption system based on attribute sets and relational predicates and the access control method can greatly improve the security and access efficiency of the access control.

Description

A kind of encryption system based on attribute collection and relation predicate and access control method
Technical field:
The present invention relates to areas of information technology, in particular to a kind of encryption system based on attribute collection and relation predicate and access control method.
Background technology:
Along with the development of network technology; more and more new network forms and system are emerged in large numbers one after another; comprise: thing networking, mobile Internet, cloud computing, service compute etc.; be characterized in data increasingly numerous and diverse huge, opening expands day by day, data mobility increase; this result also in secret protection and the sharing problem of some new network security problems, particularly user data and information. On the one hand our open network impels the exchange of information and shares more convenient, and on the other hand, uncontrolled message exchange must bring the illegal acts such as a series of data abuses, infringement with sharing.
Traditional network technology, particularly encryption and authentication techniques can not meet the needs of existing network, mainly open increase so that traditional protection border disappears; Meanwhile, the increase of data sharing scope, conventional cipher system also cannot meet the needs of information sharing on a large scale. It can thus be seen that conventional cipher technology cannot solve previous security problem. Therefore, how to realize the secret protection of data and effective information sharing simultaneously, become the key problem that internet is in the urgent need to address.
Access control is the important means realizing user data secret He carrying out secret protection. In order to solve the problem, the novel cipher access control technology that one is called as " encryption of attribute base " is suggested. So-called attribute base encryption just refers to that a kind of is a community set by the identification presentation of user, enciphered data is then associated with access control structure, user can decrypting ciphertext, depend on whether the access control structure that the community set associated by ciphertext is corresponding with user's identity mates. Specifically, the encryption of attribute base has following character:
1) one group " attribute " is adopted to conduct interviews the expression of main body;
2) flexible policy towards attribute is adopted to carry out authorizing judgement;
3) by supporting that the encryption method of property policy realizes data protection;
4) realize authorizing by distributing user attribute key;
5) judgement whether deciphered is realized by attribute key and tactful the mating of ciphertext access.
Attribute base encryption essence is a kind of access authorization and authentication service technology, ensures that unauthorized user does not have qualification to access specific data. The encryption of attribute base belongs to public-key cryptography scheme, its towards deciphering to as if a colony, instead of single user, it uses the PKI of combinations of attributes as colony of colony, and all users send data to colony and use identical PKI.
Such as, the access strategy of an attribute base encryption is (" Peking University " OR " University of Science & Technology, Beijing ") AND " 2015 " AND " the degree council " AND (NOT " biological institute " ANDNOT " chemistry institute ")
The encryption of existing attribute base is all adopt character string to generate access strategy, and all attributes are all isolated, can not define attribute relation each other, support AND, OR and simple non-logic simultaneously. It realizes being adopt strict string matching mode, and namely user only has one group of character string as attribute-bit.
By upper example it will be seen that the encryption of existing attribute base exists following problem:
1) " community set " concept that kind attributes is formed is not supported, but all attributes all adopt character string to represent;
2) " belonging to " and " not belonging to " operation not supporting to gather, only supports to equal operation.
For the problems referred to above that the encryption of current attribute base exists, the present invention proposes one and support that the community set in " community set " concept and cryptography operates. Concrete patent content brief introduction is as follows:
1) supporting the concept of attribute collection, attribute value namely of the same type forms a set;
2) scale of not limitations set, such as global all cities form " city " collection, and each city is called an attribute value, it is possible to represented by character string, numeral etc.;
3) support that between set value, " belonging to ", " not belonging to ", " equaling ", " being not equal to " etc. operate.
The present invention is a kind of vast improvement to existing attribute base encryption function. Such as, in previous example, we can set up the set of attribute value below:
Big formal name used at school :=..., " Peking University ", " University of Science & Technology, Beijing ", " Tsing-Hua University " ...,
Department :=..., " biological institute ", " chemistry institute ", " Information Institute " ...,
Time :=..., 2013,2014,2015,2016 ...,
Role :=..., " professor's meeting ", " the academic council ", " the degree council " ....
Corresponding to this, we can be for any resource (comprising file, storage space, network channel, process etc.) redefines above-mentioned security strategy
(big formal name used at school �� { " Peking University ", " University of Science & Technology, Beijing " } AND time=2015AND role=" the degree council " AND department{ " biological institute ", " chemistry institute " }).
By above-mentioned definition, assume that a user has following identity attribute: { big formal name used at school :=" University of Science & Technology, Beijing ", time :=2015, role :=" the degree council ", department :=" Information Institute " }, this represents that this user held a post in the mathematics institute of University of Science & Technology, Beijing in 2015, and is degree council committee member. Obviously, the identity of this user by the certification of above-mentioned security strategy, therefore, can be accessed being allowed to by the resource of above-mentioned strategy encryption.
Obviously, our method can produce more simple security policy expression clearly, and meanwhile, AND/OR operates number and reduces to 3 by original 5, and attribute value compares and reduced to 4 by original 6. Therefore, calculated amount also has significant reduction. In view of the safety problem in network application new in recent years and demand cause extensive concern day by day, institute's contrive equipment certainly leads to huge prograding for solution for the development of internet and the communication technology.
Summary of the invention:
For the technical problem existed in prior art, it is an object of the invention to provide a kind of encryption system based on attribute collection and relation predicate and access control method.
The technical scheme of the present invention is:
A kind of based on the encryption system access control method of attribute collection and relation predicate, the steps include:
According to given security parameter k, the PKI mpk and main key msk of output safety encryption system;
2) for each given attribute collection Ai={ vi1,...,vim, the PKI pk of this attribute collection is generated by main key mskiWith private key ski, and by PKI pkiJoin in PKI mpk, private key skiAdd in main key msk; Wherein, attribute or the mark with same nature are positioned at same data centralization, and each attribute collection has a unique name, and each attribute or mark in attribute collection are called an attribute value, vimIt is i-th attribute collection AiIn the m attribute value;
3) according to the identity attribute value list ��={ v of user's inputij��AiGenerate a private key for user sk for this user(k);
4) for data resource M arranges an access strategy ��; According to step 2) in PKI mpk and this access strategy �� this data resource M is encrypted, obtain ciphertext C��; Wherein, containing some subset S in access strategy ��iWith corresponding binary relation predicateAndSiFor AiSubset;
5) when a user requires to access this data resource M, the identity attribute value list that secure encryption system inputs according to this user judges whether this user can access this data resource M, if can access, then according to the private key for user of this user to this ciphertext C��It is decrypted, exports plaintext M; Otherwise export empty.
Further, generate described private key for user sk(k)Method be: for user uk, first generate the main private key usk of this user(k); Then for this user at identity attribute value list ��={ vij��AiIn any attribute value vij��Ai, generate corresponding user property value key vskij, obtain this private key for userAiFor this user ukAttribute collection.
Further, the method judging the access strategy �� whether this user can access this data resource M is: the access strategy �� of the identity attribute value list �� this user inputted and this data resource is as the input of binary relation predicate, if binary relation predicate judge that Output rusults is as true, then judge whether this user can access this data resource M, otherwise can not access.
Further, non-for the logic in access strategy, utilize Moore's Law by non-transformed for logic be the Negative Predicate " not " in binary relation predicate, obtain the access strategy that Boolean algebra logic represents.
Further, described ciphertextIt is comprise binary relationThe sub-ciphertext generated.
It is a kind of based on the encryption system of attribute collection and relation predicate, it is characterised in that, comprise system key production module, community set key production module, user's key production module, encryption module and deciphering module; Wherein,
Described system key production module, for according to given security parameter k, the PKI mpk and main key msk of output safety encryption system;
Described community set key production module, for each given attribute collection Ai={ vi1,...,vim, the PKI pk of this attribute collection is generated by main key mskiWith private key ski, and by PKI pkiJoin in PKI mpk, private key skiAdd in main key msk; Wherein, attribute or the mark with same nature are positioned at same data centralization, and each attribute collection has a unique name, and each attribute or mark in attribute collection are called an attribute value, vimIt is i-th attribute collection AiIn the m attribute value;
Described user's key production module, for the identity attribute value list ��={ v inputted according to userij��AiGenerate a private key for user sk for this user(k);
Described encryption module, is encrypted this data resource M for the access strategy �� according to data resource M and PKI mpk, obtains ciphertext C��; Wherein, containing some subset S in access strategy ��iWith corresponding binary relation predicateAndSiFor AiSubset;
According to the identity attribute value list of access user's input, described deciphering module, for judging whether this user can access the data resource M to be accessed, if can access, then according to the private key for user of this user to this ciphertext C��It is decrypted, exports plaintext M; Otherwise export empty.
The present invention relates to a kind of encryption system based on community set, encrypt system referred to as attribute collection. A feature of this system to support the concept of attribute collection, and attribute or the mark namely with same nature are integrated into a set. Each attribute collection has a unique name, is called as " attribute-name ". System can be supported the attribute collection not limitting element number. Each attribute or mark in attribute collection are called as one " attribute value ". Usually, we are with capital U={ e1,...,enRepresent attribute collection, eiRepresent attribute value.
A feature of the present invention is to provide a kind of safe member relation decision method. The method can use a kind of cryptography mode to be judged by the member relation between given S set and element e, and this kind of member relation comprises: relation belonging to, not relation belonging to. This kind of member relation adopts binary predicateRepresented, whereinAlso just represent e �� S orJudgement. Above-mentioned for employing expression is carried out method description below.
Specifically, as shown in Figure 1, the present invention coupleSafe member relation decision method comprise the steps:
1. attribute value key production module: given any community set Ui={ e1,...,en, according to security parameter ��, generate PKI pki, private key ski, angle mark i represents the sequence number of set or key.
2. subset represents generation module: the random subset S={e of given set U1,...,em, by PKI pkiThe safety obtaining S set represents CS��
3. element extraction module: given U gather in an attribute element e as input, from private key skiMiddle extraction element e, thus obtain We��
4. member relation authentication module: the expression C of given subset SSWith the expression W of element ee, this module will provide relation between above-mentioned inputThe judgement that true or false (represents with 1 and 0) usually.
In above process, a feature of the present invention set and element be have employed cryptography represent, such as, and WeIt is that the cryptography of e represents, CSIt is that the cryptography of S represents.
A feature of the present invention is for different member relationsThere is different safe member relation decision methods.
A feature of the present invention be can support to equal=and be not equal to �� predicate, these two predicates are the special cases belonging to and not belonging to predicate when gathering an only element, that is, P = ( e 1 , e 2 ) ⇔ P ∈ ( e 1 , { e 2 } ) With P ≠ ( e 1 , e 2 ) ⇔ P ∉ ( e 1 , { e 2 } ) .
A feature of the present invention is that authentication module can ensure to verify the security of result, and this kind of security comprises integrity and the completeness of checking when opponent attempts deception in attack time.
A feature of the present invention is to ensure the integrity of checking process, if that is,So checking person can accept the proof of member relation authentication module with the probability of success 1. We useRepresent for relationThe output of member relation authentication module, so integrity means that probability equation (formula 1) is set up below:
(formula 1)
Another of the present invention is characterised in that the completeness that can ensure checking process, and completeness is divided into again weak completeness and strong completeness.
1. weak completeness: give the arbitrary element e in set U, andThe expression W of element e is extracted from private key ske *, after member relation authentication module, then checking person's probability of success is almost 0, that is, all set up by �� (formula 2) little arbitrarily.
(formula 2)
2. strong completeness: for any polynomial expression time algorithm A, it can generate(certain unknown element e that e refers to not in set U here), and the probability of success that this value is verified by member relation authentication module is almost 0, that is, to �� little arbitrarily, (formula 3) is set up.
(formula 3)
A feature of the present invention is to realize attribute collection encryption system, and by adopting, above-mentioned safe member relation decision method realizes belonging to ��, do not belong on attribute collection to this systemEqual=, be not equal to �� etc. set member's predicate.
This system can dynamically be added attribute collection, make each attribute set representations be Ai={ vi1,...,vim, then in system, all attribute collection form setMeanwhile, this system can support unlimited multi-user, makes user gather for U={u1,u2,��,un, each user has a list of attribute values ��={ vij��Ai, wherein, vijFirst subscript i represent affiliated attribute collection label, the 2nd subscript j is attribute value sequence number. Obviously these attribute value tables have shown the identity of user.
Given any one data resource M, it is possible to define the access strategy �� of these data according to attribute collection defined above, this access strategy can represent the form of the Boolean function for having set relation, orderAndRepresent any element and S set in attribute collection AiThe binary predicate of relation, and the above-mentioned multiple binary predicate of available AND and OR goalkeeper represents and becomes a Boolean expression. Such as, can formulate for an enciphered data and access strategy as follows:
Π : = ( ρ 1 O R ρ 2 ) A N D ρ 3 = ( P ∈ ( A 1 , { v 11 , v 12 } ) O R P ∉ ( A 2 , { v 22 , v 23 } ) ) A N D P = ( A 3 , v 32 ) = ( A 1 ∈ { v 11 , v 12 } O R A 2 ∉ { v 22 , v 23 } ) A N D A 3 = v 32 .
Wherein ��1Corresponding P��(A1,{v11,v12), ��2Corresponding��3Corresponding P=(A3,v32). If a certain user's identity can represent by with properties assignment: �� :={ v12,v21,v32, wherein, attribute value v12��A1, v21��A2, v32��A3. We can by this group attribute assignment { v12,v21,v32Substitute into attribute collection corresponding to access control �� above, can obtain final user
Meet the judgement authorized: Π = ( v 12 ∈ { v 11 , v 12 } O R v 21 ∉ { v 22 , v 23 } ) A N D ( v 32 = v 32 ) = ( T r u e O R T r u e ) A N D T r u e = T r u e
As shown in Figure 2, this system is by several module compositions below:
1. system generation module: this module is used for the generation of cryptographic system, for given security intensity as input, exports PKI mpk and main key msk.
2. community set key production module: this module joins in system for the attribute collection specified, for given any attribute collection Ai={ vi1,...,vimAs input, generate PKI pk by main key mskiWith private key ski, and it is joined in PKI mpk, private key skiAdd main key msk to.
3. user's key production module: this module is used for having identity attribute value list ��={ v for certainij��AiUser generate private key for user sk(k). For user uk, first generate this with the private key usk of householder(k); Then for any attribute value v of this userij��Ai, corresponding user property value key vsk can be generatedij, when user has multiple attribute value ��={ vij��Ai, private key for user comprises
4. module is encrypted: this module is used for the data resource M for having access strategy �� and is encrypted. Taking PKI mpk and access strategy �� as input, wherein, containing some subset S in access strategy ��iWith corresponding binary predicateAndThis module can export a ciphertext by encrypting plaintext data resource MWherein, SiIt is contained in community set Ai, i.e. SiFor AiSubset
5. deciphering module: this module is used for certain and has identity attribute value list ��={ vij��AiUser use private key to the ciphertext C with property policy ����Being decrypted, the prerequisite of deciphering is that list of attribute values can make property policy �� be true. With private key for user sk(k)With ciphertext C��For input, export plaintext M, otherwise export empty.
A feature of the present invention is that access control strategy can support various element and set relation predicate, and this kind of member relation comprises and belong to ��, do not belong toEqual=, be not equal to ��, it is true and false that predicate exports, and available cloth value of 1 and 0 represents.
A feature of the present invention is that the relation predicate cryptography adopting safe member relation decision method to realize in attribute collection encryption system judges, comprising:
1. employing attribute value key production module realizes the secret generating function that community set adds in module, generates PKI pkiWith private key ski;
2. generation module realizes in encryption module containing specifying member relation predicate to adopt subset to representUnder aggregation security represent
3. adopt element extraction module to any attribute value vij��AiGenerate the user property value key in attribute value key production module
4. the cryptography adopting member relation authentication module to realize member relation predicate in deciphering module judges, i.e. given attribute value vij��AiExpressionRelation predicateLower subset representsRealize determining type (formula 4)
(formula 4)
A feature of the present invention is that accessing strategy supports to represent based on the Boolean function non-with logical AND, logical OR and logic, and this Boolean function supports logical AND AND and logical OR OR. Linear Secret sharing techniques is adopted to realize logical AND AND and logical OR OR, it is possible to adopt level thresholding (threshold value) technology of sharing to be realized.
A feature of the present invention is that the Boolean function accessed in strategy supports non-logic NOT, the nonessential conversion carrying out following Moore's Law of logics all in Boolean algebra, namelyWithAccording to this conversion, thus obtain the access strategy �� ' of the equivalence of the encryption system based on attribute collection. Such as, access strategyAccess strategy after conversion is Π ′ : = ( A 1 ∉ { v 11 , v 13 } ) o r ( A 2 = v 22 ) , Namely utilize Moore's Law by non-transformed for logic be the Negative Predicate " not " in binary relation predicate, comprise and not belonging toBe not equal to ��.
The positively effect of the present invention
In sum, the present invention proposes one and support that the community set in " community set " concept and cryptography operates, be a kind of vast improvement to existing attribute base encryption function. The present invention relates to a kind of encryption system based on community set, encrypt system referred to as attribute collection. A feature of this system to support the concept of attribute collection, and attribute or the mark namely with same nature are integrated into a set. A feature of the present invention is for different member relationsThere is different safe member relation decision methods and set and element be have employed cryptography and represent.
A feature of the present invention be can support to equal=and be not equal to �� predicate, these two predicates are the special cases belonging to and not belonging to predicate when gathering an only element, that is, P = ( e 1 , e 2 ) ⇔ P ∈ ( e 1 , { e 2 } ) With P ≠ ( e 1 , e 2 ) ⇔ P ∉ ( e 1 , { e 2 } ) .
A feature of the present invention is that authentication module can ensure to verify the security of result, and this kind of security comprises integrity and the completeness of checking when opponent attempts deception in attack time.
A feature of the present invention is to ensure integrity and the completeness of checking process.
A feature of the present invention is to realize attribute collection encryption system, and by adopting, above-mentioned safe member relation decision method realizes belonging to ��, do not belong on attribute collection to this systemEqual=, be not equal to �� etc. set member's predicate. A feature of the present invention is that access control strategy can support various element and set relation predicate, and this kind of member relation comprises and belong to ��, do not belong toEqual=, be not equal to ��, it is true and false that predicate exports, and available cloth value of 1 and 0 represents.
A feature of the present invention is that the relation predicate cryptography adopting safe member relation decision method to realize in attribute collection encryption system judges, a feature of the present invention is that accessing strategy supports based on logical AND, logical OR and the non-Boolean function of logic represent, this Boolean function supports logical AND AND and logical OR OR. Linear Secret sharing techniques is adopted to realize logical AND AND and logical OR OR, it is possible to adopt level thresholding (threshold value) technology of sharing to be realized. A feature of the present invention is that the Boolean function accessed in strategy supports non-logic NOT.
Accompanying drawing explanation
The structural representation that the safe member relation that Fig. 1 embodiment of the present invention provides judges.
The structural representation of the attribute collection encryption system that the safe member relation that Fig. 2 embodiment of the present invention provides judges.
Embodiment:
Bilinear map is widely used in the aggregate signature scheme proposed in recent years as an effective instrument, and usual Bilinear map is got being out of shape with Tate by the Weil in elliptic curve. Bilinear map can construct scheme and Bilinear map that much general cryptography instrument can not realize on using relatively flexibly, has good character.
If G1, G2The cyclic group on to be two taking p be rank, g1It is crowd G1Generator, g2It is crowd G2Generator. �� is from group G2To group G1Computable isomorphism function, i.e. �� (g2)=g1, e is the mapping e:G that can calculate1��G2��GT, map e and there is following character:
1) bilinearity: for all u �� G1v��G2AndMeet e (ua,vb)=e (u, v)ab��
2) non-degeneracy: meet e (g1,g2)��1��
Can extrapolate from above character:
For arbitrary u �� G1, v1,v2��G2, e (u, v1v2)=e (u, v1)��e(u,v2); For arbitrary u, v �� G1, e (u, �� (v))=e (v, �� (u)).
For making the technical problem to be solved in the present invention, technical scheme and advantage clearly, it is described in detail below in conjunction with the accompanying drawings and the specific embodiments.
Following examples are all used zero point polymerization function and limit polymerization function, have been defined as follows:
1) zero point polymerization function
A given random subsetWith a p rank cyclic group G, p is prime number, if there is a polynomial expression time algorithm ZeroAggr, algorithm exports and isThen this algorithm is called as zero point polymerization function, and wherein, g is the generator of p rank cyclic group G, and �� is the random secret introduced, xi=hash (ei) for each cycling of elements in S set be the random point in cryptography space.
2) limit polymerization function
A given random subsetWith a p rank cyclic group G, p is prime number, if there is a polynomial expression time algorithm PolesAggr, algorithm exportsThen this algorithm is called as limit polymerization function, and wherein, h is the generator of p rank cyclic group G, and �� is the random secret introduced, xi=hash (ei) for each cycling of elements in S set be the random point in cryptography space.
Be polymerized function and limit polymerization function except zero point described above, the following is example is at bilinearity mapped system s=(p, G1,G2,GT, e ()) middle realization, wherein, G1And G2Rank be p, generator is respectively g1And g2. Employ cryptographic Hash function hash:{0,1} in addition*��Zp *, by arbitrary attribute value viRandom element x is mapped from scale-of-two stringi, i.e. xi=hash (vi)��
Embodiment one
This gives for the cryptography judgement structure method that member relation belongs to, concrete comprises following four steps:
1) attribute value key production module: for given any community set U={e1,...,en, choose at randomWith m �� Z+, generate PKIWith private key
2) subset represents generation module: the random subset S={e of given set U1,...,em, we call PolesAggr function and calculate the safety that (formula 5) obtain S set and represent HS, wherein, xk=hash (ek)��
(formula 5)
3) element extraction module: an attribute element e in given U setiAs input, from private key sk, extract element ei, thus obtain eiCryptography represent
4) member relation authentication module: the expression H of given subset SSWith element eiExpressionThis module will provide relation P between above-mentioned input��The judgement that (e, S) true or false (represents with 1 and 0) usually, that is, eiBelong to S. First, calculate S_=S { eiAnd (formula 6); Secondly, checking WiWhether equal e (GS_,HS), i.e. e (GS_,HS)��e(Wi, H) whether=V set up. If set up, we just think ei�� S also returns true, otherwise returns vacation.
G S _ ← Z e r o s A g g r ( pk ∈ , S _ ) = g f S _ ( γ ) = g γ Π e k ∈ S ( γ + x k ) γ + x i \ * M E R G E F O R M A T (formula 6)
Embodiment two
This gives for the cryptography judgement structure method that member relation does not belong to, concrete, comprise following four steps:
1) attribute value key production module: for given any community set U={e1,...,en, according to security parameter ��, choose at randomWith n �� Z+, generate PKIWith private key
2) subset represents generation module: the random subset S={e of given set U1,...,em, we call ZerosAggr function and calculate the safety that (formula 7) obtain S set and represent GS, wherein, xk=hash (ek)��
G S ← Z e r o s A g g r ( s k , S ) s = g s · f s ( γ ) = g γsΠ e k ∈ s ( x + x k )
\ * M E R G E F O R M A T (formula 7)
3) element extraction module: an attribute element e in given U setiAs input, from private key sk, extract element ei, thus obtain eiCryptography represent
4) member relation authentication module: the expression G of given subset SSWith element eiCryptography representThis module will provide relation between above-mentioned inputThe judgement that true or false (represents with 1 and 0) usually, that is, eiDo not belong to S. First, calculate S+=S �� { eiAnd (formula 8), secondly, checking e (GS,HS+)��e(Wi, H) whether=V set up. If set up, we just thinkAnd return true, otherwise return vacation.
(formula 8)
Embodiment three
Each party is about ZpSharing of upper vector. The matrix T that there is a l �� n is called shared generator matrix. ForTiIt is i-th row vector of T. Setting function �� is defined as label �� (i) of row i. Column vector v=(s, r2,������,rn), wherein s �� ZpIt is shared secret, r2,...,rnIt is ZpIn randomized number. The column vector of the shared secret s of Tv to be length be l, and (Tv)iIt it is the secret that �� (i) side holds. Setting U is the set authorized arbitrarily, I �� 1 ..., l} is defined as I={i: �� (i) �� U}. So there is fixing { wi}i��IIf making ��iBeing the effectively shared of secret s arbitrarily, so secret can pass through ��i��Iwi��i=s reconstructs.
For technical background, we illustrate that the attribute collection of native system is arranged, first such as definition attribute collection:
Big formal name used at school :=..., " Peking University ", " University of Science & Technology, Beijing ", " Tsing-Hua University " ...,
Department :=..., " biological institute ", " chemistry institute ", " Information Institute " ...,
Time :=..., 2013,2014,2015,2016 ...,
Role :=..., " professor's meeting ", " the academic council ", " the degree council " ....
We can define Ai:={ vi1,...,vim, wherein, A1�� department, v1k1�� " biological institute ", v1k2�� " chemistry institute ", v1k3�� " Information Institute "; A2�� big formal name used at school, v2k1�� " Peking University ", v2k2�� " University of Science & Technology, Beijing ", v2k3�� " Tsing-Hua University "; A3�� the time, v3k1�� 2013, v3k2�� 2014, v3k3�� 2015;
A4�� role, v4k1�� " professor's meeting ", v4k2�� " the academic council ", v4k3�� " the degree council ".
(big formal name used at school �� { " Peking University ", " University of Science & Technology, Beijing " } AND time=2015AND role=" the degree council " AND department{ " biological institute ", " chemistry institute " }).
We can definition strategy be A 1 ∉ { v 1 k 1 , v 1 k 2 } A N D A 2 ∈ { v 2 k 1 , v 2 k 2 } A N D A 3 = v 3 k 3 A N D A 4 = v 4 k 3 .
Assume that a user has following identity attribute: { big formal name used at school :=" University of Science & Technology, Beijing ", time :=2015, role :=" the degree council ", department :=" Information Institute " }.
The core of the present invention is attribute collection encryption system, and we adopt the method in above-described embodiment one and embodiment two to give detailed attribute collection cryptographic construction scheme, specifically comprise following five modules:
1) system generation module
The corresponding bilinearity mapped system based on elliptic curve cipher is obtained for the security intensity formulatedAt G1, G2In random select two elementsWithChooseSetting Q=H��, R=e (G, H)��. Obtain PKI mpk=(S, H, Q, R), main key msk=(��, ��, ��, G, G��). Finally export (mpk, msk).
2) community set adds module
From Zp *In choose �� at randomi, namelySettingWherein j �� [1, m]. For all vij��AiAnd xij=h (vij), haveBy main secret generating client public keyRespectively by pkiAdd mpk and by ski=��iIt is attached to msk.
3) attribute value key production module
For user uk, choose an integer �� at randoml, generate this with the private key of householderFor any attribute value (A of this useri��vij) �� ��, corresponding user property value key can be generatedWhen user has multiple attribute value ��={ vij��AiSituation, generate private key for user
4) module is encrypted
Input plaintext M, PKI mpk and access strategy ��, export ciphertext C��. First �� is converted to (T, ��), containing some subset S in access strategy ��iWith corresponding predicateAndSelect stochastic variableShare secret s, then calculate ek=Rs=e (G, H)��s, c0=QS,And ��k=v Tk, wherein TkIt it is kth the row vector of the shared generator matrix T of l �� n. Ciphertext isWherein C0=(c0,c1). ForWhether set upCalculateMeet (formula 9)
C ρ i = ( c k 1 , c k 2 ) = ( H λ k , ( H S ) λ k ) f o r ( A k ∈ S ) ( H λ k , ( G S ) λ k ) f o r ( A k ∉ S )
\ * M E R G E F O R M A T (formula 9)
Wherein, HS=PolesAggr (mpk, S), GS=ZerosAggr (mpk, S).
5) deciphering module
User ukInputAnd ciphertextFrom i-th sub-ciphertext (ci1,ci2) inner extract S, then attempt finding the appointment A that can meet above conditioni��vij. If success, attribute value ��={ v that namely the private key of user is correspondingij��AiMeet access strategy �� in ciphertext, search sub-keyAnd calculating formula (10):
c i = e ( vsk i j ( k ) , c i 1 ) · e ( G S - , c i 2 ) f o r ( v i j ∈ S ) e ( vsk i j ( k ) , c i 1 ) · e ( c i 2 , H S + ) f o r ( v i j ∉ S ) \ * M E R G E F O R M A T (formula 10)
Wherein, GS-=ZerosAggr (mpk, S { vij), Hs+=PolesAggr (mpk, S �� { vij). As all ciWhen being worth known, calculate the vector { w of reconstruct according to T and I={i: �� (i) �� U}i��Zp}i��I, wherein U is the set of coupling arbitrarily, if { ��iIt is the effectively shared of secret s arbitrarily, so ��i��Iwi��i=s. Then calculateFinally recover session key ek=e (sk0,c0)/c. Calculated by the session key ek recoveredExport plaintext M. If attribute value ��={ v that the private key of user is correspondingij��AiDo not meet access strategy �� in ciphertext, export empty.
The above is the preferred embodiment of the present invention; it is noted that for those skilled in the art, under the prerequisite not departing from principle of the present invention; can also making some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.

Claims (10)

1. one kind based on the encryption system access control method of attribute collection and relation predicate, the steps include:
1) according to given security parameter k, the PKI mpk and main key msk of output safety encryption system;
2) for each given attribute collection Ai={ vi1,...,vim, the PKI pk of this attribute collection is generated by main key mskiWith private key ski, and by PKI pkiJoin in PKI mpk, private key skiAdd in main key msk; Wherein, attribute or the mark with same nature are positioned at same data centralization, and each attribute collection has a unique name, and each attribute or mark in attribute collection are called an attribute value, vimIt is i-th attribute collection AiIn the m attribute value;
3) according to the identity attribute value list ��={ v of user's inputij��AiGenerate a private key for user sk for this user(k);
4) for data resource M arranges an access strategy ��; According to step 2) in PKI mpk and this access strategy �� this data resource M is encrypted, obtain ciphertext C��; Wherein, containing some subset S in access strategy ��iWith corresponding binary relation predicateAndSiFor AiSubset;
5) when a user requires to access this data resource M, the identity attribute value list that secure encryption system inputs according to this user judges whether this user can access this data resource M, if can access, then according to the private key for user of this user to this ciphertext C��It is decrypted, exports plaintext M; Otherwise export empty.
2. the method for claim 1, it is characterised in that, generate described private key for user sk(k)Method be: for user uk, first generate the main private key usk of this user(k); Then for this user at identity attribute value list ��={ vij��AiIn any attribute value vij��Ai, generate corresponding user property value key vskij, obtain this private key for user sk ( k ) = ( usk 0 ( k ) , { vsk i j ( k ) } v i j ∈ A i } ; AiFor this user ukAttribute collection.
3. method as claimed in claim 1 or 2, it is characterized in that, the method judging the access strategy �� whether this user can access this data resource M is: the access strategy �� of the identity attribute value list �� this user inputted and this data resource is as the input of binary relation predicate, if binary relation predicate judge that Output rusults is as true, then judge whether this user can access this data resource M, otherwise can not access.
4. method as claimed in claim 3, it is characterised in that, non-for the logic in access strategy, utilize Moore's Law by non-transformed for logic be the Negative Predicate " not " in binary relation predicate, obtain the access strategy that Boolean algebra logic represents.
5. method as claimed in claim 1 or 2, it is characterised in that, described ciphertext It is comprise binary relationThe sub-ciphertext generated.
6. one kind based on the encryption system of attribute collection and relation predicate, it is characterised in that, comprise system key production module, community set key production module, user's key production module, encryption module and deciphering module; Wherein,
Described system key production module, for according to given security parameter k, the PKI mpk and main key msk of output safety encryption system;
Described community set key production module, for each given attribute collection Ai={ vi1,...,vim, the PKI pk of this attribute collection is generated by main key mskiWith private key ski, and by PKI pkiJoin in PKI mpk, private key skiAdd in main key msk; Wherein, attribute or the mark with same nature are positioned at same data centralization, and each attribute collection has a unique name, and each attribute or mark in attribute collection are called an attribute value, vimIt is i-th attribute collection AiIn the m attribute value;
Described user's key production module, for the identity attribute value list ��={ v inputted according to userij��AiGenerate a private key for user sk for this user(k);
Described encryption module, is encrypted this data resource M for the access strategy �� according to data resource M and PKI mpk, obtains ciphertext C��; Wherein, containing some subset S in access strategy ��iWith corresponding binary relation predicateAndSiFor AiSubset;
According to the identity attribute value list of access user's input, described deciphering module, for judging whether this user can access the data resource M to be accessed, if can access, then according to the private key for user of this user to this ciphertext C��It is decrypted, exports plaintext M; Otherwise export empty.
7. system as claimed in claims 6 or 7, it is characterised in that, for user uk, first described user's key production module generates the main private key usk of this user(k); Then for this user identity attribute value list ��={ vij��AiIn any attribute value vij��Ai, generate corresponding user property value key vskij, obtain this private key for userAiFor this user ukAttribute collection.
8. system as claimed in claims 6 or 7, it is characterized in that, the access strategy �� of the identity attribute value list that this user is inputted by described deciphering module and this data resource is as the input of binary relation predicate, if binary relation predicate judge that Output rusults is as true, then judge whether this user can access this data resource M, otherwise can not access.
9. system as claimed in claim 8, it is characterised in that, described deciphering module is non-for the logic in access strategy, utilize Moore's Law by non-transformed for logic be the Negative Predicate " not " in binary relation predicate, obtain the access strategy that Boolean algebra logic represents.
10. system as claimed in claims 6 or 7, it is characterised in that, described ciphertext
CN201511000960.9A 2015-12-28 2015-12-28 A kind of encryption system and access control method based on property set and relationship predicate Active CN105635135B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201511000960.9A CN105635135B (en) 2015-12-28 2015-12-28 A kind of encryption system and access control method based on property set and relationship predicate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201511000960.9A CN105635135B (en) 2015-12-28 2015-12-28 A kind of encryption system and access control method based on property set and relationship predicate

Publications (2)

Publication Number Publication Date
CN105635135A true CN105635135A (en) 2016-06-01
CN105635135B CN105635135B (en) 2019-01-25

Family

ID=56049625

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201511000960.9A Active CN105635135B (en) 2015-12-28 2015-12-28 A kind of encryption system and access control method based on property set and relationship predicate

Country Status (1)

Country Link
CN (1) CN105635135B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107426162A (en) * 2017-05-10 2017-12-01 北京理工大学 A kind of method based on attribute base encryption Implement Core mutual role help
CN107864139A (en) * 2017-11-09 2018-03-30 北京科技大学 A kind of cryptography attribute base access control method and system based on dynamic rules
CN109257165A (en) * 2017-07-12 2019-01-22 北京嘀嘀无限科技发展有限公司 The encryption and decryption method of fine granularity mobile access and encryption, decryption system
CN109559117A (en) * 2018-11-14 2019-04-02 北京科技大学 Block chain contract method for secret protection and system based on the encryption of attribute base
CN110311779A (en) * 2019-07-31 2019-10-08 杭州项帮科技有限公司 A kind of encryption attribute method of fraction key mechanism
CN111343273A (en) * 2020-02-27 2020-06-26 电子科技大学 Attribute-based strategy hiding outsourcing signcryption method in Internet of vehicles environment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120045056A1 (en) * 2009-04-23 2012-02-23 Nippon Telegraph And Telephone Corp. Cryptographic processing system
CN102369687A (en) * 2009-04-24 2012-03-07 日本电信电话株式会社 Cryptographic system, cryptographic communication method, encryption apparatus, key generation apparatus, decryption apparatus, content server, program, and storage medium
CN102664885A (en) * 2012-04-18 2012-09-12 南京邮电大学 Identity authentication method based on biological feature encryption and homomorphic algorithm

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120045056A1 (en) * 2009-04-23 2012-02-23 Nippon Telegraph And Telephone Corp. Cryptographic processing system
CN102369687A (en) * 2009-04-24 2012-03-07 日本电信电话株式会社 Cryptographic system, cryptographic communication method, encryption apparatus, key generation apparatus, decryption apparatus, content server, program, and storage medium
CN102664885A (en) * 2012-04-18 2012-09-12 南京邮电大学 Identity authentication method based on biological feature encryption and homomorphic algorithm

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
YAN ZHU ETC.: "Cryptographic Spatio-Temporal Predicates for Location-based Services", 《IEEE》 *
YAN ZHU ETC.: "Secure and Efficient Constructions of Hash,", 《IEEE》 *
刘文芬等: "属性隐藏的基于谓词的认证密钥交换协议", 《通信学报》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107426162A (en) * 2017-05-10 2017-12-01 北京理工大学 A kind of method based on attribute base encryption Implement Core mutual role help
CN107426162B (en) * 2017-05-10 2018-06-22 北京理工大学 A kind of method based on attribute base encryption Implement Core mutual role help
CN109257165A (en) * 2017-07-12 2019-01-22 北京嘀嘀无限科技发展有限公司 The encryption and decryption method of fine granularity mobile access and encryption, decryption system
CN107864139A (en) * 2017-11-09 2018-03-30 北京科技大学 A kind of cryptography attribute base access control method and system based on dynamic rules
CN109559117A (en) * 2018-11-14 2019-04-02 北京科技大学 Block chain contract method for secret protection and system based on the encryption of attribute base
CN110311779A (en) * 2019-07-31 2019-10-08 杭州项帮科技有限公司 A kind of encryption attribute method of fraction key mechanism
CN111343273A (en) * 2020-02-27 2020-06-26 电子科技大学 Attribute-based strategy hiding outsourcing signcryption method in Internet of vehicles environment

Also Published As

Publication number Publication date
CN105635135B (en) 2019-01-25

Similar Documents

Publication Publication Date Title
Li et al. Full verifiability for outsourced decryption in attribute based encryption
Fu et al. NPP: a new privacy-aware public auditing scheme for cloud data sharing with group users
CN104363215B (en) A kind of encryption method and system based on attribute
Xu et al. Lightweight searchable public-key encryption for cloud-assisted wireless sensor networks
CN105635135A (en) Encryption system based on attribute sets and relational predicates and access control method
CN103986574B (en) A kind of Tiered broadcast encryption method of identity-based
CN103401839B (en) A kind of many authorization center encryption method based on attribute protection
CN105100083B (en) A kind of secret protection and support user's revocation based on encryption attribute method and system
CN101977112B (en) Public key cipher encrypting and decrypting method based on neural network chaotic attractor
CN104967693B (en) Towards the Documents Similarity computational methods based on full homomorphism cryptographic technique of cloud storage
CN109274503A (en) Distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system
Chen et al. A blockchain-based searchable public-key encryption with forward and backward privacy for cloud-assisted vehicular social networks
CN107276766A (en) A kind of many authorization attribute encipher-decipher methods
CN107154845A (en) A kind of BGN types ciphertext decryption outsourcing scheme based on attribute
CN103457725A (en) Encryption method for multiple authorization centers
CN108667616A (en) Across cloud security Verification System based on mark and method
CN104135473A (en) A method for realizing identity-based broadcast encryption by ciphertext-policy attribute-based encryption
CN107425971A (en) Terminal and its data method for encryption/decryption and device without certificate
CN105162589A (en) Lattice-based verifiable attribute encryption method
Qin et al. Simultaneous authentication and secrecy in identity-based data upload to cloud
Sun et al. Outsourced decentralized multi-authority attribute based signature and its application in IoT
CN109086615A (en) A kind of support multiple key search public key encryption method of anti-keyword guessing attack
Zhang et al. DOPIV: Post-quantum secure identity-based data outsourcing with public integrity verification in cloud storage
CN104618332A (en) Secure two-party computation method and system based on symbol boundary value binary decision diagram
CN108183791A (en) Applied to the Intelligent terminal data safe processing method and system under cloud environment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant