CN107566386A - A kind of voidable attribute base encryption method - Google Patents

A kind of voidable attribute base encryption method Download PDF

Info

Publication number
CN107566386A
CN107566386A CN201710827319.5A CN201710827319A CN107566386A CN 107566386 A CN107566386 A CN 107566386A CN 201710827319 A CN201710827319 A CN 201710827319A CN 107566386 A CN107566386 A CN 107566386A
Authority
CN
China
Prior art keywords
mrow
msub
msup
user
attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710827319.5A
Other languages
Chinese (zh)
Inventor
蒋雁梅
韩德志
毕坤
王军
田秋亭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Maritime University
Original Assignee
Shanghai Maritime University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Maritime University filed Critical Shanghai Maritime University
Priority to CN201710827319.5A priority Critical patent/CN107566386A/en
Publication of CN107566386A publication Critical patent/CN107566386A/en
Pending legal-status Critical Current

Links

Landscapes

  • Medicines Containing Antibodies Or Antigens For Use As Internal Diagnostic Agents (AREA)

Abstract

A kind of voidable attribute base encryption method, it is that system generates Your Majesty's key and master key by trusted certificate authority, the user property registered to needs carries out checking and generated to give properties user mass-sending corresponding to each attribute to data management server after corresponding private key.Data management server is that each user generates corresponding KEK binary trees, distribute attribute group cipher, ciphertext after being encrypted to data owner carries out re-encryption, user is sent it to after the data of user are received using request, if trusted certificate authority, which receives user property group, needs the request updated, can be upgraded in time user property group, and the user list after renewal is notified to data management server, be executed by it the key updating of user property group.And if only if, and user is not revoked out attribute group, and is endowed authority and can be decrypted.The invention not only realizes the flexible expression of access strategy, and has good autgmentability and practicality, it is ensured that encryption data it is front and rear to security.

Description

A kind of voidable attribute base encryption method
Technical field
The present invention relates to network file encryption, specifically a kind of voidable attribute base encryption method.
Background technology
In recent years, in face of mass users, key abuse is always the problem for threatening privacy of user and encryption data safety.One Encipherment scheme before the property set encipherment scheme of kind support fine granularity attribute revocation is compared has more advantages:One side number Only need the user for according to encryption attribute message, only meeting ciphertext attribute specification to decrypt message according to owner, reduce number According to encryption overhead and protect privacy of user;On the other hand by attribute with or, that non-sum thresholding operation realizes attribute is flexible Fine-granularity access control strategy, also ensure that the confidentiality of encryption data.
The comprehensive advantage of this method is on existing attribute base encipherment scheme, and encryption method is modified, is each User generates a random number and is used for realizing the revocation of attribute at random, and the generation for providing key ciphertext undated parameter is calculated Method.However, traditional access control method has limitation under cloud computing environment.For example need trusted entity and implement to access control System strategy, and third party is no longer credible, it may be individually or by colluding with certain disabled user come the data of unauthorized access user.When When cancelling the authority of some user, it may be desirable to which data owner carries out re-encryption to the ciphertext being related to, and updates user's category Property key, if authority revocation is frequent, burden will be very big.
In order to solve the problem of the access control based on ciphertext under cloud environment, it is credible to be used as half by data management server Third party's dissemination system public key and master key, distribute a random number for each user and realize that attribute cancels.Based on binary tree On the basis of, by distributing KEK binary trees to validated user, unique path key is formed, by data owner to ciphertext The re-encryption of encipherment protection and data management server to user property and information.Ensure that only possess access rights and not by The user of revocation attribute could decrypt the data message of encryption.If unrepealed user fails the attribute that upgrades in time, cannot Timely ciphertext data, realizes resistance against colluders, meets chosen -plain attact.And it is current realize attribute cancel in time into The also rare document report of the fine-granularity access control of row data.
The content of the invention
A kind of voidable attribute base encryption method provided by the invention, the work load of trusted certificate authority, is effectively carried High scheme efficiency, meet the demand of resistance against colluders, it is ensured that the confidentiality of encryption data, before realizing encryption data Backward security.
In order to achieve the above object, the present invention provides a kind of voidable attribute base encryption method, and the algorithm includes following Step:
Step 1, system initialization:Setup (k) algorithm is performed by trusted certificate authority, public key pk is announced and preserves main close Key mk;
Described trusted certificate authority refer to by user completely being trusted it is main be responsible for system generation Your Majesty's key and Master key, for the authoritative institution of user's generation, distribution, revocation and Update attribute private key;
Step 2, trusted certificate authority generation private key for user:Trusted certificate authority carries out attribute to the user of application for registration and tested Card, and be that each user generates corresponding private key by KeyGen algorithms, then properties user corresponding to each attribute is mass-sended Give data management server;
Described properties user group refers to the set for all users for possessing same alike result;
Described data management server refers to offer data wrapped steel joint service, and control external user is visited data Ask and the cloud provider of related service is provided;
Step 3, data management server distribution attribute group cipher:After data management server receives properties user group, it is Each user in customer group generates corresponding KEK binary trees, and distributes attribute group cipher for user;
Described KEK binary trees refer to the binary tree based on user, can be close for being provided for the unrevoked user of attribute Key fresh information, unrevoked user updates oneself corresponding private key according to key updating information, and then realizes decryption;
Step 4, data owner's encryption data:Data owner is based on Attribute domain and specifies to access a tree, passes through Message is encrypted Encrypt algorithms;
Gather in the domain that described Attribute domain refers to be made up of attribute;
Described access tree refers to realize encryption key distribution to being used as child nodes user by constructing tree structure;
Step 5, data management server are to data ciphertext re-encryption:After data management server receives data ciphertext, base Re-encryption is carried out to data ciphertext in properties user group, the access control of user class is performed, using data re-encryption algorithm ReEncrypt;
Step 6, user's ciphertext data:After user receives data, as long as not being revoked out attribute group, and power is awarded Limit, attribute group cipher can be decrypted from header, even if user fails the key of real-time update oneself, is then inputted at any time The attribute list of oneself performs Decrypt algorithm ciphertext data information;
Described header refers to that data management server uses the information of symmetric encryption method generation;
Step 7, trusted certificate authority are when receiving user property renewal request, Update attribute customer group, and by renewal User list is notified to data management server, performs the renewal of attribute group cipher by data management server, user needs to access During data, what is received is exactly the data message after renewal.
(1) in step 1, the calculation formula of trusted certificate authority execution Setup (k) algorithm announcement Your Majesty's key is:
1. choose a Bilinear Groups G0With bilinear map e:
G0×G0→G1 (1)
2. calculate:Tj=gtj(1≤j≤n), y=e (g, g)α (2)
3. announce public key:Pk=(e, g, y, Tj(1≤j≤n)) (3)
Trusted certificate authority preserves master key:Mk=(α, tj(1≤j≤n)) (4)
Wherein, k represents security parameter, G0, G1The cyclic group that its rank is prime number p is represented, g represents G0Generation member, what mk referred to It is master key, pk refers to Your Majesty's key, what α was randomly generated, y, TjIt is to be calculated by above formula, t1, t2, tn∈Zp *
(2) in step 2, the calculation formula that certification authority is verified to the attribute of user is:
1. choose unique r ∈ Z at random for each userp *, calculate:d0=gα-r (5)
2. to each attribute αj∈ ω, calculate:
3. corresponding private key is sent to each user:
Wherein d0, djIt is that gained is calculated by formula, represents a part for private key, skωRefer to the attribute private key of user, ω Refer to attribute set.
Then certification authority is by each attribute αjProperties user group U corresponding to ∈ ωjData management server is sent to, its Middle UjRefer to including α simultaneouslyjThe set of the user of attribute.
(3) in step 3, it is each user in properties user group U after data management server receives properties user group Corresponding KEK binary trees are generated, then distribute attribute group cipher for each user, specific construction process is:
1. each member is distributed on the leaf node of binary tree, for node v all in treejAll random generation one Individual key KEK, is designated as KEKj
Its interior joint vjRefer to representing a node in the tree-model of construction;
2. each leaf node is referred to as path node, the key set representated by path node to the node that root node is passed through It is each user u to closet∈ U exclusive path key, is designated as PKt.Such as user u in binary tree2The path key stored is PK2={ KEK9, KEK4, KEK2, KEK1}。
3. for each Uj, a corresponding minimum vertex-covering member be present, it can cover all and UjIn member corresponding to Leafy node, remember UjMinimum vertex-covering member be KEK (Uj)。
(4) in step 4, data owner is based on Attribute domain and specifies an access tree T, passes through Encrypt (m, T, pk) Message m is encrypted algorithm, and specific calculation formula is:
1. first layer is encrypted:Calculate:c0=gs, c1=mys=me (g, g)as (8)
Wherein T represent be construction the access tree-model specified, s be choose random number, s ∈ Zp *
2. the second layer is encrypted:It is value s to be shared to set and access the value for setting T root nodes, and root node is set to and distributed, its All child nodes perform following recursive algorithm labeled as unallocated, to each unappropriated non-leaf nodes, if identifier For ∧, and its child nodes are assigned to child nodes labeled as unallocated using mould plus mechanism.Each child nodes are assigned One random number si(1≤si≤ p-1), the value of last child nodes is:
These nodes are marked to have distributed;If ∨ is identified as, and its child nodes are labeled as unallocated.
Wherein s represents the child nodes set, and flag node is has distributed, p represents the maximum upper limit reached, siRepresent The random number of each child nodes distribution.
3. to each leaf node αj, (Y represents to access the set of tree T leaf node, Y i ∈ YRepresent the t- of ∧ nodes 1 child's leaf node set, YChild's leaf node of ∨ nodes is represented, i is represented to access in tree corresponding to leaf node Index value, calculatecJ, iRepresent the ciphertext corresponding to each leaf node).
4. return to ciphertextData owner is safely outsourced by this ciphertext To data management server.
(5) in steps of 5, after data management server receives data ciphertext, using data re-encryption algorithm ReEncrypt (cT, U), specific process is as follows:
1. for arbitrary Uj∈ U, calculate:
Then ciphertextWherein kj∈ZP *It is randomly selected, cJ, i' represent Leaf node after encryption.
2. generate header:
Wherein Hdr represents the head message of generation, EK(x) represent to carry out symmetric cryptography to plaintext x using key K, most simply Implementation method be to use a kind of block cipher EK:{ 0,1 }k→ { 0,1 }k, K expression keys, wherein k is key K length.
Attribute group cipher is sent to effective user by this method, data management server receives what user sent After data are using request, by (Hdr, cτ') it is sent to user.
(6) in step 6, after user receives data message, if attribute group is not revoked out, and granted permission, The decryption of attribute group cipher and message decryption can mainly be included to decrypt attribute group cipher.
1. attribute group cipher, calculation formula corresponding to all properties are in decryption properties ω first:
kj={ DK(ckj)}K∈PKt (12)
Wherein, user ut∈Uj, kjAttribute group cipher is referred to, K represents key, PKtThe public key of user is represented, D represents solution Close algorithm;;
The calculation formula that user updates the private key of oneself by attribute group cipher is:
2. user inputs the attribute list ω=(α of oneself1, α1, L, αk), perform Decrypt (cτ', skω, pk) and algorithm, Calculate message formula be:
Wherein d0, djRefer to calculating gained by formula in above key generation process, turn into the part of private key, L be with Machine generation,Each attribute αj∈ω′;
(7) in step 7, as user property UfWhen changing, data management server Update attribute key, calculate public Formula is:
Then new ciphertext isThe new head letter of generation Breath:
Wherein,It is that data management server is randomly selected,cτ' it is change Ciphertext afterwards.
(8) in step 7, when user needs to access data, that receive is (Hdr, the c after renewalτ′).Work as revocation Event occur when, user decrypts attribute group cipher first, and updates the private key of oneself, secondly according to above-mentioned formula (12), (13), (14), (15), (16) are entered row information decryption and calculated, by c1Use c1' replace solution to can obtain final decrypted result.When When the user that attribute is revoked can not obtain key updating key, message m can not be just recovered.
The present invention has advantages below and effect:
1st, reduce the work load of the third-party institution, effectively increase operating efficiency.In attribute base ciphering process, solution Close process frequently involves substantial amounts of Bilinear map and module exponent computing.This programme is taken by means of the powerful data management of computing capability Business device performs calculating task, and re-encryption is carried out to the set of properties of user, and decruption key is divided into set of properties decryption and message decryption, Decruption key and the privacy of clear-text message can be ensured, and greatly alleviate the computation burden of user, and can be external The result that bag calculates is verified.Therefore, reduce the computation burden of terminal user, improve the operating efficiency of scheme.
2nd, the demand of resistance against colluders is met.If the attribute set of multiple users is all unsatisfactory for ciphertext access structure, But it can not still be decrypted when combining between user.When trusted certificate authority is that each user generates key, by choosing random number Carry out randomized user private key.During encryption, encryption exponent is embedded in different ciphertext fragments, even if multiple disabled users close Scheme, and jointly owned attribute set meets the access structure of ciphertext, but random number difference can not still crack ciphertext.Therefore, Meet the demand of resistance against colluders.
3rd, it ensure that the confidentiality of encryption data.Scheme uses linear privacy sharing mechanism, according to the property linearly recombinated, If the attribute set of user is unsatisfactory for the access structure of ciphertext, then user can not just decrypt the close of renewal oneself in decrypting process Key, so can not just decrypt ciphertext.Therefore, which ensure that the confidentiality of encryption data.
4th, the preceding backward security of encryption data is realized.When the attribute of a certain ciphertext access structure of user is revoked, accordingly Attribute group change, data management server will Update attribute group cipher, user can not just recover what is be randomized Message is so as to decrypt ciphertext, it is thereby achieved that the forward secrecy of encryption data;Meet that ciphertext is visited when user newly adds one The attribute of structure is asked, data management server carries out attribute group cipher renewal, chooses random number again and carries out re-encryption, and newly uses Family can not obtain before random number therefore the ciphertext before can not decrypting.It is thereby achieved that the backward security of encryption data.
Brief description of the drawings
Fig. 1 is the flow chart of the present invention.
Embodiment
Below according to Fig. 1, presently preferred embodiments of the present invention is illustrated.
As shown in figure 1, the present invention provides a kind of voidable attribute base encryption method, the method includes the steps of:
Step 1, system initialization:Setup (k) algorithm is performed by trusted certificate authority, public key pk is announced and preserves main close Key mk;
Described trusted certificate authority refer to by user completely being trusted it is main be responsible for system generation Your Majesty's key and Master key, for the authoritative institution of user's generation, distribution, revocation and Update attribute private key;
Step 2, trusted certificate authority generation private key for user:Trusted certificate authority carries out attribute to the user of application for registration and tested Card, and be that each user generates corresponding private key by KeyGen algorithms, then properties user corresponding to each attribute is mass-sended Give data management server;
Described properties user group refers to the set for all users for possessing same alike result;
Described data management server refers to offer data wrapped steel joint service, and control external user is visited data Ask and the cloud provider of related service is provided;
Step 3, data management server distribution attribute group cipher:After data management server receives properties user group, it is Each user in customer group generates corresponding KEK binary trees, and distributes attribute group cipher for user;
Described KEK binary trees refer to the binary tree based on user, can be close for being provided for the unrevoked user of attribute Key fresh information, unrevoked user updates oneself corresponding private key according to key updating information, and then realizes decryption;
Step 4, data owner's encryption data:Data owner is based on Attribute domain and specifies to access a tree, passes through Message is encrypted Encrypt algorithms;
Described Attribute domain refers to a domain being made up of attribute;
Described access tree refers to realize encryption key distribution to being used as child nodes user by constructing tree structure;
Step 5, data management server are to data ciphertext re-encryption:After data management server receives data ciphertext, base Re-encryption is carried out to data ciphertext in properties user group, the access control of user class is performed, using data re-encryption algorithm ReEncrypt;
Step 6, user's ciphertext data:After user receives data, as long as not being revoked out attribute group, and power is awarded Limit, attribute group cipher can be decrypted from header, even if user fails the key of real-time update oneself, is then inputted at any time The attribute list of oneself performs Decrypt algorithm ciphertext data information;
Described header refers to that data management server uses the information of symmetric encryption method generation;
Step 7, trusted certificate authority are when receiving user property renewal request, Update attribute customer group, and by renewal User list is notified to data management server, performs the renewal of attribute group cipher by data management server, user needs to access During data, what is received is exactly the data message after renewal.
Below this method is illustrated with an example.
It is assumed that before being cancelled at present to scheme proposed by the present invention and traditional support attribute but cannot be guaranteed encryption data To the attribute base encipherment scheme of security, the two updates the efficiency feelings for comparing two schemes in size and decryption expense from ciphertext Condition is as shown in Table 1 and Table 2:(wherein make G0Represent G0In computing, G1Represent G1In computing, CeRepresent GTOn bilinearity match somebody with somebody It is right, | I | represent the attribute number for meeting ciphertext access structure)
Ciphertext renewal size and decryption expense when table 1 cancels without attribute
Scheme Ciphertext updates size Decrypt expense
Traditional scheme (2+2I)G0 (2|I|+2)Ce
The present invention program 0 (2|I|+1)Ce
Ciphertext renewal size and decryption expense when table 2 has attribute revocation
Scheme Ciphertext updates size Decrypt expense
Traditional scheme (2+2I)G0 (2|I|+2)Ce
The present invention program 3G0+G1 (2|I|+2)Ce
Table 1 is in the case where no user attribute cancels, and compared with traditional scheme, this programme need not carry out ciphertext renewal and solution Close expense reduces by 1 G1On Bilinear Pairing computing, effectively increase scheme efficiency.Table 2 when there is user property revocation, with Traditional scheme is compared, and this paper schemes ciphertext renewal size is relatively fewer, alleviates the work load of data management server, effectively Ground improves the efficiency of scheme.
Although present disclosure is discussed in detail by examples detailed above, but it should be appreciated that the description above is not It is considered as limitation of the present invention.After those skilled in the art have read the above, a variety of for the present invention repair Change and substitute and all will be apparent.Therefore, protection scope of the present invention should be limited to the appended claims.

Claims (1)

1. a kind of voidable attribute base encryption method, it is characterised in that this method comprises the following steps:
Step 1, system initialization:Setup (k) algorithm is performed by trusted certificate authority, public key pk is announced and preserves master key mk, Trusted certificate authority perform Setup (k) algorithm announce Your Majesty's key calculation formula be:
1. choose a Bilinear Groups G0With bilinear map e:
G0×G0→G1 (1)
2. calculate:
3. announce public key:Pk=(e, g, y, Tj(1≤j≤n)) (3)
Trusted certificate authority preserves master key:Mk=(α, tj(1≤j≤n)) (4)
Wherein, k represents security parameter, G0, G1The cyclic group that its rank is prime number p is represented, g represents G0Generation member, mk refers to leading Key, pk refer to Your Majesty's key, what α was randomly generated, y, TjIt is to be calculated by above formula, t1, t2, tn∈Zp *
The main system that is responsible for that described trusted certificate authority refers to by user completely to be trusted generates Your Majesty's key and led close Key, for the authoritative institution of user's generation, distribution, revocation and Update attribute private key;
Step 2, trusted certificate authority generation private key for user:Trusted certificate authority carries out attribute checking to the user of application for registration, And corresponding private key is generated for each user by KeyGen algorithms, then properties user mass-sending corresponding to each attribute is given Data management server, the calculation formula that certification authority is verified to the attribute of user are:
1. choose unique r ∈ Z at random for each userp *, calculate:d0=gα-r (5)
2. to each attribute αj∈ ω, calculate:
3. corresponding private key is sent to each user:
Wherein d0, djIt is that gained is calculated by formula, represents a part for private key, user's number here is far smaller than the big of selection Prime number p, αjRepresent each property value corresponding to the user of generating random number, skωThe attribute private key of user is referred to, ω is referred to Attribute set;
Then certification authority is by each attribute αjProperties user group U corresponding to ∈ ωjIt is sent to data management server, wherein Uj Refer to including α simultaneouslyjAll users set of attribute;
Described properties user group refers to the set for all users for possessing same alike result;
Described data management server refers to offer data wrapped steel joint service, and control external user conducts interviews simultaneously to data The cloud provider of related service is provided;
Step 3, data management server distribution attribute group cipher:It is user after data management server receives properties user group Each user in group generates corresponding KEK binary trees, and distributes attribute group cipher for user, and specific construction process is:
1. each member is distributed on the leaf node of binary tree, for node v all in treejAll random generation one is close Key KEK, is designated as KEKj
Its interior joint vjRefer to representing a node in the tree-model of construction;
2. each leaf node is referred to as path node to the node that root node is passed through, the cipher key sets representated by path node are For each user ut∈ U exclusive path key, is designated as PKt;Such as user u in binary tree2The path key stored is PK2= {KEK9, KEK4, KEK2, KEK1};
3. for each Uj, a corresponding minimum vertex-covering member be present, it can cover all and UjIn member corresponding to leaf Node, remember UjMinimum vertex-covering member be KEK (Uj);
Described KEK binary trees refer to the binary tree based on user, can be used for providing key more for the unrevoked user of attribute Fresh information, unrevoked user updates oneself corresponding private key according to key updating information, and then realizes decryption;
Step 4, data owner's encryption data:Data owner is based on Attribute domain and specifies to access a tree T, passes through Encrypt Message m is encrypted (m, T, pk) algorithm, and specific calculation formula is:
1. first layer is encrypted:Calculate:c0=gs, c1=mys=me (g, g)as (8)
Wherein s is the random number chosen, and m refers to message, and T refers to the access tree of construction, s ∈ Zp *
2. the second layer is encrypted:It is value s to be shared to set and access the value for setting T root nodes, and root node is set to and distributed, it is all Child nodes perform following recursive algorithm labeled as unallocated, to each unappropriated non-leaf nodes, if identifier is ∧, And its child nodes are assigned to child nodes labeled as unallocated using mould plus mechanism, one is assigned to each child nodes Random number si(1≤si≤ p-1), the value of last child nodes is:
<mrow> <msub> <mi>s</mi> <mi>t</mi> </msub> <mo>=</mo> <mi>s</mi> <mo>-</mo> <msubsup> <mi>&amp;Sigma;</mi> <mrow> <mi>i</mi> <mo>=</mo> <mn>1</mn> </mrow> <mrow> <mi>t</mi> <mo>-</mo> <mn>1</mn> </mrow> </msubsup> <msub> <mi>s</mi> <mi>i</mi> </msub> <mi>mod</mi> <mi> </mi> <mi>p</mi> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>9</mn> <mo>)</mo> </mrow> </mrow>
These nodes are marked to have distributed;If ∨ is identified as, and its child nodes are labeled as unallocated.
Wherein p represents the maximum upper limit that can reach, and s represents the child nodes set, and flag node is to have distributed.
3. to each leaf node αJ, i(Y represents to access the set of tree T leaf node, Y ∈ YRepresent t-1 child of ∧ nodes Cotyledon child node set, YChild's leaf node of ∨ nodes is represented, i represents to access the index in tree corresponding to leaf node Value, calculate);
Wherein cJ, iRefer to ciphertext corresponding to leaf node in tree;
4. return to ciphertextData owner is safely outsourced to number by this ciphertext According to management server, message is encrypted by Encrypt algorithms;
Gather in the domain that described Attribute domain refers to be made up of attribute;
Described access tree refers to realize encryption key distribution to being used as child nodes user by constructing tree structure;
Step 5, data management server are to data ciphertext re-encryption:After data management server receives data ciphertext, based on category Property customer group re-encryption is carried out to data ciphertext, the access control of user class is performed, using data re-encryption algorithm ReEncrypt, specific process are as follows:
1. for arbitrary Uj∈ U, calculate:
<mrow> <mo>&amp;ForAll;</mo> <msub> <mi>&amp;alpha;</mi> <mrow> <mi>j</mi> <mo>,</mo> <mi>i</mi> </mrow> </msub> <mo>&amp;Element;</mo> <mi>Y</mi> <mo>:</mo> <msup> <msub> <mi>c</mi> <mrow> <mi>j</mi> <mo>,</mo> <mi>i</mi> </mrow> </msub> <mo>&amp;prime;</mo> </msup> <mo>=</mo> <msup> <mrow> <mo>(</mo> <msub> <mi>c</mi> <mrow> <mi>j</mi> <mo>,</mo> <mi>i</mi> </mrow> </msub> <mo>)</mo> </mrow> <msub> <mi>k</mi> <mi>j</mi> </msub> </msup> <mo>=</mo> <msup> <mrow> <mo>(</mo> <msubsup> <mi>T</mi> <mi>j</mi> <msub> <mi>s</mi> <mi>i</mi> </msub> </msubsup> <mo>)</mo> </mrow> <msub> <mi>k</mi> <mi>j</mi> </msub> </msup> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>10</mn> <mo>)</mo> </mrow> </mrow>
Then ciphertextWherein kj∈ZP *, randomly selected, cτ' it is close after encrypting Text;
2. generate header:
What wherein Hdr was represented is header, EK(x) represent to carry out symmetric cryptography, simplest realization side to plaintext x using key K Method is to use a kind of block cipher EK:{ 0,1 }k→ { 0,1 }k, wherein k is key K length;
Attribute group cipher is sent to effective user by this method, data management server receives the data that user sends After request, by (Hdr, cτ') it is sent to user;
Step 6, user's ciphertext data:After user receives data, if attribute group is not revoked out, and granted permission, can To decrypt attribute group cipher from header at any time, even if user fails the key of real-time update oneself, oneself is then inputted Attribute list perform Decrypt algorithm ciphertext data information, wherein mainly include attribute group cipher decryption and message decryption:
1. attribute group cipher, calculation formula corresponding to all properties are in decryption properties ω first:
<mrow> <msub> <mi>k</mi> <mi>j</mi> </msub> <mo>=</mo> <msub> <mrow> <mo>{</mo> <msub> <mi>D</mi> <mi>K</mi> </msub> <mrow> <mo>(</mo> <msub> <mi>c</mi> <msub> <mi>k</mi> <mi>j</mi> </msub> </msub> <mo>)</mo> </mrow> <mo>}</mo> </mrow> <mrow> <mi>K</mi> <mo>&amp;Element;</mo> <mi>P</mi> <mi>K</mi> <mi>t</mi> </mrow> </msub> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>12</mn> <mo>)</mo> </mrow> </mrow>
Wherein, user ut∈Uj, kjAttribute group cipher is referred to, K represents key, PKtThe public key of user is represented, D represents that decryption is calculated Method;
The calculation formula that user updates the private key of oneself by attribute group cipher is:
<mrow> <msub> <mi>sk</mi> <mi>&amp;omega;</mi> </msub> <mo>=</mo> <mrow> <mo>(</mo> <msub> <mi>d</mi> <mn>0</mn> </msub> <mo>,</mo> <mo>&amp;ForAll;</mo> <msub> <mi>&amp;alpha;</mi> <mi>j</mi> </msub> <mo>&amp;Element;</mo> <mi>&amp;omega;</mi> <mo>:</mo> <msup> <msub> <mi>d</mi> <mi>j</mi> </msub> <mo>&amp;prime;</mo> </msup> <mo>=</mo> <msup> <mrow> <mo>(</mo> <msub> <mi>d</mi> <mi>j</mi> </msub> <mo>)</mo> </mrow> <mrow> <msup> <msub> <mi>k</mi> <mi>j</mi> </msub> <mrow> <mo>-</mo> <mn>1</mn> </mrow> </msup> </mrow> </msup> <mo>)</mo> </mrow> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>13</mn> <mo>)</mo> </mrow> </mrow>
Wherein, d0, djRefer to calculating gained by formula in above key generation process, turn into a part for private key;
2. user inputs the attribute list ω '=(α of oneself1, α1, L, αk), perform Decrypt (cτ', skω, pk) and algorithm, calculate The formula of message is:
<mrow> <mi>m</mi> <mo>=</mo> <mfrac> <msub> <mi>c</mi> <mn>1</mn> </msub> <mrow> <mi>e</mi> <mrow> <mo>(</mo> <msub> <mi>c</mi> <mn>0</mn> </msub> <mo>,</mo> <msub> <mi>d</mi> <mn>0</mn> </msub> <mo>)</mo> </mrow> <munder> <mo>&amp;Pi;</mo> <mrow> <msub> <mi>&amp;alpha;</mi> <mi>j</mi> </msub> <mo>&amp;Element;</mo> <msup> <mi>&amp;omega;</mi> <mo>&amp;prime;</mo> </msup> </mrow> </munder> <mi>e</mi> <mrow> <mo>(</mo> <msup> <msub> <mi>c</mi> <mrow> <mi>j</mi> <mo>,</mo> <mi>i</mi> </mrow> </msub> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <msup> <msub> <mi>d</mi> <mi>j</mi> </msub> <mo>&amp;prime;</mo> </msup> <mo>)</mo> </mrow> </mrow> </mfrac> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>14</mn> <mo>)</mo> </mrow> </mrow>
<mrow> <mtable> <mtr> <mtd> <mrow> <munder> <mo>&amp;Pi;</mo> <mrow> <msub> <mi>&amp;alpha;</mi> <mi>j</mi> </msub> <mo>&amp;Element;</mo> <msup> <mi>&amp;omega;</mi> <mo>&amp;prime;</mo> </msup> </mrow> </munder> <mi>e</mi> <mrow> <mo>(</mo> <msup> <msub> <mi>c</mi> <mrow> <mi>j</mi> <mo>,</mo> <mi>i</mi> </mrow> </msub> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <msup> <msub> <mi>d</mi> <mi>j</mi> </msub> <mo>&amp;prime;</mo> </msup> <mo>)</mo> </mrow> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <mo>=</mo> <munder> <mo>&amp;Pi;</mo> <mrow> <msub> <mi>&amp;alpha;</mi> <mi>j</mi> </msub> <mo>&amp;Element;</mo> <msup> <mi>&amp;omega;</mi> <mo>&amp;prime;</mo> </msup> </mrow> </munder> <mi>e</mi> <mrow> <mo>(</mo> <msup> <mrow> <mo>(</mo> <msubsup> <mi>T</mi> <mi>j</mi> <msub> <mi>s</mi> <mi>i</mi> </msub> </msubsup> <mo>)</mo> </mrow> <msub> <mi>k</mi> <mi>j</mi> </msub> </msup> <mo>,</mo> <msup> <mrow> <mo>(</mo> <msub> <mi>d</mi> <mi>j</mi> </msub> <mo>)</mo> </mrow> <mrow> <msup> <msub> <mi>k</mi> <mi>j</mi> </msub> <mrow> <mo>-</mo> <mn>1</mn> </mrow> </msup> </mrow> </msup> <mo>)</mo> </mrow> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <mo>=</mo> <munder> <mo>&amp;Pi;</mo> <mrow> <msub> <mi>&amp;alpha;</mi> <mi>j</mi> </msub> <mo>&amp;Element;</mo> <msup> <mi>&amp;omega;</mi> <mo>&amp;prime;</mo> </msup> </mrow> </munder> <mi>e</mi> <mrow> <mo>(</mo> <msup> <mrow> <mo>(</mo> <msup> <mi>g</mi> <mrow> <msub> <mi>t</mi> <mi>j</mi> </msub> <msub> <mi>s</mi> <mi>i</mi> </msub> </mrow> </msup> <mo>)</mo> </mrow> <msub> <mi>k</mi> <mi>j</mi> </msub> </msup> <mo>,</mo> <msup> <mrow> <mo>(</mo> <msup> <mi>g</mi> <mrow> <msup> <msub> <mi>rt</mi> <mi>j</mi> </msub> <mrow> <mo>-</mo> <mn>1</mn> </mrow> </msup> </mrow> </msup> <mo>)</mo> </mrow> <mrow> <msup> <msub> <mi>k</mi> <mi>j</mi> </msub> <mrow> <mo>-</mo> <mn>1</mn> </mrow> </msup> </mrow> </msup> <mo>)</mo> </mrow> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <mo>=</mo> <mi>e</mi> <msup> <mrow> <mo>(</mo> <mi>g</mi> <mo>,</mo> <mi>g</mi> <mo>)</mo> </mrow> <mrow> <mi>r</mi> <mi>s</mi> </mrow> </msup> </mrow> </mtd> </mtr> </mtable> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>15</mn> <mo>)</mo> </mrow> </mrow>
<mrow> <mtable> <mtr> <mtd> <mrow> <mi>e</mi> <mrow> <mo>(</mo> <msub> <mi>c</mi> <mn>0</mn> </msub> <mo>,</mo> <msub> <mi>d</mi> <mn>0</mn> </msub> <mo>)</mo> </mrow> <mi>e</mi> <msup> <mrow> <mo>(</mo> <mi>g</mi> <mo>,</mo> <mi>g</mi> <mo>)</mo> </mrow> <mrow> <mi>r</mi> <mi>s</mi> </mrow> </msup> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <mo>=</mo> <mi>e</mi> <mrow> <mo>(</mo> <msup> <mi>g</mi> <mi>s</mi> </msup> <mo>,</mo> <msup> <mi>g</mi> <mrow> <mi>&amp;alpha;</mi> <mo>-</mo> <mi>r</mi> </mrow> </msup> <mo>)</mo> </mrow> <mi>e</mi> <msup> <mrow> <mo>(</mo> <mi>g</mi> <mo>,</mo> <mi>g</mi> <mo>)</mo> </mrow> <mrow> <mi>r</mi> <mi>s</mi> </mrow> </msup> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <mo>=</mo> <mi>e</mi> <msup> <mrow> <mo>(</mo> <mi>g</mi> <mo>,</mo> <mi>g</mi> <mo>)</mo> </mrow> <mrow> <mi>&amp;alpha;</mi> <mi>s</mi> </mrow> </msup> <mi>e</mi> <msup> <mrow> <mo>(</mo> <mi>g</mi> <mo>,</mo> <mi>g</mi> <mo>)</mo> </mrow> <mrow> <mo>-</mo> <mi>r</mi> <mi>s</mi> </mrow> </msup> <mi>e</mi> <msup> <mrow> <mo>(</mo> <mi>g</mi> <mo>,</mo> <mi>g</mi> <mo>)</mo> </mrow> <mrow> <mi>r</mi> <mi>s</mi> </mrow> </msup> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <mo>=</mo> <mi>e</mi> <msup> <mrow> <mo>(</mo> <mi>g</mi> <mo>,</mo> <mi>g</mi> <mo>)</mo> </mrow> <mrow> <mi>&amp;alpha;</mi> <mi>s</mi> </mrow> </msup> </mrow> </mtd> </mtr> </mtable> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>16</mn> <mo>)</mo> </mrow> </mrow>
<mrow> <msup> <mi>m</mi> <mo>&amp;prime;</mo> </msup> <mo>=</mo> <mfrac> <msub> <mi>c</mi> <mn>1</mn> </msub> <mrow> <mi>e</mi> <msup> <mrow> <mo>(</mo> <mi>g</mi> <mo>,</mo> <mi>g</mi> <mo>)</mo> </mrow> <mrow> <mi>&amp;alpha;</mi> <mi>s</mi> </mrow> </msup> </mrow> </mfrac> <mo>=</mo> <mfrac> <mrow> <mi>m</mi> <mi>e</mi> <msup> <mrow> <mo>(</mo> <mi>g</mi> <mo>,</mo> <mi>g</mi> <mo>)</mo> </mrow> <mrow> <mi>&amp;alpha;</mi> <mi>s</mi> </mrow> </msup> </mrow> <mrow> <mi>e</mi> <msup> <mrow> <mo>(</mo> <mi>g</mi> <mo>,</mo> <mi>g</mi> <mo>)</mo> </mrow> <mrow> <mi>&amp;alpha;</mi> <mi>s</mi> </mrow> </msup> </mrow> </mfrac> <mo>=</mo> <mi>m</mi> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>17</mn> <mo>)</mo> </mrow> </mrow>
Wherein L is generated at random,Each attribute αj∈ω′;
Described header refers to that data management server uses the information of symmetric encryption method generation;
Step 7, trusted certificate authority are when receiving user property renewal request, Update attribute customer group, and by the user of renewal List is notified to data management server, performs the renewal of attribute group cipher by data management server, user needs to access data When, what is received is exactly the data message after renewal, as user property UfWhen changing, data management server Update attribute Key, its calculation formula are:
<mrow> <mtable> <mtr> <mtd> <mrow> <msup> <msub> <mi>c</mi> <mn>0</mn> </msub> <mo>&amp;prime;</mo> </msup> <mo>=</mo> <msub> <mi>c</mi> <mn>0</mn> </msub> <msup> <mi>g</mi> <msup> <mi>s</mi> <mo>&amp;prime;</mo> </msup> </msup> <mo>=</mo> <msup> <mi>g</mi> <mrow> <mi>s</mi> <mo>+</mo> <msup> <mi>s</mi> <mo>&amp;prime;</mo> </msup> </mrow> </msup> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <msup> <msub> <mi>c</mi> <mn>1</mn> </msub> <mo>&amp;prime;</mo> </msup> <mo>=</mo> <msub> <mi>c</mi> <mn>1</mn> </msub> <msup> <mi>y</mi> <msup> <mi>x</mi> <mo>&amp;prime;</mo> </msup> </msup> <mo>=</mo> <mi>m</mi> <mi>e</mi> <msup> <mrow> <mo>(</mo> <mi>g</mi> <mo>,</mo> <mi>g</mi> <mo>)</mo> </mrow> <mrow> <mi>&amp;alpha;</mi> <mi>s</mi> </mrow> </msup> <mi>e</mi> <msup> <mrow> <mo>(</mo> <mi>g</mi> <mo>,</mo> <mi>g</mi> <mo>)</mo> </mrow> <mrow> <msup> <mi>&amp;alpha;s</mi> <mo>&amp;prime;</mo> </msup> </mrow> </msup> <mo>=</mo> <mi>m</mi> <mi>e</mi> <msup> <mrow> <mo>(</mo> <mi>g</mi> <mo>,</mo> <mi>g</mi> <mo>)</mo> </mrow> <mrow> <mi>&amp;alpha;</mi> <mrow> <mo>(</mo> <mi>s</mi> <mo>+</mo> <msup> <mi>s</mi> <mo>&amp;prime;</mo> </msup> <mo>)</mo> </mrow> </mrow> </msup> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <msub> <mi>c</mi> <mrow> <mi>f</mi> <mo>,</mo> <mi>i</mi> </mrow> </msub> <mo>=</mo> <msup> <mrow> <mo>(</mo> <msup> <msub> <mi>T</mi> <mi>f</mi> </msub> <msubsup> <mi>s</mi> <mi>j</mi> <mo>&amp;prime;</mo> </msubsup> </msup> <mo>)</mo> </mrow> <msub> <mi>k</mi> <msup> <mi>j</mi> <mo>&amp;prime;</mo> </msup> </msub> </msup> <mo>,</mo> <mo>&amp;ForAll;</mo> <msub> <mi>a</mi> <mrow> <mi>j</mi> <mo>,</mo> <mi>i</mi> </mrow> </msub> <mo>&amp;Element;</mo> <mi>Y</mi> <mo>\</mo> <mo>{</mo> <mi>f</mi> <mo>}</mo> <mo>:</mo> <msup> <msub> <mi>c</mi> <mrow> <mi>j</mi> <mo>,</mo> <mi>i</mi> </mrow> </msub> <mo>&amp;prime;</mo> </msup> <mo>=</mo> <msup> <mrow> <mo>(</mo> <msup> <msub> <mi>T</mi> <mi>j</mi> </msub> <mrow> <msup> <msub> <mi>s</mi> <mi>j</mi> </msub> <mo>&amp;prime;</mo> </msup> </mrow> </msup> <mo>)</mo> </mrow> <msub> <mi>k</mi> <mi>j</mi> </msub> </msup> </mrow> </mtd> </mtr> </mtable> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>18</mn> <mo>)</mo> </mrow> </mrow>
Then new ciphertext isThe new header of generation:
<mrow> <mi>H</mi> <mi>d</mi> <mi>r</mi> <mo>=</mo> <mfenced open = "(" close = ")"> <mtable> <mtr> <mtd> <mrow> <msub> <mrow> <mo>{</mo> <mrow> <msub> <mi>E</mi> <mi>K</mi> </msub> <mrow> <mo>(</mo> <mrow> <msup> <msub> <mi>k</mi> <mi>f</mi> </msub> <mo>&amp;prime;</mo> </msup> </mrow> <mo>)</mo> </mrow> </mrow> <mo>}</mo> </mrow> <mrow> <mi>K</mi> <mo>&amp;Element;</mo> <mi>K</mi> <mi>E</mi> <mi>K</mi> <mrow> <mo>(</mo> <msub> <mi>U</mi> <mi>j</mi> </msub> <mo>)</mo> </mrow> </mrow> </msub> <mo>,</mo> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <mo>&amp;ForAll;</mo> <msub> <mi>a</mi> <mrow> <mi>j</mi> <mo>,</mo> <mi>i</mi> </mrow> </msub> <mo>&amp;Element;</mo> <mi>Y</mi> <mo>\</mo> <mo>{</mo> <mi>f</mi> <mo>}</mo> <mo>:</mo> <msub> <mi>c</mi> <msub> <mi>k</mi> <mi>j</mi> </msub> </msub> <mo>=</mo> <msub> <mrow> <mo>{</mo> <msub> <mi>E</mi> <mi>K</mi> </msub> <mrow> <mo>(</mo> <msub> <mi>k</mi> <mi>j</mi> </msub> <mo>)</mo> </mrow> <mo>}</mo> </mrow> <mrow> <mi>K</mi> <mo>&amp;Element;</mo> <mi>K</mi> <mi>E</mi> <mi>K</mi> <mrow> <mo>(</mo> <msub> <mi>U</mi> <mi>j</mi> </msub> <mo>)</mo> </mrow> </mrow> </msub> </mrow> </mtd> </mtr> </mtable> </mfenced> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>20</mn> <mo>)</mo> </mrow> </mrow>
Wherein,It is that data management server is randomly selected,cτ' it is close after changing Text.
CN201710827319.5A 2017-09-14 2017-09-14 A kind of voidable attribute base encryption method Pending CN107566386A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710827319.5A CN107566386A (en) 2017-09-14 2017-09-14 A kind of voidable attribute base encryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710827319.5A CN107566386A (en) 2017-09-14 2017-09-14 A kind of voidable attribute base encryption method

Publications (1)

Publication Number Publication Date
CN107566386A true CN107566386A (en) 2018-01-09

Family

ID=60979923

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710827319.5A Pending CN107566386A (en) 2017-09-14 2017-09-14 A kind of voidable attribute base encryption method

Country Status (1)

Country Link
CN (1) CN107566386A (en)

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108255435A (en) * 2018-01-19 2018-07-06 中山大学 A kind of data-storage system accessed using hierarchical tree structure control
CN108632385A (en) * 2018-05-15 2018-10-09 上海海事大学 Multiway tree data directory structure cloud storage method for secret protection based on time series
CN108880798A (en) * 2018-06-28 2018-11-23 西南交通大学 A kind of attribute base weight encryption method for realizing the revocation of fine granularity attribute
CN108880801A (en) * 2018-07-09 2018-11-23 西南交通大学 The distributed nature base encryption method of fine granularity attribute revocation is supported on a kind of lattice
CN108989026A (en) * 2018-07-05 2018-12-11 华东师范大学 A kind of voidable method of user property under publish/subscribe environment
CN110457930A (en) * 2019-08-16 2019-11-15 上海海事大学 The attribute base encryption method and system of the hiding traceable revocation malicious user of strategy
CN110602063A (en) * 2019-08-27 2019-12-20 西安电子科技大学 Multi-authorization-center access control method and system and cloud storage system
CN110932847A (en) * 2019-10-18 2020-03-27 中国科学院信息工程研究所 User revocation method for identity identification cryptosystem with ciphertext homomorphism
CN111586045A (en) * 2020-05-08 2020-08-25 武汉思普崚技术有限公司 Attribute encryption and dynamic security layer protection method and corresponding firewall
CN111585813A (en) * 2020-05-08 2020-08-25 武汉思普崚技术有限公司 Management method and system of network nodes in Internet of things environment
CN111586047A (en) * 2020-05-08 2020-08-25 武汉思普崚技术有限公司 Safety management method and system for centralized network data
CN111756524A (en) * 2019-03-26 2020-10-09 深圳市网安计算机安全检测技术有限公司 Dynamic group key generation method and device, computer equipment and storage medium
CN112069513A (en) * 2020-08-12 2020-12-11 福建师范大学 Encryption method and system capable of sharing decryption
CN113612805A (en) * 2021-10-08 2021-11-05 国网浙江省电力有限公司信息通信分公司 Energy data access authority revocation method based on ciphertext policy attribute base
CN113836553A (en) * 2021-09-22 2021-12-24 北京计算机技术及应用研究所 Distributed storage data protection method for dynamic reconstruction of cryptographic algorithm
CN114095160A (en) * 2021-11-12 2022-02-25 电子科技大学 Unlimited revocable attribute-based encryption method
US20220303115A1 (en) * 2021-03-19 2022-09-22 Raytheon Bbn Technologies Corp. Subscriber revocation in a publish-subscribe network using attribute-based encryption
US11558185B2 (en) 2021-03-19 2023-01-17 Raytheon Bbn Technologies Corp. Stream-based key management

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110320809A1 (en) * 2010-06-23 2011-12-29 Motorola, Inc. Method and apparatus for key revocation in an attribute-based encryption scheme
CN102546161A (en) * 2010-12-08 2012-07-04 索尼公司 Ciphertext policy based revocable attribute-based encryption method and equipment and system utilizing same
CN104113408A (en) * 2014-07-11 2014-10-22 西安电子科技大学 Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110320809A1 (en) * 2010-06-23 2011-12-29 Motorola, Inc. Method and apparatus for key revocation in an attribute-based encryption scheme
CN102546161A (en) * 2010-12-08 2012-07-04 索尼公司 Ciphertext policy based revocable attribute-based encryption method and equipment and system utilizing same
CN104113408A (en) * 2014-07-11 2014-10-22 西安电子科技大学 Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
闫玺玺: "《数据外包环境下一种支持撤销的属性基加密方案》", 《通信学报》 *

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108255435B (en) * 2018-01-19 2021-02-12 中山大学 Data storage system for controlling access by using hierarchical tree structure
CN108255435A (en) * 2018-01-19 2018-07-06 中山大学 A kind of data-storage system accessed using hierarchical tree structure control
CN108632385B (en) * 2018-05-15 2020-08-21 上海海事大学 Time sequence-based cloud storage privacy protection method for multi-branch tree data index structure
CN108632385A (en) * 2018-05-15 2018-10-09 上海海事大学 Multiway tree data directory structure cloud storage method for secret protection based on time series
CN108880798A (en) * 2018-06-28 2018-11-23 西南交通大学 A kind of attribute base weight encryption method for realizing the revocation of fine granularity attribute
CN108880798B (en) * 2018-06-28 2020-11-03 西南交通大学 Attribute basis weight encryption method for realizing fine-grained attribute revocation
CN108989026A (en) * 2018-07-05 2018-12-11 华东师范大学 A kind of voidable method of user property under publish/subscribe environment
CN108989026B (en) * 2018-07-05 2020-12-22 华东师范大学 Method for revoking user attribute in publishing/subscribing environment
CN108880801A (en) * 2018-07-09 2018-11-23 西南交通大学 The distributed nature base encryption method of fine granularity attribute revocation is supported on a kind of lattice
CN108880801B (en) * 2018-07-09 2020-11-27 西南交通大学 Distributed attribute-based encryption method for supporting fine-grained attribute revocation in lattice manner
CN111756524A (en) * 2019-03-26 2020-10-09 深圳市网安计算机安全检测技术有限公司 Dynamic group key generation method and device, computer equipment and storage medium
CN110457930A (en) * 2019-08-16 2019-11-15 上海海事大学 The attribute base encryption method and system of the hiding traceable revocation malicious user of strategy
CN110602063A (en) * 2019-08-27 2019-12-20 西安电子科技大学 Multi-authorization-center access control method and system and cloud storage system
CN110932847A (en) * 2019-10-18 2020-03-27 中国科学院信息工程研究所 User revocation method for identity identification cryptosystem with ciphertext homomorphism
CN111585813B (en) * 2020-05-08 2022-04-12 武汉思普崚技术有限公司 Management method and system of network nodes in Internet of things environment
CN111585813A (en) * 2020-05-08 2020-08-25 武汉思普崚技术有限公司 Management method and system of network nodes in Internet of things environment
CN111586045A (en) * 2020-05-08 2020-08-25 武汉思普崚技术有限公司 Attribute encryption and dynamic security layer protection method and corresponding firewall
CN111586047B (en) * 2020-05-08 2022-01-04 武汉思普崚技术有限公司 Safety management method and system for centralized network data
CN111586047A (en) * 2020-05-08 2020-08-25 武汉思普崚技术有限公司 Safety management method and system for centralized network data
CN112069513A (en) * 2020-08-12 2020-12-11 福建师范大学 Encryption method and system capable of sharing decryption
CN112069513B (en) * 2020-08-12 2022-09-27 福建师范大学 Encryption method and system capable of sharing decryption
US11558185B2 (en) 2021-03-19 2023-01-17 Raytheon Bbn Technologies Corp. Stream-based key management
US11804949B2 (en) * 2021-03-19 2023-10-31 Raytheon Bbn Technologies Corp. Subscriber revocation in a publish-subscribe network using attribute-based encryption
US20220303115A1 (en) * 2021-03-19 2022-09-22 Raytheon Bbn Technologies Corp. Subscriber revocation in a publish-subscribe network using attribute-based encryption
CN113836553B (en) * 2021-09-22 2023-10-20 北京计算机技术及应用研究所 Distributed storage data protection method for dynamic reconstruction of cryptographic algorithm
CN113836553A (en) * 2021-09-22 2021-12-24 北京计算机技术及应用研究所 Distributed storage data protection method for dynamic reconstruction of cryptographic algorithm
CN113612805A (en) * 2021-10-08 2021-11-05 国网浙江省电力有限公司信息通信分公司 Energy data access authority revocation method based on ciphertext policy attribute base
CN113612805B (en) * 2021-10-08 2021-12-14 国网浙江省电力有限公司信息通信分公司 Energy data access authority revocation method based on ciphertext policy attribute base
CN114095160A (en) * 2021-11-12 2022-02-25 电子科技大学 Unlimited revocable attribute-based encryption method

Similar Documents

Publication Publication Date Title
CN107566386A (en) A kind of voidable attribute base encryption method
Li et al. TMACS: A robust and verifiable threshold multi-authority access control system in public cloud storage
Yang et al. Attributed-based access control for multi-authority systems in cloud storage
Jung et al. Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption
CN104113408B (en) It is a kind of realize the revocation of timely user property based on ciphertext policy ABE encryption method
Jung et al. Privacy preserving cloud data access with multi-authorities
Jahid et al. EASiER: Encryption-based access control in social networks with efficient revocation
CN114039790B (en) Fine-grained cloud storage security access control method based on blockchain
CN104363215B (en) A kind of encryption method and system based on attribute
JP5130318B2 (en) Certificate-based encryption and public key structure infrastructure
Xu et al. Dynamic user revocation and key refreshing for attribute-based encryption in cloud storage
CN107359986A (en) The outsourcing encryption and decryption CP ABE methods of user revocation
Qiao et al. Survey of attribute based encryption
CN105763528B (en) The encryption device of diversity person&#39;s anonymity under a kind of mixed mechanism
Ming et al. Efficient revocable multi-authority attribute-based encryption for cloud storage
CN107040374A (en) The attribute base data encryption method of user&#39;s Dynamic Revocation is supported under a kind of cloud storage environment
CN101707524B (en) Method for encrypting public key broadcasts with hierarchical relationship
CN107426162A (en) A kind of method based on attribute base encryption Implement Core mutual role help
Guo et al. Revocable blockchain-aided attribute-based encryption with escrow-free in cloud storage
Han et al. Security and efficiency data sharing scheme for cloud storage
Zhou et al. Securing outsourced data in the multi-authority cloud with fine-grained access control and efficient attribute revocation
Liu et al. A new user revocable ciphertext-policy attribute-based encryption with ciphertext update
Li et al. Attribute based encryption: Traitor tracing, revocation and fully security on prime order groups
Yan et al. Attribute-based encryption in cloud computing environment
CN114095171A (en) Identity-based wearable proxy re-encryption method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180109

RJ01 Rejection of invention patent application after publication