CN107359986A - The outsourcing encryption and decryption CP ABE methods of user revocation - Google Patents
The outsourcing encryption and decryption CP ABE methods of user revocation Download PDFInfo
- Publication number
- CN107359986A CN107359986A CN201710532044.2A CN201710532044A CN107359986A CN 107359986 A CN107359986 A CN 107359986A CN 201710532044 A CN201710532044 A CN 201710532044A CN 107359986 A CN107359986 A CN 107359986A
- Authority
- CN
- China
- Prior art keywords
- mrow
- msub
- msup
- user
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of outsourcing encryption and decryption CP ABE methods of user revocation, the data encrypting and deciphering technical field being related under mobile cloud environment, this method further realizes outsourcing cryptographic calculation on the basis of the encryption of existing outsourcing attribute base, mitigates the computational costs of local client encryption.The present invention not only realizes fine-grained access control of the file on Cloud Server, and the succinct cipher key management operation of user, realizes the access rights revocation to disabled user.When there is user to be revoked, validated user mitigates the burden of authorized organization without more new key.Local user only needs simple xor operation renewal ciphertext.Security Proof shows that method proposed by the present invention has non-self-adapting selection plaintext secure under Generalized Bilinear group model.Performance evaluation shows that the present invention more effectively reduces the computations expense of mobile device and can efficiently realize that disabled user cancels, and effectively realizes the access privilege control to user.
Description
Technical field
The present invention relates to attribute base outsourcing encryption and decryption mechanism correlative technology field, and in particular to can under a kind of mobile cloud environment
Cancel the outsourcing encryption and decryption CP-ABE methods of user.
Background technology
With the continuous development of mobile cloud computing technology, a kind of emerging Data share model causes people and greatly closed
Note.The characteristics of mobile cloud computing is that its terminal device is moveable portable appliance, and its memory space and calculating energy all have
Limit.So local data is sent to the storage that data are realized on Cloud Server and shared, cloud service confession by network carrier
The on-line storage space that business is provided is answered, there is low cost, the easily advantage of use and high scalability, meet mass data storage
Demand, and provide data sharing service, become the major fields of information storage development.
However, while mobile cloud computing brings people's great convenience, new safety problem and challenge are also brought.Due to
Under cloud computing environment, Cloud Server is simultaneously non-fully believable, and data are outsourced in cloud by enterprise or individual, it means that enterprise
Industry or the personal complete control lost to data, then there have been the safety of data and Privacy Protection.In order to ensure
The confidentiality of institute's data storage, user need to use encryption technology, are stored being uploaded after data encryption, only possess decruption key
User could decrypt the ciphertext, realize the access to data content, so as to reduce the risk of leaking data, ensure that data
Safety.It is effectively used and manages to ensure data resource in valid scope, therefore access control technology will be one
Individual indispensable part, ensure that fine-grained authorize of data accesses by access control policy, this is to guarantee data security to deposit
The key technology of storage.Because mobile terminal device energy is all limited, the calculating consumption of complexity can not be provided.So for
Data on mobile cloud computing platform, how to ensure the safety of data in cloud using encryption technology;How in protection data-privacy
On the premise of, effective data sharing is realized, and be reduced as far as the key management cost and security risk of user;How to build
A kind of safe fine-granularity access control mechanism is found, only allows the data required for authorized user's successful access, and other are illegal
User can not access these data;How mobile terminal encryption and decryption computational costs is reduced;And due in shared cloud computing service
Under environment, access privilege frequently changes, i.e., authorized user has dynamic modificability, how to effectively realize user and removes
Pin, these all turn into urgent problem to be solved.
2005, Sahai et al. was in document《Fuzzy identity-based encryption》In propose mould first
The concept of identity base encryption mechanism is pasted, and constructs first attribute base encipherment scheme, the number being flexibly applied under cloud environment
According to sharing, the fine-granularity access control of data is realized.2012, Li et al. was in document《Outsourcing encryption of
attribute-based encryption with mapreduce》In propose first attribute base encrypt in outsourcing encrypt
Scheme, reduce the calculation cost of user terminal.But the program is only reduction of the calculation cost of encipherer.The same year, Zhou et al. exists
Document《Efficient and secure data storage operations for mobile cloud computing》
Propose and realize that outsourcing encryption and decryption calculates under mobile cloud environment, while reduce the calculation cost of encipherer and decryption person.But
In this scenario, once there is user's revocation, all legal users are both needed to more new key, bring the key updating of costliness
Expense.
The content of the invention
The invention aims to solve drawbacks described above of the prior art, there is provided a kind of to be removed under mobile cloud environment
Sell the outsourcing encryption and decryption CP-ABE methods of user.
The purpose of the present invention can be reached by adopting the following technical scheme that:
The outsourcing encryption and decryption CP-ABE methods of user revocation, described outsourcing encryption and decryption CP- under a kind of mobile cloud environment
ABE methods comprise the following steps:
Algorithm Setup (1 is established by systemλ), input security parameter 1λ, output system public key PK and master key MK;
The attribute set S of user, system public key PK and master key are inputted by key schedule KeyGen (PK, S, MK)
MK, export the private key SK of user;
By AES Encrypt (PK, M, Λ) to file encryption, input system public key PK, plaintext M and access structure
Λ, output ciphertext C.Wherein, the ciphering process of file includes data owner's encryption and encryption server for encrypting, is data first
Data clear text is encrypted owner, then gives encryption server ciphertext, and encryption server belongs to ciphertext again
Property encryption;
File is decrypted by decipherment algorithm Decrypt (C, SK) authorized user, inputs private key for user SK and its right
The ciphertext C answered, if private key for user meets the access strategy output plaintext M of ciphertext, wherein, the decrypting process of file includes outsourcing
Decryption and local user's decryption, server progress attribute base is decrypted first and decrypts to obtain CTDO, then user is to CTDOCarry out again
Decryption, obtains data clear text;
When there is user to be revoked, local user updates encryption file, input system by more new algorithm Update (PK, C)
Unite public key PK, ciphertext C output renewal ciphertexts C'.
Further, described system establishes algorithm Setup (1λ) specific as follows:
If group G0And GTRank be prime P, g G0Generation member;
Bilinear map e:G0×G0→GT, safe hash function H:{0,1}→G0;
Assuming that system has k user, the attribute space of each user is S={ λ1,λ2,…,λn};
Trust authority selects two random number α, β ∈ Zp, then generating system public key is:PK={ G0,GT, g, H, h=gβ,e
(g,g)α, preserve master key MK=(β, gα)。
Further, described key schedule KeyGen (PK, S, MK) is specific as follows:
For each user UtRandomly select a random number rt∈Zp(t=1,2 ..., k),Choose
Random number rj∈Zp, j ∈ S, calculate private key:
Select the m of prime number each other1,m2,…,mk(k >=2) are by (SKt,mt) by safe lane give each user Ut。
Further, described AES Encrypt (PK, M, Λ) is specific as follows:
It is that data clear text is encrypted data owner first, then gives encryption server, cryptographic services ciphertext
Device carries out encryption attribute to ciphertext again,
1)EncryptDO(M, κ):Data owner selects a random number z ∈ Zp, calculate
L=m1m2…mk,Wherein Li=L/mi,yi=Li -1mod mi.Send (CTDO, X) and give encryption server;
2)EncryptESP(PK,CTDO,Λ):Encryption server receives CTDOAfter call the algorithm to be encrypted again, mistake
Journey is as follows:
Each leaf node represents an attribute in access control tree Λ, if kxIt is the threshold value of each node x in Λ,It is d to randomly choose a rankx=kx- 1 multinomial qxWith a random number s ∈ Zp, for root node R, make qR(0)
=s, other non-root node x cause
Assuming that Y is the set of all leaf nodes in Λ, then the ciphertext generated is:
Further, described decipherment algorithm Decrypt (C, SK) is specific as follows:
Server progress attribute base is decrypted first to decrypt to obtain CTDO, then user is to CTDODecrypted, counted again
According in plain text, by inputting private key for user SK, and its corresponding ciphertext C, if user is disabled user, output decryption fails;It is no
Then ciphertext can be decrypted using private key for validated user, and calculation expression is as follows:
1) local user selects a random number t ∈ ZpCalculateAnd the decruption key after blinding
Give decryption server;
2)Decrypt server callsAttribute base decryption is carried out, its
Decrypting process is as follows:
Define a recursive algorithmWherein y is the node for setting Λ, when y is leaf node, is held
Row is as follows:
Wherein i represents node y attribute;
When y is not leaf node, recursive function is called to all y child nodes zOutput
As a result it is Fz;Assuming that SyIt is to have kyIndividual y child nodes z set, if this set is not present, function returns to ⊥, otherwise decrypts
Process is as follows:
Wherein i=index (z), Sx'={ index (z):z∈Sx,It is for Lagrange
Number, if S meets access structure, recursive algorithm returns to A=e (g, g)rs;
Calculate B=e (C, D ')=e (hs,gt(α+r)/β)=e (g, g)t r·se(g,g)tαs, the transmission of decryption server A, B,
X } give local user;
3)DecryptDU(CT′,κ):After local user receives { A, B, X }, B '=B is calculated first1/t=e (g, g)rs·e
(g,g)αs, xi=X mod mi,Then decryption restoration goes out data clear text:
Further, described more new algorithm Update (PK, C) is specific as follows:
Such as to cancel user DUjWhen, data owner selects a random number z ' ∈ Zp, calculateWherein Li'=
L′/mi,yi'=Li′-1mod mi, (R, X ') is sent to ESP by escape way.ESP renewals ciphertext is as follows:
The present invention is had the following advantages relative to prior art and effect:
1) present invention increases a function of supporting user's revocation on the basis of outsourcing encryption and decryption mechanism, proposes that one kind can
Cancel the outsourcing decryption CP-ABE methods of user, perfect local cipher and user authority management work(for outsourcing decryption mechanisms
Energy.
2) present invention not only reduces the computations expense of local user, and realizes the revocation of user.
3) present invention is updated by local user to ciphertext, realizes the authority revocation to user;It is revoked when there is user
When, validated user mitigates the burden of authorized organization without more new key.
4) Security Proof shows, it is bright to prove that proposed method selects for non-self-adapting under Generalized Bilinear group model
Wenan is complete.
5) performance evaluation shows, compared with existing program, the present invention needs lower encryption expense in local cipher equipment
With, and user cancels efficiency and more increased.
Brief description of the drawings
Fig. 1 is a kind of schematic flow sheet of the outsourcing encryption and decryption CP-ABE schemes of user revocation disclosed by the invention;
Fig. 2 is the outsourcing encryption and decryption CP-ABE scheme system structure charts of user revocation.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
Part of the embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
Embodiment
With the rapid development of network and cloud, mobile cloud computing turns into a kind of emerging service mode, Jin Ergai
Become the modes such as the life, study, medical treatment of people.Mobile cloud computing is to dispose multiple light movements on cloud computing platform to set
It is standby to realize data sharing.How mobile device information security is ensured;How the encryption and decryption expense of mobile device is reduced;How to realize
Access control and revocation function to user;If these problems cannot solve, can not just ensure to move the safety of cloud computing.
Therefore, for mobile cloud computing the characteristics of, corresponding safety problem on this basis is studied, establish a kind of effective, safe add
Close decryption mechanisms are very necessary and are badly in need of, and have important theory significance and application value.
The present embodiment is directed to problem above, mainly have studied the data encrypting and deciphering mechanism under mobile cloud environment, it is proposed that one
The outsourcing encryption and decryption CP-ABE methods of kind user revocation.Demonstrated under Generalized Bilinear group model the scheme of proposition have it is non-
Adaptively selected plaintext secure.The inventive method not only have mobile device encryption and decryption expense it is low the characteristics of, and can also to
The access rights at family are cancelled, and realize flexibly effectively access control.When there is disabled user to be revoked, validated user without
More new key is needed, effectively alleviates the burden of authorized organization.Compared with existing scheme, the present invention not only significantly reduces
The encryption and decryption computational costs of mobile device, and the function with user revocation, have effectively achieved to access privilege
Control.
With reference to the specific of outsourcing encryption and decryption CP-ABE methods of the Fig. 1 to a kind of user revocation disclosed in the present embodiment
Process is described in detail.Comprise the following steps:
S1, algorithm Setup (1 is established by systemλ), input security parameter 1λ, output system public key PK and master key MK;
In concrete application, the system establishes algorithm Setup (1λ), if group G0And GTRank be prime P, g G0Generation
Member.Bilinear map e:G0×G0→GT, safe hash function H:{0,1}→G0.Assuming that system has k user, each user
Attribute space be S={ λ1,λ2,…,λn}.Trust authority selects two random number α, β ∈ Zp, then it is PK to generate system public key
={ G0,GT, g, H, h=gβ,e(g,g)α, master key is MK=(β, gα)。
S2, the attribute set S by key schedule KeyGen (PK, S, MK) input users, system public key PK and master
Key MK, export the private key SK of user;
In concrete application, the key schedule KeyGen (PK, S, MK), a random number r is randomly selectedt∈Zp(t
=1,2 ..., k),Choose random number rj∈Zp, calculate private key:
Select the m of prime number each other1,m2,…,mk(k >=2), by (SKt,mt) by safe lane give each user Ut。
S3, pass through AES Encrypt (PK, M, Λ), input system public key PK, plaintext M and access structure Λ, output
Ciphertext C;
In concrete application, the AES Encrypt (PK, M, Λ), the encryption of data is encrypted by data owner
Formed with encryption server for encrypting two parts.It is that data clear text is encrypted data owner first, then ciphertext is given
Encryption server, encryption server carry out encryption attribute to ciphertext again.
S31、EncryptDO(M, κ):Data owner selects a random number z ∈ Zp, calculate
L=m1m2…mk,Wherein Li=L/mi,yi=Li -1mod mi.Send (CTDO, X) and give encryption server.
S32、EncryptESP(PK,CTDO,Λ):Encryption server receives CTDOAfter call the algorithm to be encrypted again,
Process is as follows:
Each leaf node represents an attribute in access control tree Λ, if kxIt is the threshold value of each node x in Λ.It is d to randomly choose a rankx=kx- 1 multinomial qxWith a random number s ∈ Zp.For root node R, q is madeR(0)
=s, other non-root node x causeAssuming that Y is the set of all leaf nodes in Λ, then give birth to
Into ciphertext be:
S4, file decrypted by decipherment algorithm Decrypt (C, SK) authorized user, input private key for user SK, and its correspondingly
Ciphertext C, plaintext M is exported if the access strategy that private key for user meets ciphertext, otherwise output decryption failure.
In concrete application, the decipherment algorithm Decrypt (C, SK), decrypting process includes outsourcing decryption and local user solves
It is close.Server progress attribute base is decrypted first to decrypt to obtain CTDO, then user is to CTDODecrypted again, it is bright to obtain data
Text.
S41, local user select a random number t ∈ ZpCalculateIt is and the decryption after blinding is close
Key
Give decryption server.
S42、Decrypt server callsAttribute base decryption is carried out,
Its decrypting process is as follows:
Define a recursive algorithmWherein y is the node for setting Λ.When y is leaf node, hold
Row is as follows:
Wherein i represents node y attribute.
When y is not leaf node, recursive function is called to all y child nodes zOutput
As a result it is Fz.Assuming that SyIt is to have kyIndividual y child nodes z set.If this set is not present, function returns to ⊥, otherwise decrypts
Process is as follows:
Wherein i=index (z), Sx'={ index (z):z∈Sx,It is for Lagrange
Number.If S meets access structure, recursive algorithm returns to A=e (g, g)rs。
Calculate B=e (C, D ')=e (hs,gt(α+r)/β)=e (g, g)trs·e(g,g)tαs, the transmission of decryption server A, B,
X } give local user.
S43、DecryptDU(CT′,κ):After local user receives { A, B, X }, B '=B is calculated first1/t=e (g, g)rs·
e(g,g)αs, xi=X mod mi,Then decryption restoration goes out data clear text:
S5, when there is user to be revoked, Cloud Server pass through more new algorithm Update (PK, C) renewal encryption file, input
System public key PK, ciphertext C, output renewal ciphertext C';
When there is user to be revoked, local user updates encryption file.
In concrete application, more new algorithm Update (PK, C):Such as to cancel user DUjWhen, data owner selects one
Random number z ' ∈ Zp, calculate
Wherein Li'=L '/mi,yi'=Li′-1mod mi.(R, X ') is sent to ESP by escape way.ESP renewals ciphertext is as follows:
Because X ' does not include DUjMj, so the user DU cancelledjZ ' can not be obtained by X ', therefore can not also be obtained
Data clear text.
Under mobile cloud environment, realize that the outsourcing encryption and decryption CP-ABE method systems of user revocation are as shown in Figure 2.The figure
It is made up of following six entity:Storage server (Storage Service Provider, SSP), encryption server
(Encryption Service Provider, ESP), decryption server (Decrypt Service Provider, DSP), number
According to owner (Data Owner, DO), user (Data User, DU), trust authority (Trust Authority, TA).
When data owner Alice will utilize a kind of revocable use disclosed by the invention by Cloud Server storage file M
The outsourcing encryption and decryption CP-ABE schemes at family, TA runtimes first establish algorithm, obtain systematic parameter PK={ G0,GT, g, H, h=
gβ,e(g,g)α, master key is MK=(β, gα);Then and by PK externally announce, and MK is preserved by TA is secret.Alice can be transported
Row AES EncryptDO(M, κ) is encrypted first to file M, and the file after encryption is added plus encryption server is passed to
Close server calls algorithm EncryptESP(PK,CTDO, Λ) and encryption obtains final ciphertext CT again for progress.As user Bob needs to access
This document, then TA uses these system public key PK and master key MK, according to user Bob attribute set, calls key schedule
KeyGen (PK, S, MK) is that Bob generates a private key SKBob,mBob.TA is easy to its transmitting SK by safe laneBob,mBobGive
Bob.When Bob needs to access file, random number t is selected to blind the private key SK of oneself firstBob, obtainAnd sendGive
Decryption server is decrypted, and obtains ciphertext A=e (g, g)rs, Bob recovers what key was decrypted to the end by random number t
Plaintext M.When needing to cancel user, Alice calls more new algorithm Update (PK, C) to be updated ciphertext.And if only if Bob quilts
During revocation, Alice is calculated
Wherein Li'=L '/mi,yi'=Li′-1mod mi.(R, X ') is sent to ESP by escape way.ESP updates ciphertext:Then Bob will be unable to that the ciphertext after renewal is decrypted, so as to cancel access rights of the Bob to file
Limit.And other users can be accessed normally, and need not more new key.
In summary, the present invention is in order to realize safely and effectively data sharing under mobile cloud environment, in order to meet that user drops
The equipment encryption overhead of low local user side finite energy, in the further progress outsourcing in the basis of outsourcing attribute base encryption and decryption
Encryption, and increase a function of supporting user's revocation, a kind of outsourcing encryption and decryption CP-ABE methods of user revocation are proposed, it is complete
It has been apt to user's dynamic management function for outsourcing encryption and decryption mechanism.The present invention is updated by local user to ciphertext, is realized
The authority of user is cancelled, but renewal ciphertext is simple, computing expense is relatively low;When there is user to be revoked, validated user need not
More new key, mitigate the burden of trust authority.Security Proof shows, proposed side is proved under Generalized Bilinear group model
Method is that non-self-adapting selects plaintext secure.Performance evaluation shows, compared with existing program, the present invention not only ensure that local light
The relatively low computational costs of equipment, and efficiency is cancelled with more efficient user, effectively realize the access rights control to user
System.
Above-described embodiment is the preferable embodiment of the present invention, but embodiments of the present invention are not by above-described embodiment
Limitation, other any Spirit Essences without departing from the present invention with made under principle change, modification, replacement, combine, simplification,
Equivalent substitute mode is should be, is included within protection scope of the present invention.
Claims (6)
1. a kind of outsourcing encryption and decryption CP-ABE methods of user revocation, it is characterised in that described outsourcing encryption and decryption CP-ABE
Method comprises the following steps:
Algorithm Setup (1 is established by systemλ), input security parameter 1λ, output system public key PK and master key MK;
By key schedule KeyGen (PK, S, MK), the attribute set S, system public key PK and master key MK of user are inputted,
Export the private key SK of user;
By AES Encrypt (PK, M, Λ) to file encryption, input system public key PK, plaintext M and access structure Λ,
Ciphertext C is exported, wherein, the ciphering process of file includes data owner's encryption and encryption server for encrypting, is that data are gathered around first
Data clear text is encrypted the person of having, and then gives encryption server ciphertext, and encryption server carries out attribute to ciphertext again
Encryption;
File is decrypted by decipherment algorithm Decrypt (C, SK) authorized user, inputs private key for user SK and its corresponding
Ciphertext C, if private key for user meets the access strategy output plaintext M of ciphertext, wherein, the decrypting process of file is decrypted including outsourcing
Decrypted with local user, decrypt server progress attribute base first and decrypt to obtain CTDO, then user is to CTDOSolved again
It is close, obtain data clear text;
When there is user to be revoked, local user updates encryption file by more new algorithm Update (PK, C), and input system is public
Key PK, ciphertext C, output renewal ciphertext C'.
2. the outsourcing encryption and decryption CP-ABE methods of user revocation according to claim 1, it is characterised in that described is
Algorithm Setup (1 is found in construction in a systematic wayλ) specific as follows:
If group G0And GTRank be prime P, g G0Generation member;
Bilinear map e:G0×G0→GT, safe hash function H:{0,1}→G0;
Assuming that system has k user, the attribute space of each user is S={ λ1,λ2,…,λn};
Trust authority selects two random number α, β ∈ Zp, then generating system public key is:PK={ G0,GT, g, H, h=gβ,e(g,g
)α, preserve master key:MK=(β, gα)。
3. the outsourcing encryption and decryption CP-ABE methods of user revocation according to claim 1, it is characterised in that described is close
Key generating algorithm KeyGen (PK, S, MK) is specific as follows:
To each user UtRandomly select a random number rt∈Zp(t=1,2 ..., k),Choose with
Machine number rj∈Zp, calculate private key:
<mrow>
<msub>
<mi>SK</mi>
<mi>t</mi>
</msub>
<mo>=</mo>
<mo><</mo>
<mi>D</mi>
<mo>=</mo>
<msup>
<mi>g</mi>
<mrow>
<mo>(</mo>
<mi>&alpha;</mi>
<mo>+</mo>
<msub>
<mi>r</mi>
<mi>t</mi>
</msub>
<mo>)</mo>
<mo>/</mo>
<mi>&beta;</mi>
</mrow>
</msup>
<mo>,</mo>
<mo>&ForAll;</mo>
<msub>
<mi>&lambda;</mi>
<mi>j</mi>
</msub>
<mo>&Element;</mo>
<mi>S</mi>
<mo>,</mo>
<mrow>
<mo>(</mo>
<mn>1</mn>
<mo>&le;</mo>
<mi>j</mi>
<mo>&le;</mo>
<mi>n</mi>
<mo>)</mo>
</mrow>
<mo>;</mo>
</mrow>
<mrow>
<msub>
<mi>D</mi>
<mi>j</mi>
</msub>
<mo>=</mo>
<msup>
<mi>g</mi>
<msub>
<mi>r</mi>
<mi>t</mi>
</msub>
</msup>
<mo>&times;</mo>
<mi>H</mi>
<msup>
<mrow>
<mo>(</mo>
<msub>
<mi>&lambda;</mi>
<mi>j</mi>
</msub>
<mo>)</mo>
</mrow>
<msub>
<mi>r</mi>
<mi>j</mi>
</msub>
</msup>
<mo>,</mo>
<msubsup>
<mi>D</mi>
<mi>j</mi>
<mo>&prime;</mo>
</msubsup>
<mo>=</mo>
<msup>
<mi>g</mi>
<msub>
<mi>r</mi>
<mi>j</mi>
</msub>
</msup>
<mo>></mo>
</mrow>
Select the m of prime number each other1,m2,…,mk(k >=2) are by (SKt,mt) by safe lane give each user Ut。
4. the outsourcing encryption and decryption CP-ABE methods of user revocation according to claim 1, it is characterised in that described adds
Close algorithm Encrypt (PK, M, Λ) is specific as follows:
It is that data clear text is encrypted data owner first, then gives encryption server ciphertext, encryption server is again
It is secondary that encryption attribute is carried out to ciphertext,
1)EncryptDO(M, κ):Data owner selects a random number z ∈ Zp, calculateL
=m1m2…mk,Wherein Li=L/mi,yi=Li -1modmi.Send (CTDO, X) and give encryption server;
2)EncryptESP(PK,CTDO,Λ):Encryption server receives CTDOAfter call the algorithm to be encrypted again, process is such as
Under:
Each leaf node represents an attribute in access control tree Λ, if kxIt is the threshold value of each node x in Λ,
It is d to randomly choose a rankx=kx- 1 multinomial qxWith a random number s ∈ Zp, for root node R, make qR(0)=s, it is other
Non- root node x causes
Assuming that Y is the set of all leaf nodes in Λ, then the ciphertext generated is:
<mrow>
<mtable>
<mtr>
<mtd>
<mrow>
<mi>C</mi>
<mi>T</mi>
<mo>=</mo>
<mo><</mo>
<mi>T</mi>
<mo>,</mo>
<mover>
<mi>C</mi>
<mo>~</mo>
</mover>
<mo>=</mo>
<msub>
<mi>CT</mi>
<mrow>
<mi>D</mi>
<mi>O</mi>
</mrow>
</msub>
<mo>&CenterDot;</mo>
<mi>e</mi>
<msup>
<mrow>
<mo>(</mo>
<mi>g</mi>
<mo>,</mo>
<mi>g</mi>
<mo>)</mo>
</mrow>
<mrow>
<mi>&alpha;</mi>
<mi>s</mi>
</mrow>
</msup>
<mo>,</mo>
<mi>C</mi>
<mo>=</mo>
<msup>
<mi>h</mi>
<mi>s</mi>
</msup>
<mo>,</mo>
<mo>&ForAll;</mo>
<mi>y</mi>
<mo>&Element;</mo>
<mi>Y</mi>
</mrow>
</mtd>
</mtr>
<mtr>
<mtd>
<mrow>
<mo>:</mo>
<msub>
<mi>C</mi>
<mi>y</mi>
</msub>
<mo>=</mo>
<msup>
<mi>g</mi>
<mrow>
<msub>
<mi>q</mi>
<mi>y</mi>
</msub>
<mrow>
<mo>(</mo>
<mn>0</mn>
<mo>)</mo>
</mrow>
</mrow>
</msup>
<mo>,</mo>
<msubsup>
<mi>C</mi>
<mi>y</mi>
<mo>&prime;</mo>
</msubsup>
<mo>=</mo>
<mi>H</mi>
<msup>
<mrow>
<mo>(</mo>
<msub>
<mi>&lambda;</mi>
<mi>y</mi>
</msub>
<mo>)</mo>
</mrow>
<mrow>
<msub>
<mi>q</mi>
<mi>y</mi>
</msub>
<mrow>
<mo>(</mo>
<mn>0</mn>
<mo>)</mo>
</mrow>
</mrow>
</msup>
<mo>></mo>
</mrow>
</mtd>
</mtr>
</mtable>
<mo>.</mo>
</mrow>
5. the outsourcing encryption and decryption CP-ABE methods of user revocation according to claim 1, it is characterised in that described solution
Close algorithm Decrypt (C, SK) is specific as follows:
Server progress attribute base is decrypted first to decrypt to obtain CTDO, then user is to CTDODecrypted again, it is bright to obtain data
Text, by inputting private key for user SK, and its corresponding ciphertext C, if user is illegal user, output decryption failure;Otherwise
Ciphertext can be decrypted using private key for validated user, and calculation expression is as follows:
1) local user selects a random number t ∈ ZpCalculateAnd the decruption key after blinding
<mrow>
<mover>
<mrow>
<mi>S</mi>
<mi>K</mi>
</mrow>
<mo>~</mo>
</mover>
<mo>=</mo>
<mo><</mo>
<msup>
<mi>D</mi>
<mo>&prime;</mo>
</msup>
<mo>=</mo>
<msup>
<mi>g</mi>
<mrow>
<mi>t</mi>
<mrow>
<mo>(</mo>
<mi>&alpha;</mi>
<mo>+</mo>
<msub>
<mi>r</mi>
<mi>t</mi>
</msub>
<mo>)</mo>
</mrow>
<mo>/</mo>
<mi>&beta;</mi>
</mrow>
</msup>
<mo>,</mo>
<mo>&ForAll;</mo>
<mi>j</mi>
<mo>&Element;</mo>
<mi>S</mi>
<mo>:</mo>
</mrow>
<mrow>
<msub>
<mi>D</mi>
<mi>j</mi>
</msub>
<mo>=</mo>
<msup>
<mi>g</mi>
<msub>
<mi>r</mi>
<mi>t</mi>
</msub>
</msup>
<mo>&times;</mo>
<mi>H</mi>
<msup>
<mrow>
<mo>(</mo>
<mi>j</mi>
<mo>)</mo>
</mrow>
<msub>
<mi>r</mi>
<mi>j</mi>
</msub>
</msup>
<mo>,</mo>
<msubsup>
<mi>D</mi>
<mi>j</mi>
<mo>&prime;</mo>
</msubsup>
<mo>=</mo>
<msup>
<mi>g</mi>
<msub>
<mi>r</mi>
<mi>j</mi>
</msub>
</msup>
<mo>></mo>
</mrow>
Give decryption server;
2)Decrypt server callsAttribute base decryption is carried out, it is decrypted
Process is as follows:
Define a recursive algorithmWherein y is the node for setting Λ, when y is leaf node, is performed as follows:
Wherein i represents node y attribute;
When y is not leaf node, recursive function is called to all y child nodes zOutput result is
Fz;Assuming that SyIt is to have kyIndividual y child nodes z set, if this set is not present, function returns to ⊥, and otherwise decrypting process is such as
Under:
<mrow>
<msub>
<mi>F</mi>
<mi>x</mi>
</msub>
<mo>=</mo>
<munder>
<mo>&Pi;</mo>
<mrow>
<mi>z</mi>
<mo>&Element;</mo>
<msub>
<mi>S</mi>
<mi>x</mi>
</msub>
</mrow>
</munder>
<msup>
<msub>
<mi>F</mi>
<mi>z</mi>
</msub>
<msub>
<mi>&Delta;</mi>
<mrow>
<mi>i</mi>
<mo>,</mo>
<msubsup>
<mi>S</mi>
<mi>x</mi>
<mo>&prime;</mo>
</msubsup>
<mrow>
<mo>(</mo>
<mn>0</mn>
<mo>)</mo>
</mrow>
</mrow>
</msub>
</msup>
<mo>=</mo>
<munder>
<mo>&Pi;</mo>
<mrow>
<mi>z</mi>
<mo>&Element;</mo>
<msub>
<mi>S</mi>
<mi>x</mi>
</msub>
</mrow>
</munder>
<msup>
<mrow>
<mo>(</mo>
<mi>e</mi>
<msup>
<mrow>
<mo>(</mo>
<mrow>
<mi>g</mi>
<mo>,</mo>
<mi>g</mi>
</mrow>
<mo>)</mo>
</mrow>
<mrow>
<mi>r</mi>
<mo>&CenterDot;</mo>
<msub>
<mi>q</mi>
<mi>z</mi>
</msub>
<mrow>
<mo>(</mo>
<mn>0</mn>
<mo>)</mo>
</mrow>
</mrow>
</msup>
<mo>)</mo>
</mrow>
<msub>
<mi>&Delta;</mi>
<mrow>
<mi>i</mi>
<mo>,</mo>
<msubsup>
<mi>S</mi>
<mi>x</mi>
<mo>&prime;</mo>
</msubsup>
<mrow>
<mo>(</mo>
<mn>0</mn>
<mo>)</mo>
</mrow>
</mrow>
</msub>
</msup>
</mrow>
<mfenced open = "" close = "">
<mtable>
<mtr>
<mtd>
<mrow>
<mo>=</mo>
<munder>
<mo>&Pi;</mo>
<mrow>
<mi>z</mi>
<mo>&Element;</mo>
<msub>
<mi>S</mi>
<mi>x</mi>
</msub>
</mrow>
</munder>
<msup>
<mrow>
<mo>(</mo>
<mi>e</mi>
<msup>
<mrow>
<mo>(</mo>
<mrow>
<mi>g</mi>
<mo>,</mo>
<mi>g</mi>
</mrow>
<mo>)</mo>
</mrow>
<mrow>
<mi>r</mi>
<mo>&CenterDot;</mo>
<msub>
<mi>q</mi>
<mrow>
<mi>p</mi>
<mi>a</mi>
<mi>r</mi>
<mi>e</mi>
<mi>n</mi>
<mi>t</mi>
<mrow>
<mo>(</mo>
<mi>z</mi>
<mo>)</mo>
</mrow>
</mrow>
</msub>
<mrow>
<mo>(</mo>
<mi>i</mi>
<mo>)</mo>
</mrow>
</mrow>
</msup>
<mo>)</mo>
</mrow>
<msub>
<mi>&Delta;</mi>
<mrow>
<mi>i</mi>
<mo>,</mo>
<msubsup>
<mi>S</mi>
<mi>x</mi>
<mo>&prime;</mo>
</msubsup>
<mrow>
<mo>(</mo>
<mn>0</mn>
<mo>)</mo>
</mrow>
</mrow>
</msub>
</msup>
</mrow>
</mtd>
</mtr>
<mtr>
<mtd>
<mrow>
<mo>=</mo>
<munder>
<mo>&Pi;</mo>
<mrow>
<mi>z</mi>
<mo>&Element;</mo>
<msub>
<mi>S</mi>
<mi>x</mi>
</msub>
</mrow>
</munder>
<msup>
<mrow>
<mo>(</mo>
<mi>e</mi>
<msup>
<mrow>
<mo>(</mo>
<mrow>
<mi>g</mi>
<mo>,</mo>
<mi>g</mi>
</mrow>
<mo>)</mo>
</mrow>
<mrow>
<mi>r</mi>
<mo>&CenterDot;</mo>
<msub>
<mi>q</mi>
<mi>y</mi>
</msub>
<mrow>
<mo>(</mo>
<mi>i</mi>
<mo>)</mo>
</mrow>
</mrow>
</msup>
<mo>)</mo>
</mrow>
<msub>
<mi>&Delta;</mi>
<mrow>
<mi>i</mi>
<mo>,</mo>
<msubsup>
<mi>S</mi>
<mi>x</mi>
<mo>&prime;</mo>
</msubsup>
<mrow>
<mo>(</mo>
<mn>0</mn>
<mo>)</mo>
</mrow>
</mrow>
</msub>
</msup>
</mrow>
</mtd>
</mtr>
<mtr>
<mtd>
<mrow>
<mo>=</mo>
<mi>e</mi>
<msup>
<mrow>
<mo>(</mo>
<mi>g</mi>
<mo>,</mo>
<mi>g</mi>
<mo>)</mo>
</mrow>
<mrow>
<msub>
<mi>rq</mi>
<mi>x</mi>
</msub>
<mrow>
<mo>(</mo>
<mn>0</mn>
<mo>)</mo>
</mrow>
</mrow>
</msup>
</mrow>
</mtd>
</mtr>
</mtable>
</mfenced>
Wherein i=index (z), S 'x={ index (z):z∈Sx,For Lagrange coefficient, such as
Fruit S meets access structure, then recursive algorithm returns to A=e (g, g)rs;
Calculate B=e (C, D ')=e (hs,gt(α+r)/β)=e (g, g)trs·e(g,g)tαs, decrypt server transmission { A, B, X } and give
Local user;
3)DecryptDU(CT′,κ):After local user receives { A, B, X }, B '=B is calculated first1/t=e (g, g)rs·e(g,g
)αs, xi=X mod mi,Then decryption restoration goes out data clear text:
<mrow>
<mi>M</mi>
<mo>=</mo>
<mi>H</mi>
<mrow>
<mo>(</mo>
<mi>z</mi>
<mo>)</mo>
</mrow>
<mo>&CirclePlus;</mo>
<mfrac>
<mover>
<mi>C</mi>
<mo>~</mo>
</mover>
<mrow>
<mo>(</mo>
<msup>
<mi>B</mi>
<mo>&prime;</mo>
</msup>
<mo>/</mo>
<mi>A</mi>
<mo>)</mo>
</mrow>
</mfrac>
<mo>.</mo>
</mrow>
6. the outsourcing encryption and decryption CP-ABE methods of user revocation according to claim 1, it is characterised in that it is described more
New algorithm Update (PK, C) is specific as follows:
Such as to cancel user DUjWhen, data owner selects a random number z ' ∈ Zp, calculateWherein L 'i=
L′/mi,(R, X ') is sent to ESP by escape way.ESP renewals ciphertext is as follows:
<mrow>
<msubsup>
<mi>CT</mi>
<mrow>
<mi>D</mi>
<mi>O</mi>
</mrow>
<mo>&prime;</mo>
</msubsup>
<mo>=</mo>
<msub>
<mi>CT</mi>
<mrow>
<mi>D</mi>
<mi>O</mi>
</mrow>
</msub>
<mo>&CirclePlus;</mo>
<mi>R</mi>
<mo>.</mo>
</mrow>
3
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710532044.2A CN107359986A (en) | 2017-07-03 | 2017-07-03 | The outsourcing encryption and decryption CP ABE methods of user revocation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710532044.2A CN107359986A (en) | 2017-07-03 | 2017-07-03 | The outsourcing encryption and decryption CP ABE methods of user revocation |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107359986A true CN107359986A (en) | 2017-11-17 |
Family
ID=60291999
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710532044.2A Pending CN107359986A (en) | 2017-07-03 | 2017-07-03 | The outsourcing encryption and decryption CP ABE methods of user revocation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107359986A (en) |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108055130A (en) * | 2017-12-27 | 2018-05-18 | 深圳技术大学(筹) | The ciphertext protection system of differentiation safety |
CN108200181A (en) * | 2018-01-11 | 2018-06-22 | 中国人民解放军战略支援部队信息工程大学 | A kind of revocable attribute-based encryption system and method towards cloud storage |
CN108540280A (en) * | 2018-02-09 | 2018-09-14 | 上海交通大学 | A kind of the secure data sharing method and system of resource high-efficiency |
CN108632248A (en) * | 2018-03-22 | 2018-10-09 | 平安科技(深圳)有限公司 | Data ciphering method, data query method, apparatus, equipment and storage medium |
CN108763944A (en) * | 2018-05-31 | 2018-11-06 | 金华航大北斗应用技术有限公司 | Multicenter large attribute Domain Properties base encryption method can be revoked safely in calculating in mist |
CN108880801A (en) * | 2018-07-09 | 2018-11-23 | 西南交通大学 | The distributed nature base encryption method of fine granularity attribute revocation is supported on a kind of lattice |
CN110247767A (en) * | 2019-06-28 | 2019-09-17 | 北京工业大学 | Voidable attribute base outsourcing encryption method in mist calculating |
CN110474873A (en) * | 2019-07-09 | 2019-11-19 | 杭州电子科技大学 | It is a kind of based on know range encryption electronic document access control method and system |
CN110855613A (en) * | 2019-10-12 | 2020-02-28 | 湖南大学 | Outsourcing revocation method and system in attribute-based encryption system |
CN111130767A (en) * | 2019-11-30 | 2020-05-08 | 西安电子科技大学 | Attribute-based secure communication method for Internet of things capable of verifying outsourcing and revoking |
CN111698085A (en) * | 2020-06-08 | 2020-09-22 | 南京工业大学 | CP-ABE decryption outsourcing |
CN111726363A (en) * | 2020-06-24 | 2020-09-29 | 暨南大学 | Attribute-based multi-user connection keyword searchable encryption method |
CN111970296A (en) * | 2020-08-25 | 2020-11-20 | 福建师范大学 | Efficient file hierarchical attribute-based encryption method and system |
CN112866301A (en) * | 2021-04-25 | 2021-05-28 | 南京联成科技发展股份有限公司 | Encryption method for transmitting data from control center to centralized control |
CN113489690A (en) * | 2021-06-22 | 2021-10-08 | 暨南大学 | On-line/off-line outsourcing data integrity auditing method with strong resistance to key exposure |
CN113761592A (en) * | 2021-08-18 | 2021-12-07 | 淮阴工学院 | Fuzzy identity-based data integrity detection method in cloud storage |
CN113824558A (en) * | 2021-09-23 | 2021-12-21 | 上海同态信息科技有限责任公司 | Authority management and control algorithm with one-time authorization capability |
CN113872984A (en) * | 2021-10-13 | 2021-12-31 | 苏州兆晶智能科技有限公司 | Encryption and decryption method for block chain chip state encryption algorithm |
CN114205379A (en) * | 2021-11-26 | 2022-03-18 | 江苏大学 | CP-ABE outsourcing decryption result reusing method based on NDN |
CN114362924A (en) * | 2020-09-29 | 2022-04-15 | 湖南大学 | CP-ABE-based system and method for supporting flexible revocation and verifiable ciphertext authorization |
CN116318647A (en) * | 2022-12-15 | 2023-06-23 | 杭州后量子密码科技有限公司 | CP-ABE outsourcing decryption method and device with homomorphic characteristic |
CN117857033A (en) * | 2024-01-09 | 2024-04-09 | 山东大学 | LKH-based method and system for flexibly revoking CP-ABE of user by outsourcing encryption and decryption |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070300067A1 (en) * | 2006-06-03 | 2007-12-27 | Roselyn, Llc | Notice of Revocation System for Revocable or Modifiable Documents |
CN105871551A (en) * | 2016-06-22 | 2016-08-17 | 江苏迪纳数字科技股份有限公司 | User access cancelling control method based on agent re-encryption |
US20160308862A1 (en) * | 2015-04-15 | 2016-10-20 | Authentify, Inc. | Anonymous authentication and remote wireless token access |
CN106788988A (en) * | 2016-11-28 | 2017-05-31 | 暨南大学 | Voidable key polymerization encryption method under cloud environment |
-
2017
- 2017-07-03 CN CN201710532044.2A patent/CN107359986A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070300067A1 (en) * | 2006-06-03 | 2007-12-27 | Roselyn, Llc | Notice of Revocation System for Revocable or Modifiable Documents |
US20160308862A1 (en) * | 2015-04-15 | 2016-10-20 | Authentify, Inc. | Anonymous authentication and remote wireless token access |
CN105871551A (en) * | 2016-06-22 | 2016-08-17 | 江苏迪纳数字科技股份有限公司 | User access cancelling control method based on agent re-encryption |
CN106788988A (en) * | 2016-11-28 | 2017-05-31 | 暨南大学 | Voidable key polymerization encryption method under cloud environment |
Cited By (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108055130A (en) * | 2017-12-27 | 2018-05-18 | 深圳技术大学(筹) | The ciphertext protection system of differentiation safety |
WO2019127912A1 (en) * | 2017-12-27 | 2019-07-04 | 深圳技术大学(筹) | Differential security ciphertext protection system |
CN108200181A (en) * | 2018-01-11 | 2018-06-22 | 中国人民解放军战略支援部队信息工程大学 | A kind of revocable attribute-based encryption system and method towards cloud storage |
CN108200181B (en) * | 2018-01-11 | 2021-03-19 | 中国人民解放军战略支援部队信息工程大学 | Cloud storage oriented revocable attribute-based encryption system and method |
CN108540280A (en) * | 2018-02-09 | 2018-09-14 | 上海交通大学 | A kind of the secure data sharing method and system of resource high-efficiency |
WO2019178958A1 (en) * | 2018-03-22 | 2019-09-26 | 平安科技(深圳)有限公司 | Data encryption method, data query method, data encryption apparatus, data query apparatus, device and storage medium |
CN108632248A (en) * | 2018-03-22 | 2018-10-09 | 平安科技(深圳)有限公司 | Data ciphering method, data query method, apparatus, equipment and storage medium |
CN108763944A (en) * | 2018-05-31 | 2018-11-06 | 金华航大北斗应用技术有限公司 | Multicenter large attribute Domain Properties base encryption method can be revoked safely in calculating in mist |
CN108880801A (en) * | 2018-07-09 | 2018-11-23 | 西南交通大学 | The distributed nature base encryption method of fine granularity attribute revocation is supported on a kind of lattice |
CN108880801B (en) * | 2018-07-09 | 2020-11-27 | 西南交通大学 | Distributed attribute-based encryption method for supporting fine-grained attribute revocation in lattice manner |
CN110247767A (en) * | 2019-06-28 | 2019-09-17 | 北京工业大学 | Voidable attribute base outsourcing encryption method in mist calculating |
CN110474873A (en) * | 2019-07-09 | 2019-11-19 | 杭州电子科技大学 | It is a kind of based on know range encryption electronic document access control method and system |
CN110474873B (en) * | 2019-07-09 | 2021-06-29 | 杭州电子科技大学 | Electronic file access control method and system based on knowledge range encryption |
CN110855613A (en) * | 2019-10-12 | 2020-02-28 | 湖南大学 | Outsourcing revocation method and system in attribute-based encryption system |
CN111130767A (en) * | 2019-11-30 | 2020-05-08 | 西安电子科技大学 | Attribute-based secure communication method for Internet of things capable of verifying outsourcing and revoking |
CN111698085A (en) * | 2020-06-08 | 2020-09-22 | 南京工业大学 | CP-ABE decryption outsourcing |
CN111726363A (en) * | 2020-06-24 | 2020-09-29 | 暨南大学 | Attribute-based multi-user connection keyword searchable encryption method |
CN111970296A (en) * | 2020-08-25 | 2020-11-20 | 福建师范大学 | Efficient file hierarchical attribute-based encryption method and system |
CN114362924A (en) * | 2020-09-29 | 2022-04-15 | 湖南大学 | CP-ABE-based system and method for supporting flexible revocation and verifiable ciphertext authorization |
CN112866301A (en) * | 2021-04-25 | 2021-05-28 | 南京联成科技发展股份有限公司 | Encryption method for transmitting data from control center to centralized control |
CN113489690A (en) * | 2021-06-22 | 2021-10-08 | 暨南大学 | On-line/off-line outsourcing data integrity auditing method with strong resistance to key exposure |
CN113489690B (en) * | 2021-06-22 | 2023-04-07 | 暨南大学 | On-line/off-line outsourcing data integrity auditing method with strong resistance to key exposure |
CN113761592A (en) * | 2021-08-18 | 2021-12-07 | 淮阴工学院 | Fuzzy identity-based data integrity detection method in cloud storage |
CN113761592B (en) * | 2021-08-18 | 2024-02-23 | 淮阴工学院 | Fuzzy identity-based data integrity detection method in cloud storage |
CN113824558A (en) * | 2021-09-23 | 2021-12-21 | 上海同态信息科技有限责任公司 | Authority management and control algorithm with one-time authorization capability |
CN113872984A (en) * | 2021-10-13 | 2021-12-31 | 苏州兆晶智能科技有限公司 | Encryption and decryption method for block chain chip state encryption algorithm |
CN114205379A (en) * | 2021-11-26 | 2022-03-18 | 江苏大学 | CP-ABE outsourcing decryption result reusing method based on NDN |
CN116318647A (en) * | 2022-12-15 | 2023-06-23 | 杭州后量子密码科技有限公司 | CP-ABE outsourcing decryption method and device with homomorphic characteristic |
CN116318647B (en) * | 2022-12-15 | 2023-12-29 | 杭州后量子密码科技有限公司 | CP-ABE outsourcing decryption method and device with homomorphic characteristic |
CN117857033A (en) * | 2024-01-09 | 2024-04-09 | 山东大学 | LKH-based method and system for flexibly revoking CP-ABE of user by outsourcing encryption and decryption |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107359986A (en) | The outsourcing encryption and decryption CP ABE methods of user revocation | |
CN104113408B (en) | It is a kind of realize the revocation of timely user property based on ciphertext policy ABE encryption method | |
CN108881314B (en) | Privacy protection method and system based on CP-ABE ciphertext under fog computing environment | |
Ali et al. | Lightweight revocable hierarchical attribute-based encryption for internet of things | |
CN103957109B (en) | A kind of cloud data-privacy protects safe re-encryption method | |
CN104158880B (en) | User-end cloud data sharing solution | |
JP6115573B2 (en) | Cryptographic system, data storage system, and apparatus and method used therefor | |
CN103179114A (en) | Fine-grained access control method for data in cloud storage | |
CN102655508A (en) | Method for protecting privacy data of users in cloud environment | |
CN105933345B (en) | It is a kind of that outsourcing attribute base encryption method can verify that based on linear privacy sharing | |
CN106788988B (en) | Voidable key polymerize encryption method under cloud environment | |
CN106612271A (en) | Encryption and access control method for cloud storage | |
CN106059768A (en) | Encryption system and method for resisting re-encryption key leakage and capable of cancelling attributes | |
CN109617855B (en) | File sharing method, device, equipment and medium based on CP-ABE layered access control | |
Zhang et al. | Efficient compressed ciphertext length scheme using multi-authority CP-ABE for hierarchical attributes | |
CN107426162A (en) | A kind of method based on attribute base encryption Implement Core mutual role help | |
Zhang et al. | Efficient and privacy-aware attribute-based data sharing in mobile cloud computing | |
Liu et al. | Dynamic attribute-based access control in cloud storage systems | |
Wang et al. | Multi-authority based weighted attribute encryption scheme in cloud computing | |
CN104935588B (en) | A kind of hierarchical encryption management method of safe cloud storage system | |
Singh et al. | Fuzzy elliptic curve cryptography based cipher text policy attribute based encryption for cloud security | |
CN113055164A (en) | Cipher text strategy attribute encryption algorithm based on state cipher | |
WO2019127912A1 (en) | Differential security ciphertext protection system | |
CN110098926A (en) | One attribute cancelling method | |
CN111698085A (en) | CP-ABE decryption outsourcing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20171117 |
|
WD01 | Invention patent application deemed withdrawn after publication |