CN108512662A - The hiding multimachine structure encryption method of support policy on a kind of lattice - Google Patents

The hiding multimachine structure encryption method of support policy on a kind of lattice Download PDF

Info

Publication number
CN108512662A
CN108512662A CN201810326938.0A CN201810326938A CN108512662A CN 108512662 A CN108512662 A CN 108512662A CN 201810326938 A CN201810326938 A CN 201810326938A CN 108512662 A CN108512662 A CN 108512662A
Authority
CN
China
Prior art keywords
vector
attribute
user
access
matrix
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810326938.0A
Other languages
Chinese (zh)
Inventor
田秋亭
韩德志
王军
毕坤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Maritime University
Original Assignee
Shanghai Maritime University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Maritime University filed Critical Shanghai Maritime University
Priority to CN201810326938.0A priority Critical patent/CN108512662A/en
Publication of CN108512662A publication Critical patent/CN108512662A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses the multimachine structure encryption methods that support policy on a kind of lattice is hidden, and it includes following steps:When S1, system initialization, common parameter and main system private key are generated;S2, user are the property set application key of oneself, and attribute mechanism generates private key according to common parameter, main system private key and the property set of user for it;S3, access structure is converted to corresponding access tree to realize hiding completely for access strategy;S4, data owner generate ciphertext data, then upload to Cloud Server and stored according to system common parameter, plaintext and the access tree being converted;S5, user send access request to Cloud Server, obtain the ciphertext data being stored in Cloud Server;The ciphertext data obtained from Cloud Server are decrypted in the private key that S6, user are obtained using dependence mechanism, obtain the plaintext of data owner and carry out relevant subsequent operation.Its advantage is that:The efficiency of system can be improved and quantum attack, the privacy of effective protection user can be resisted.

Description

一种格上支持策略隐藏的多机构加密方法A Multi-Agent Encryption Method Supporting Policy Hiding in Lattice

技术领域technical field

本发明涉及云环境及密码学技术领域,具体涉及一种格上支持策略隐藏的多机构加密方法。The invention relates to the technical fields of cloud environment and cryptography, in particular to a multi-mechanism encryption method supporting policy hiding on a grid.

背景技术Background technique

随着信息技术的发展,私人和企业的数据越来越多,呈现大数据形态,促使了云计算的发展,人们越来越趋向于把数据存储在云端,既方便又节省成本和资源,特别是对一些中小型企业。然而带来方便的同时,也存在一些问题,特别是近几年来不断出现的云存储安全事件,人们将数据存储在云端,这些数据中难免会包含用户的隐私信息,并且用户失去了对敏感数据的控制,云端的服务器可能出于好奇或者商业利益而访问自己感兴趣的数据,非法用户也可能对用户的隐私进行窥探或者篡改。因此,用户将数据存储在云端之前,对数据进行加密处理是一个有效的方法。在2005年,Sahai和Waters提出了属性基加密(attribute based encryption,ABE)方案,迅速成为学者们研究的热点,在近几年来也是密码学研究的热点问题之一,属性基加密将用户的身份与一系列的属性相关联,当且仅当用户的属性满足数据所有者设置的访问结构时,用户才可以解密得到共享的数据。如今,在实现信息安全和灵活的访问控制方面,属性基加密被认为是比较有前景的密码学原语。然而云存储中数据所有者将自己的数据外包给云服务器,在制定访问策略生成密文时,通常将这个访问规则和密文一起发布,因此系统中任意试图解密的用户都能够推出一些敏感的信息(甚至是推出可能的接收者),使得用户的个人数据处于高泄露的风险中(比如针对商家发布的密文可以分析其潜在的盈利模式,或者个人健康记录系统中针对病人发布的密文分析出其个人的隐私信息等等),因此,为了防止隐私信息的泄露,往往需要在加密时对访问策略进行隐藏。同时,基于格的加密方法大多由单个可信的机构来管理所有的属性,安全性并不高,不满足实际的应用需要。另外基于格理论构造的新型密码方案具有可并行性、运算简单和抵抗量子攻击等优点,成为后量子时代研究的新热点。因此,基于格密码与支持策略隐藏的加密算法,设计一种格上支持策略隐藏的多机构加密方法具有重要的意义。With the development of information technology, there are more and more private and enterprise data, presenting the form of big data, which promotes the development of cloud computing, and people are more and more inclined to store data in the cloud, which is convenient and saves costs and resources, especially For some small and medium enterprises. However, while bringing convenience, there are also some problems, especially the cloud storage security incidents that have occurred continuously in recent years. People store data in the cloud. These data will inevitably contain users’ private information, and users will lose access to sensitive data. Cloud servers may access the data they are interested in out of curiosity or commercial interests, and illegal users may also spy on or tamper with users' privacy. Therefore, before the user stores the data in the cloud, it is an effective method to encrypt the data. In 2005, Sahai and Waters proposed the attribute-based encryption (ABE) scheme, which quickly became a research hotspot among scholars and one of the hot topics in cryptography research in recent years. Associated with a series of attributes, if and only if the user's attributes meet the access structure set by the data owner, the user can decrypt the shared data. Nowadays, attribute-based encryption is considered as a promising cryptographic primitive in terms of information security and flexible access control. However, in cloud storage, data owners outsource their data to cloud servers. When formulating access policies and generating ciphertexts, the access rules are usually released together with the ciphertexts. Therefore, any user in the system who tries to decrypt can launch some sensitive data. Information (even to introduce possible recipients), so that the user's personal data is at a high risk of leakage (for example, the ciphertext issued for the merchant can analyze its potential profit model, or the ciphertext issued for the patient in the personal health record system Analyze their personal private information, etc.), therefore, in order to prevent the disclosure of private information, it is often necessary to hide the access policy during encryption. At the same time, most of the lattice-based encryption methods are managed by a single trusted organization, which is not safe enough to meet the actual application needs. In addition, the new cryptographic scheme based on lattice theory has the advantages of parallelism, simple operation, and resistance to quantum attacks, and has become a new research hotspot in the post-quantum era. Therefore, based on lattice ciphers and encryption algorithms that support policy hiding, it is of great significance to design a multi-institutional encryption method that supports policy hiding on a lattice.

发明内容Contents of the invention

本发明的目的在于提供一种格上支持策略隐藏的多机构加密方法,可以提高系统的效率并可以抵抗量子攻击,有效保护用户的隐私,增加系统的灵活性,避免单个机构被攻破系统的安全性受到威胁的问题。The purpose of the present invention is to provide a multi-organization encryption method that supports policy hiding on a grid, which can improve the efficiency of the system and can resist quantum attacks, effectively protect the privacy of users, increase the flexibility of the system, and prevent the security of the system from being breached by a single organization Sexually threatened issues.

为了达到上述目的,本发明通过以下技术方案实现:In order to achieve the above object, the present invention is achieved through the following technical solutions:

一种格上支持策略隐藏的多机构加密方法,其特征是,包含以下步骤:A multi-institutional encryption method that supports policy hiding on a grid is characterized in that it includes the following steps:

S1、系统初始化时,生成公共参数和系统主私钥;S1. When the system is initialized, public parameters and the system master private key are generated;

S2、用户为自己的属性集申请密钥,属性机构根据公共参数、系统主私钥以及用户的属性集为其生成私钥;S2. The user applies for a key for his own attribute set, and the attribute agency generates a private key for him according to the public parameters, the system master private key and the user's attribute set;

S3、将访问结构转化为对应的访问树以实现访问策略的完全隐藏;S3. Transform the access structure into a corresponding access tree to completely hide the access strategy;

S4、数据所有者根据系统公共参数、明文和转化来的访问树,生成密文数据,然后上传到云服务器进行存储;S4. The data owner generates ciphertext data according to the system public parameters, plaintext and converted access tree, and then uploads it to the cloud server for storage;

S5、用户向云服务器发送访问请求,获得存储在云服务器中的密文数据;S5. The user sends an access request to the cloud server to obtain the ciphertext data stored in the cloud server;

S6、用户使用从属性机构获得的私钥对从云服务器获得的密文数据进行解密,得到数据所有者的明文并进行相关后续操作。S6. The user uses the private key obtained from the attribute organization to decrypt the ciphertext data obtained from the cloud server, obtains the plaintext of the data owner, and performs related follow-up operations.

上述的格上支持策略隐藏的多机构加密方法,其中,所述步骤S1的过程具体为:The above-mentioned multi-institutional encryption method supporting policy hiding on lattice, wherein, the process of step S1 is specifically:

输入安全参数λ,n,m,q,其中,λ为初始化阶段算法的输入参数为整数,n、m均为相关参数,q为素数;Input security parameters λ, n, m, q, where λ is the input parameter of the algorithm in the initialization stage is an integer, n and m are related parameters, and q is a prime number;

运行陷门生成算法,生成一个均匀随机的矩阵和格的格基然后选择一个均匀的随机向量输出公共参数PP={A,u},系统主私钥MSK={TA},其中,均为有限域,u1,u2,...,un为向量u的元素;Run the trapdoor generation algorithm to generate a uniform random matrix He case Geki Then choose a uniform random vector Output public parameter PP={A,u}, system master private key MSK={T A }, where, and are finite fields, u 1 , u 2 ,..., u n are the elements of vector u;

所述的陷门生成算法是指对于素数q=poly(n),n为正整数,存在概率多项式时间算法TrapGen(q,n)生成均匀随机矩阵其中,m≥5n log q,A在上是统计均匀的,TA是格的陷门基,且其中,O表示时间复杂度。Described trapdoor generating algorithm refers to that for prime number q=poly(n), n is a positive integer, and the existence probability polynomial time algorithm TrapGen(q, n) generates uniform random matrix and Among them, m≥5n log q, A in above is statistically uniform, T A is the lattice the trapdoor base of Among them, O represents the time complexity.

上述的格上支持策略隐藏的多机构加密方法,其中,所述步骤S2中的具体过程为:The above-mentioned multi-institutional encryption method supporting policy hiding on the lattice, wherein, the specific process in the step S2 is:

输入系统公共参数PP,主私钥MSK,用户的属性集Au,系统利用(k,n′)Shamir门限秘密共享机制来计算随机向量u的k个划分,即k为门限值也是属性机构的个数,n′为将随机向量u划分的份数;然后再将k个划分随机向量分别发送给k个属性机构AAi,接着属性机构AAi对其管理的ni个属性值ai,j∈A′i,A′i为每个属性可能取值的集合,用(ti,ni)Shamir门限秘密共享机制对随机向量u′i进行划分,u′i是u的向量分量,ti是门限值,得到ni个随机向量分享u″i,j(i=1,2,...,k,j=1,2,...,ni),选择两个均匀随机矩阵计算矩阵Fi,j=A|A1,i+H(u″i,j)·A2,i,其中,H(·)为满二秩差分编码函数;Input system public parameter PP, master private key MSK, user attribute set A u , the system uses (k,n′)Shamir threshold secret sharing mechanism to calculate k divisions of random vector u, that is, k is the threshold value and also the attribute mechanism The number of , n' is the number of parts to divide the random vector u; and then divide the k random vectors Send them to k attribute agencies AA i respectively, and then attribute agency AA i manages n i attribute values a i,j ∈ A′ i , where A′ i is a set of possible values for each attribute, use (t i , n i ) The Shamir threshold secret sharing mechanism divides the random vector u′ i , where u′ i is the vector component of u, t i is the threshold value, and n i random vectors are obtained to share u″ i,j (i=1 ,2,...,k,j=1,2,...,n i ), choose two uniform random matrices Calculation matrix F i,j =A|A 1,i +H(u″ i,j )·A 2,i , where H(·) is a full second-rank differential encoding function;

用户向属性机构请求密钥,二者进行交互,属性机构AAi运行左抽样算法,计算向量:ei,j←SampleLeft(A,A1,i+H(u″i,j)·A2,i,TA,u′i,j,σ),然后输出用户的私钥其中,当ai,j∈Au∩A′i时,向量ei,j表示用户的私钥;为每个属性可能取值的集合;为每个属性可能的取值;σ为参数;为有限域。The user requests the key from the attribute agency, and the two interact. The attribute agency AA i runs the left sampling algorithm to calculate the vector: e i,j ←SampleLeft(A,A 1,i +H(u″ i,j )·A 2 ,i, T A, u′ i,j ,σ), and then output the user's private key Among them, when a i,jA u ∩A′ i , the vector e i,j represents the user's private key; A collection of possible values for each attribute; Possible values for each attribute; σ is a parameter; is a finite field.

上述的格上支持策略隐藏的多机构加密方法,其中,所述的满二秩差分编码函数是指给定素数q,正整数n,满二秩差分编码函数可以将上用户的属性信息映射为Zq上的一个n×n的矩阵;对于输入的随机向量定义一个多项式令f为Zq[X]中不可简化的n阶多项式,则:The above-mentioned multi-mechanism encryption method supporting policy hiding on the lattice, wherein, the full second-rank differential encoding function refers to a given prime number q, a positive integer n, and a full second-rank differential encoding function can The attribute information of the user above is mapped to an n×n matrix on Z q ; for the input random vector define a polynomial Let f be an irreducible polynomial of degree n in Z q [X], then:

其中,coeffs表示多项式系数组成的行向量;其中,均为有限域;Zq[X]为任意的域;X为x′i的集合,X为定义域,x′为自变量;H的含义是映射,将随机向量u″i,j映射为矩阵;Among them, coeffs represents a row vector composed of polynomial coefficients; among them, and Both are finite fields; Z q [X] is any field; X is the set of x′ i , X is the domain of definition, and x′ is the independent variable; the meaning of H is mapping, and the random vector u″ i, j is mapped as matrix;

所述的左抽样算法是指SampleLeft(A,M1,TA,u,σ):输入:一个秩为n的矩阵一个矩阵的格基一个向量和一个高斯参数输出:令矩阵F1=(A|M1);该算法输出一个向量其中,m,m1均为正整数;M1为矩阵,代表所述左抽样运算中的矩阵A1,i+H(u″i,j)·A2,i;ω为运算参数;σ为高斯参数。The left sampling algorithm refers to SampleLeft(A,M 1 ,T A ,u,σ): Input: a matrix with rank n a matrix grid Geki a vector and a Gaussian parameter Output: Let matrix F 1 =(A|M 1 ); the algorithm outputs a vector Wherein, m, m 1 are all positive integers; M 1 is a matrix, representing the matrix A 1,i +H(u″ i,j )·A 2,i in the left sampling operation; ω is an operation parameter; σ is a Gaussian parameter.

上述的格上支持策略隐藏的多机构加密方法,其中,所述步骤S3中访问结构转化为访问树过程为:The above-mentioned multi-institutional encryption method supporting policy hiding on the lattice, wherein, the process of converting the access structure into an access tree in the step S3 is:

访问结构采用多值属性的与、或、门限形式,数据所有者在对明文加密之前,先将访问结构W转化为一棵访问树Γ,树中的叶子节点表示属性,非叶子节点表示操作符,在访问树中,用相应的值来取代叶子节点的信息,不以明文的形式出现在访问结构中,用户在解密时不能获得有关数据所有者和其他解密者的任何信息,从而实现策略的完全隐藏;The access structure adopts the form of AND, OR, and threshold of multi-valued attributes. Before encrypting the plaintext, the data owner first converts the access structure W into an access tree Γ. The leaf nodes in the tree represent attributes, and the non-leaf nodes represent operators. , in the access tree, replace the leaf node information with the corresponding value, which does not appear in the access structure in the form of plain text, and the user cannot obtain any information about the data owner and other decryptors when decrypting, so as to realize the policy completely hidden;

所述的访问树是指通过shamir秘密共享机制来构造,设置访问树Γ的根节点设为向量s,同时随机选取向量其中,s1,s2,...,sn″为随机向量s的分量,T为向量的转置,并标记为已分配,其余的所有节点标记为未分配,对其余未分配的非叶子节点进行以下操作:The access tree is constructed through the shamir secret sharing mechanism, the root node of the access tree Γ is set as vector s, and the vector is randomly selected at the same time Among them, s 1 , s 2 ,...,s n″ are the components of the random vector s, T is the transpose of the vector, and marked as allocated, and all other nodes are marked as unallocated, and the remaining unallocated non- The leaf nodes perform the following operations:

A、如果该节点的操作符为∧,并且其孩子节点为未分配,则随机选择向量其中的n″为其孩子节点的个数,并对第n″个孩子节点赋值为向量并将这些节点标记为已分配;A. If the operator of the node is ∧, and its child node is unassigned, randomly select the vector Among them, n" is the number of its child nodes, and the n"th child node is assigned a vector and mark those nodes as allocated;

B、如果该节点的操作符为∨,并且其孩子节点为未分配,则将其所有的孩子节点的值设置为s,并将这些节点标记为已分配;B. If the operator of the node is ∨, and its child nodes are unassigned, set the value of all its child nodes to s, and mark these nodes as allocated;

C、如果该节点的操作符为of,并且其孩子节点为未分配,则利用shamir(t,n″)门限秘密共享机制对向量进行分割,其中的t为门限值,n″为孩子节点数,将第l个孩子节点赋值为向量然后将这些节点标记为已分配;其中的l为访问树中叶子节点的属性索引;为有限域;其中P是素数,P的含义为域中的运算模。C. If the operator of the node is of and its child node is unassigned, use the shamir(t,n″) threshold secret sharing mechanism to vector Carry out segmentation, where t is the threshold value, n″ is the number of child nodes, and the lth child node is assigned as a vector Then mark these nodes as allocated; where l is the attribute index of the leaf node in the access tree; is a finite field; where P is a prime number, and the meaning of P is Modulus of operations in the domain.

上述的格上支持策略隐藏的多机构加密方法,其中,所述的步骤S4中的密文生成过程为:The above-mentioned multi-institutional encryption method supporting policy hiding on the lattice, wherein, the ciphertext generation process in the step S4 is:

输入系统公共参数PP,明文b∈{0,1},由访问结构W转化来的访问树Γ,令参数K=(k!d!)2,其中的选择均匀随机矩阵R∈{-1,1}m×m,然后选择噪音干扰项x∈Zq令向量z=RTxi,j,对每个叶子节点l计算: 输出密文 Input system public parameter PP, plaintext b∈{0,1}, access tree Γ converted from access structure W, set parameter K=(k!d!) 2 , where Choose a uniform random matrix R∈{-1,1} m×m , then choose the noise interference term x∈Z q and Let the vector z=R T x i,j calculate for each leaf node l: output ciphertext

其中k为属性机构的个数;其中,A′i为每个属性可能取值的集合;Zq为有限域;q为素数;u,s,sl均为向量;为矩阵;ai,j为属性可能的取值;c0为密文组件;T表示转置运算;R是随机选择的均匀矩阵。where k is the number of attribute institutions; among them, A' i is the set of possible values of each attribute; Z q and is a finite field; q is a prime number; u, s, s l are all vectors; is a matrix; a i, j are the possible values of attributes; c 0 and is the ciphertext component; T represents the transpose operation; R is a randomly selected uniform matrix.

上述的格上支持策略隐藏的多机构加密方法,其中,所述的步骤S6中的用户解密过程为:The above-mentioned multi-institutional encryption method supporting policy hiding on the lattice, wherein, the user decryption process in the step S6 is:

输入公共参数PP,密文CT和用户私钥SK,如果用户的属性集不满足访问结构W,则输出⊥;否则可以成功解密,选择满足访问结构的最小属性集IA,计算明文其中的Li和Ll为拉格朗日系数,如果输出1,否则输出0;其中,ai,j为属性可能的取值;q为素数;k为属性机构的个数;为向量;T表示向量的转置运算。Input the public parameter PP, the ciphertext CT and the user's private key SK, if the user's attribute set does not satisfy the access structure W, then output ⊥; otherwise, it can be decrypted successfully, select the minimum attribute set I A that satisfies the access structure, and calculate the plaintext Among them, L i and L l are Lagrange coefficients, if Output 1, otherwise output 0; among them, a i, j are the possible values of attributes; q is a prime number; k is the number of attribute institutions; is a vector; T represents the transpose operation of the vector.

本发明与现有技术相比具有以下优点:Compared with the prior art, the present invention has the following advantages:

1、利用格理论来取代以往的双线性对,提高了系统的效率并且可以抵抗量子攻击;1. Use lattice theory to replace the previous bilinear pairing, which improves the efficiency of the system and can resist quantum attacks;

2、通过将访问结构转化为访问树,对树中的每个节点进行赋值,然后将访问策略嵌入到密文中,实现访问策略的完全隐藏以及细粒度的访问控制;隐藏访问策略的属性基加密方案,加密者可以指定解密方的角色;另外利用属性基加密的模糊性,用属性来描述对象,可以保护加密者的敏感信息;2. By converting the access structure into an access tree, assign a value to each node in the tree, and then embed the access policy into the ciphertext, to realize the complete hiding of the access policy and fine-grained access control; the attribute-based encryption of the hidden access policy In this scheme, the encryptor can specify the role of the decryptor; in addition, using the fuzziness of attribute-based encryption, using attributes to describe objects can protect the encryptor's sensitive information;

3、利用Shamir门限秘密共享机制,通过访问树来实现访问控制策略的与、或、门限三种操作,增加了系统的灵活性;3. Using the Shamir threshold secret sharing mechanism, the three operations of AND, OR, and threshold of the access control strategy are realized through the access tree, which increases the flexibility of the system;

4、基于格理论构造的多机构属性基加密方案,由多个属性机构管理不同的属性集合,为其权限下的用户分发密钥,避免了单个机构被攻破,系统的安全性受到威胁的问题。4. A multi-institution attribute-based encryption scheme based on lattice theory, in which multiple attribute institutions manage different attribute sets and distribute keys to users under their authority, avoiding the problem that a single institution is compromised and the security of the system is threatened .

附图说明Description of drawings

图1为本发明的方法流程图;Fig. 1 is method flowchart of the present invention;

图2为本发明的实施例中对本发明以及现有方法的对比。Fig. 2 is a comparison of the present invention and the existing method in the embodiment of the present invention.

具体实施方式Detailed ways

以下结合附图,通过详细说明一个较佳的具体实施例,对本发明做进一步阐述。The present invention will be further elaborated below by describing a preferred specific embodiment in detail in conjunction with the accompanying drawings.

如图1所示,本发明公开了一种格上支持策略隐藏的多机构加密方法,其包含以下步骤:S1、系统初始化时,生成公共参数和系统主私钥;S2、用户为自己的属性集申请密钥,属性机构根据公共参数、系统主私钥以及用户的属性集为其生成私钥;S3、将访问结构转化为对应的访问树以实现访问策略的完全隐藏;S4、数据所有者根据系统公共参数、明文和转化来的访问树,生成密文数据,然后上传到云服务器进行存储;S5、用户向云服务器发送访问请求,获得存储在云服务器中的密文数据;S6、用户使用从属性机构获得的私钥对从云服务器获得的密文数据进行解密,得到数据所有者的明文并进行相关后续操作。As shown in Figure 1, the present invention discloses a multi-mechanism encryption method supporting policy hiding on a grid, which includes the following steps: S1, generating public parameters and system master and private keys during system initialization; S2, users as their own attributes Set the application key, and the attribute organization generates a private key according to the public parameters, the system master private key and the user's attribute set; S3, transform the access structure into a corresponding access tree to realize the complete hiding of the access policy; S4, the data owner Generate ciphertext data according to the system public parameters, plaintext and converted access tree, and then upload it to the cloud server for storage; S5, the user sends an access request to the cloud server to obtain the ciphertext data stored in the cloud server; S6, the user Use the private key obtained from the attribute organization to decrypt the ciphertext data obtained from the cloud server, obtain the plaintext of the data owner and perform related follow-up operations.

下面用一个实施例来进一步阐述该方法:The method is further described with an embodiment below:

假设系统中有k个属性机构AAi(i=1,2,...,k),每个属性机构AAi利用格上的左抽样SampleLeft算法为其权限下的合法用户生成私钥,同时将私钥通过安全信道发送给用户;每个属性机构AAi管理ni个属性值。Assuming that there are k attribute organizations AA i (i=1,2,...,k) in the system, each attribute organization AA i uses the left sampling SampleLeft algorithm on the grid to generate private keys for its legitimate users, and at the same time Send the private key to the user through a secure channel; each attribute authority AA i manages n i attribute values.

示例地,以下给出上述步骤S1、步骤S2、步骤S3、步骤S4和步骤S6中关键过程的实施方法:By way of example, the implementation methods of the key processes in the above steps S1, S2, S3, S4 and S6 are given below:

步骤S1的具体过程为:输入安全参数λ,n,m,q,其中,λ为初始化阶段算法的输入参数为整数,n、m均为相关参数,q为素数;The specific process of step S1 is: input security parameters λ, n, m, q, where λ is the input parameter of the initialization stage algorithm is an integer, n and m are related parameters, and q is a prime number;

运行陷门生成算法,生成一个均匀随机的矩阵和格的格基然后选择一个均匀的随机向量输出公共参数PP={A,u},系统主私钥MSK={TA},其中,均为有限域,u1,u2,...,un为向量u的元素,λ为整数;Run the trapdoor generation algorithm to generate a uniform random matrix He case Geki Then choose a uniform random vector Output public parameter PP={A,u}, system master private key MSK={T A }, where, and are all finite fields, u 1 , u 2 ,..., u n are elements of vector u, and λ is an integer;

所述的陷门生成算法是指对于素数q=poly(n),n为正整数,m≥5nlogq,存在概率多项式时间算法TrapGen(q,n)生成均匀随机矩阵其中,A在上是统计均匀的,TA是格的陷门基,且其中,O表示时间复杂度。Described trapdoor generation algorithm refers to for prime number q=poly (n), n is a positive integer, m≥5nlogq, and existence probability polynomial time algorithm TrapGen (q, n) generates uniform random matrix and Among them, A is in above is statistically uniform, T A is the lattice the trapdoor base of Among them, O represents the time complexity.

步骤S2的具体过程为:输入系统公共参数PP,主私钥MSK,用户的属性集Au,系统利用(k,n′)Shamir门限秘密共享机制来计算随机向量u的k个划分,即k为门限值也是属性机构的个数,n′为将随机向量u划分的份数;然后再将k个划分随机向量分别发送给k个属性机构AAi,接着属性机构AAi对其管理的ni个属性值ai,j∈A′i,A′i为每个属性可能取值的集合,用(ti,ni)Shamir门限秘密共享机制对随机向量u′i进行划分,得到ni个随机向量分享u″i,j(i=1,2,...,k,j=1,2,...,ni),选择两个均匀随机矩阵计算矩阵Fi,j=A|A1,i+H(u″i,j)·A2,i,其中,H(·)为满二秩差分编码函数;The specific process of step S2 is: input the system public parameter PP, the master private key MSK, and the user attribute set A u , and the system uses the (k,n′)Shamir threshold secret sharing mechanism to calculate k divisions of the random vector u, that is, k is the threshold value is also the number of attribute institutions, n' is the number of shares to divide the random vector u; and then divide the k random vector u Send them to k attribute agencies AA i respectively, and then attribute agency AA i manages n i attribute values a i,j ∈ A′ i , where A′ i is a set of possible values for each attribute, use (t i ,n i ) The Shamir threshold secret sharing mechanism divides the random vector u′ i , and obtains n i random vectors to share u″ i,j (i=1,2,...,k,j=1,2,. ..,n i ), choose two uniform random matrices Calculation matrix F i,j =A|A 1,i +H(u″ i,j )·A 2,i , where H(·) is a full second-rank differential encoding function;

用户向属性机构请求密钥,二者进行交互,属性机构AAi运行左抽样算法,计算向量:ei,j←SampleLeft(A,A1,i+H(u″i,j)·A2,i,TA,u′i,j,σ),然后输出用户的私钥 The user requests the key from the attribute agency, and the two interact. The attribute agency AA i runs the left sampling algorithm to calculate the vector: e i,j ←SampleLeft(A,A 1,i +H(u″ i,j )·A 2 ,i, T A ,u′ i,j ,σ), and then output the user's private key

其中,当ai,j∈Au∩A′i时,向量ei,j表示用户的私钥;为每个属性可能取值的集合;为每个属性可能的取值;TA是格的陷门基,σ为参数;为有限域;A为均匀随机矩阵;ti是门限值;Among them, when a i,jA u ∩A′ i , the vector e i,j represents the user's private key; A collection of possible values for each attribute; Possible values for each attribute; T A is the lattice The trapdoor basis of , σ is a parameter; is a finite field; A is a uniform random matrix; t i is a threshold value;

所述的满二秩差分编码函数是指给定素数q,正整数n,满二秩差分编码函数可以将上用户的属性信息映射为Zq上的一个n×n的矩阵;对于输入的随机向量定义一个多项式令f为Zq[X]中不可简化的n阶多项式,则:The full two-rank differential coding function refers to a given prime number q, a positive integer n, a full two-rank differential coding function can The attribute information of the user above is mapped to an n×n matrix on Z q ; for the input random vector define a polynomial Let f be an irreducible polynomial of degree n in Z q [X], then:

其中,coeffs表示多项式系数组成的行向量;其中,均为有限域;Zq[X]为任意的域;X为x′i的集合,X为定义域,x′为自变量;H的含义是映射,将随机向量u″i,j映射为矩阵;Among them, coeffs represents a row vector composed of polynomial coefficients; among them, and Both are finite fields; Z q [X] is any field; X is the set of x′ i , X is the domain of definition, and x′ is the independent variable; the meaning of H is mapping, and the random vector u″ i, j is mapped as matrix;

所述的左抽样算法是指SampleLeft(A,M1,TA,u,σ):输入:一个秩为n的矩阵一个矩阵的格基一个向量和一个高斯参数输出:令矩阵F1=(A|M1);该算法输出一个向量其中,m,m1均为正整数;M1为矩阵,代表所述左抽样运算中的矩阵A1,i+H(u″i,j)·A2,i;ω为运算参数。The left sampling algorithm refers to SampleLeft(A,M 1 ,T A ,u,σ): Input: a matrix with rank n a matrix grid Geki a vector and a Gaussian parameter Output: Let matrix F 1 =(A|M 1 ); the algorithm outputs a vector Wherein, both m and m 1 are positive integers; M 1 is a matrix, representing the matrix A 1,i +H(u″ i,j )·A 2,i in the left sampling operation; ω is an operation parameter.

步骤S3中,访问结构转化为访问树过程为:访问结构采用多值属性的与、或、门限形式,数据所有者在对明文加密之前,先将访问结构W转化为一棵访问树Γ,树中的叶子节点表示属性,非叶子节点表示操作符,在访问树中,用相应的值来取代叶子节点的信息,不以明文的形式出现在访问结构中,用户在解密时不能获得有关数据所有者和其他解密者的任何信息,从而实现策略的完全隐藏;In step S3, the process of transforming the access structure into an access tree is as follows: the access structure adopts the form of AND, OR, and threshold of multi-valued attributes. Before encrypting the plaintext, the data owner first converts the access structure W into an access tree Γ, the tree The leaf nodes in the tree represent attributes, and the non-leaf nodes represent operators. In the access tree, the information of the leaf nodes is replaced by the corresponding value, which does not appear in the access structure in the form of plain text, and the user cannot obtain all relevant data when decrypting. any information of the author and other decryptors, so as to realize the complete concealment of the strategy;

所述的访问树是指通过shamir秘密共享机制来构造,设置访问树Γ的根节点设为向量s,同时随机选取向量其中,s1,s2,...,sn″为随机向量s的分量,T为向量的转置,并标记为已分配,其余的所有节点标记为未分配,对其余未分配的非叶子节点进行以下操作:The access tree is constructed through the shamir secret sharing mechanism, the root node of the access tree Γ is set as vector s, and the vector is randomly selected at the same time Among them, s 1 , s 2 ,...,s n″ are the components of the random vector s, T is the transpose of the vector, and marked as allocated, and all other nodes are marked as unallocated, and the remaining unallocated non- The leaf nodes perform the following operations:

A、如果该节点的操作符为∧,并且其孩子节点为未分配,则随机选择向量其中的n″为其孩子节点的个数,并对第n″个孩子节点赋值为向量并将这些节点标记为已分配;A. If the operator of the node is ∧, and its child node is unassigned, randomly select the vector Among them, n" is the number of its child nodes, and the n"th child node is assigned a vector and mark those nodes as allocated;

B、如果该节点的操作符为∨,并且其孩子节点为未分配,则将其所有的孩子节点的值设置为s,并将这些节点标记为已分配;B. If the operator of the node is ∨, and its child nodes are unassigned, set the value of all its child nodes to s, and mark these nodes as allocated;

C、如果该节点的操作符为of,并且其孩子节点为未分配,则利用shamir(t,n″)门限秘密共享机制对向量进行分割,其中的t为门限值,n″为孩子节点数,将第l个孩子节点赋值为向量然后将这些节点标记为已分配;其中的l为访问树中叶子节点的属性索引;为有限域;其中P是素数,P的含义为域中的运算模。C. If the operator of the node is of and its child node is unassigned, use the shamir(t,n″) threshold secret sharing mechanism to vector Carry out segmentation, where t is the threshold value, n″ is the number of child nodes, and the lth child node is assigned as a vector Then mark these nodes as allocated; where l is the attribute index of the leaf node in the access tree; is a finite field; where P is a prime number, and the meaning of P is Modulus of operations in the domain.

步骤S4中,密文生成过程为:输入系统公共参数PP,明文b∈{0,1},由访问结构W转化来的访问树Γ,令参数K=(k!d!)2,其中的选择均匀随机矩阵R∈{-1,1}m×m,然后选择噪音干扰项x∈Zq令向量z=RTxi,j,对每个叶子节点l计算: 输出密文 In step S4, the ciphertext generation process is: input system public parameter PP, plaintext b∈{0,1}, access tree Γ converted from access structure W, set parameter K=(k!d!) 2 , where Choose a uniform random matrix R∈{-1,1} m×m , then choose the noise interference term x∈Z q and Let the vector z=R T x i,j calculate for each leaf node l: output ciphertext

其中k为属性机构的个数;其中,A′i为每个属性可能取值的集合;Zq为有限域;q为素数;u,s,sl均为向量;为矩阵;ai,j为属性可能的取值;c0为密文组件;T表示转置运算;R是随机选择的均匀矩阵。where k is the number of attribute institutions; among them, A' i is the set of possible values of each attribute; Z q and is a finite field; q is a prime number; u, s, s l are all vectors; is a matrix; a i, j are the possible values of attributes; c 0 and is the ciphertext component; T represents the transpose operation; R is a randomly selected uniform matrix.

步骤S6中,用户解密过程为:输入公共参数PP,密文CT和用户私钥SK,如果用户的属性集不满足访问结构W,则输出⊥;否则可以成功解密,选择满足访问结构的最小属性集IA,计算明文其中的Li和Ll为拉格朗日系数,如果输出1,否则输出0;其中,ai,j为属性可能的取值;q为素数;k为属性机构的个数;为向量;T表示向量的转置运算。In step S6, the user’s decryption process is as follows: input the public parameter PP, ciphertext CT and user’s private key SK, if the user’s attribute set does not satisfy the access structure W, then output ⊥; otherwise, it can be successfully decrypted, and select the minimum attribute that satisfies the access structure Set I A , compute the plaintext Among them, L i and L l are Lagrange coefficients, if Output 1, otherwise output 0; among them, a i, j are the possible values of attributes; q is a prime number; k is the number of attribute institutions; is a vector; T represents the transpose operation of the vector.

下面用一个实例来阐述本方法。The method is illustrated below with an example.

N表示系统的属性总数,Au为用户的属性个数,Ae为加密的属性个数,q,n,m均为相关参数,q为素数,n为正整数,m为整数,k为属性机构的个数,d表示属性的分层深度。N represents the total number of attributes of the system, A u is the number of user attributes, A e is the number of encrypted attributes, q, n, m are related parameters, q is a prime number, n is a positive integer, m is an integer, k is The number of attribute organizations, d represents the layering depth of the attribute.

从图2可以看出,LIU Ximeng等人的方案在上述四个方面的长度明显大于ZHANGGuoyan等人的方案和本发明。本发明虽然用户私钥长度大于ZHANG Guoyan等人的方案,但是鉴于用户的私钥存储在本地,因此导致的系统性能减小可以忽略。总体而言,本发明在性能上优于其他两种方案。It can be seen from Fig. 2 that the scheme of LIU Ximeng et al. is significantly longer than the scheme of ZHANGGuoyan et al. and the present invention in the above four aspects. Although the length of the user's private key in the present invention is greater than that of ZHANG Guoyan et al.'s scheme, since the user's private key is stored locally, the reduction in system performance can be ignored. Overall, the present invention is superior to the other two schemes in performance.

尽管本发明的内容已经通过上述优选实施例作了详细介绍,但应当认识到上述的描述不应被认为是对本发明的限制。在本领域技术人员阅读了上述内容后,对于本发明的多种修改和替代都将是显而易见的。因此,本发明的保护范围应由所附的权利要求来限定。Although the content of the present invention has been described in detail through the above preferred embodiments, it should be understood that the above description should not be considered as limiting the present invention. Various modifications and alterations to the present invention will become apparent to those skilled in the art upon reading the above disclosure. Therefore, the protection scope of the present invention should be defined by the appended claims.

Claims (7)

1.一种格上支持策略隐藏的多机构加密方法,其特征在于,包含以下步骤:1. a multi-organization encryption method supporting strategy hiding on a lattice, is characterized in that, comprises the following steps: S1、系统初始化时,生成公共参数和系统主私钥;S1. When the system is initialized, public parameters and the system master private key are generated; S2、用户为自己的属性集申请密钥,属性机构根据公共参数、系统主私钥以及用户的属性集为其生成私钥;S2. The user applies for a key for his own attribute set, and the attribute agency generates a private key for him according to the public parameters, the system master private key and the user's attribute set; S3、将访问结构转化为对应的访问树以实现访问策略的完全隐藏;S3. Transform the access structure into a corresponding access tree to completely hide the access strategy; S4、数据所有者根据系统公共参数、明文和转化来的访问树,生成密文数据,然后上传到云服务器进行存储;S4. The data owner generates ciphertext data according to the system public parameters, plaintext and converted access tree, and then uploads it to the cloud server for storage; S5、用户向云服务器发送访问请求,获得存储在云服务器中的密文数据;S5. The user sends an access request to the cloud server to obtain the ciphertext data stored in the cloud server; S6、用户使用从属性机构获得的私钥对从云服务器获得的密文数据进行解密,得到数据所有者的明文并进行相关后续操作。S6. The user uses the private key obtained from the attribute organization to decrypt the ciphertext data obtained from the cloud server, obtains the plaintext of the data owner, and performs related follow-up operations. 2.如权利要求1所述的格上支持策略隐藏的多机构加密方法,其特征在于,所述步骤S1的过程具体为:2. The multi-organization encryption method supporting policy hiding on the grid as claimed in claim 1, wherein the process of the step S1 is specifically: 输入安全参数λ,n,m,q,其中,λ为初始化阶段算法的输入参数为整数,n、m均为相关参数,q为素数;Input security parameters λ, n, m, q, where λ is the input parameter of the algorithm in the initialization stage is an integer, n and m are related parameters, and q is a prime number; 运行陷门生成算法,生成一个均匀随机的矩阵和格的格基然后选择一个均匀的随机向量输出公共参数PP={A,u},系统主私钥MSK={TA},其中,均为有限域,u1,u2,...,un为向量u的元素;Run the trapdoor generation algorithm to generate a uniform random matrix He case Geki Then choose a uniform random vector Output public parameter PP={A,u}, system master private key MSK={T A }, where, and are finite fields, u 1 , u 2 ,..., u n are the elements of vector u; 所述的陷门生成算法是指对于素数q=poly(n),n为正整数,存在概率多项式时间算法TrapGen(q,n)生成均匀随机矩阵其中,m≥5nlogq,A在上是统计均匀的,TA是格的陷门基,且其中,O表示时间复杂度。Described trapdoor generating algorithm refers to that for prime number q=poly(n), n is a positive integer, and the existence probability polynomial time algorithm TrapGen(q, n) generates uniform random matrix and Among them, m≥5nlogq, A in above is statistically uniform, T A is the lattice the trapdoor base of Among them, O represents the time complexity. 3.如权利要求2所述的格上支持策略隐藏的多机构加密方法,其特征在于,所述步骤S2中的具体过程为:3. The multi-organization encryption method supporting strategy hiding on the lattice as claimed in claim 2, is characterized in that, the specific process in the described step S2 is: 输入系统公共参数PP,主私钥MSK,用户的属性集Au,系统利用(k,n′)Shamir门限秘密共享机制来计算随机向量u的k个划分,即k为门限值也是属性机构的个数,n′为将随机向量u划分的份数;然后再将k个划分随机向量分别发送给k个属性机构AAi,接着属性机构AAi对其管理的ni个属性值ai,j∈A′i,A′i为每个属性可能取值的集合,用(ti,ni)Shamir门限秘密共享机制对随机向量u′i进行划分,u′i是u的向量分量,ti是门限值,得到ni个随机向量分享u″i,j(i=1,2,...,k,j=1,2,...,ni),选择两个均匀随机矩阵A1,i,计算矩阵Fi,j=A|A1,i+H(u″i,j)·A2,i,其中,H(·)为满二秩差分编码函数;Input system public parameter PP, master private key MSK, user attribute set A u , the system uses (k,n′)Shamir threshold secret sharing mechanism to calculate k divisions of random vector u, that is, k is the threshold value and also the attribute mechanism The number of , n' is the number of parts to divide the random vector u; and then divide the k random vectors Send them to k attribute agencies AA i respectively, and then attribute agency AA i manages n i attribute values a i,j ∈ A′ i , where A′ i is a set of possible values for each attribute, use (t i ,n i ) The Shamir threshold secret sharing mechanism divides the random vector u′ i , u′ i is the vector component of u, t i is the threshold value, and n i random vectors are obtained to share u″ i,j (i=1 ,2,...,k,j=1,2,...,n i ), choose two uniform random matrices A 1,i , Calculation matrix F i,j =A|A 1,i +H(u″ i,j )·A 2,i , where H(·) is a full second-rank differential encoding function; 用户向属性机构请求密钥,二者进行交互,属性机构AAi运行左抽样算法,计算向量:ei,j←SampleLeft(A,A1,i+H(u″i,j)·A2,i,TA,u′i,j,σ),然后输出用户的私钥其中,当ai,j∈Au∩A′i时,向量ei,j表示用户的私钥;为每个属性可能取值的集合;为每个属性可能的取值;σ为参数;为有限域。The user requests the key from the attribute agency, and the two interact. The attribute agency AA i runs the left sampling algorithm to calculate the vector: e i,j ←SampleLeft(A,A 1,i +H(u″ i,j )·A 2 ,i ,T A ,u′ i,j ,σ), and then output the user's private key Among them, when a i,jA u ∩A′ i , the vector e i,j represents the user's private key; A collection of possible values for each attribute; Possible values for each attribute; σ is a parameter; is a finite field. 4.如权利要求3所述的格上支持策略隐藏的多机构加密方法,其特征在于:4. the multi-organization encryption method that supports policy concealment on lattice as claimed in claim 3, is characterized in that: 所述的满二秩差分编码函数是指给定素数q,正整数n,满二秩差分编码函数可以将上用户的属性信息映射为Zq上的一个n×n的矩阵;对于输入的随机向量定义一个多项式令f为Zq[X]中不可简化的n阶多项式,则:The full two-rank differential coding function refers to a given prime number q, a positive integer n, a full two-rank differential coding function can The attribute information of the user above is mapped to an n×n matrix on Z q ; for the input random vector define a polynomial Let f be an irreducible polynomial of degree n in Z q [X], then: 其中,coeffs表示多项式系数组成的行向量;其中,均为有限域;Zq[X]为任意的域;X为x′i的集合,X为定义域,x′为自变量;H的含义是映射,将随机向量u″i,j映射为矩阵;Among them, coeffs represents a row vector composed of polynomial coefficients; among them, and Both are finite fields; Z q [X] is any field; X is the set of x′ i , X is the domain of definition, and x′ is the independent variable; the meaning of H is mapping, and the random vector u″ i, j is mapped as matrix; 所述的左抽样算法是指SampleLeft(A,M1,TA,u,σ):输入:一个秩为n的矩阵一个矩阵的格基一个向量和一个高斯参数输出:令矩阵F1=(A|M1);该算法输出一个向量其中,m,m1均为正整数;M1为矩阵,代表所述左抽样运算中的矩阵A1,i+H(u″i,j)·A2,i;ω为运算参数;σ为高斯参数。The left sampling algorithm refers to SampleLeft(A,M 1 ,T A ,u,σ): Input: a matrix with rank n a matrix grid Geki a vector and a Gaussian parameter Output: Let matrix F 1 =(A|M 1 ); the algorithm outputs a vector Wherein, m, m 1 are all positive integers; M 1 is a matrix, representing the matrix A 1,i +H(u″ i,j )·A 2,i in the left sampling operation; ω is an operation parameter; σ is a Gaussian parameter. 5.如权利要求3所述的格上支持策略隐藏的多机构加密方法,其特征在于,所述步骤S3中访问结构转化为访问树过程为:5. The multi-organization encryption method supporting policy hiding on the grid as claimed in claim 3, wherein, in the step S3, the access structure is converted into an access tree process as follows: 访问结构采用多值属性的与、或、门限形式,数据所有者在对明文加密之前,先将访问结构W转化为一棵访问树Γ,树中的叶子节点表示属性,非叶子节点表示操作符,在访问树中,用相应的值来取代叶子节点的信息,不以明文的形式出现在访问结构中,用户在解密时不能获得有关数据所有者和其他解密者的任何信息,从而实现策略的完全隐藏;The access structure adopts the form of AND, OR, and threshold of multi-valued attributes. Before encrypting the plaintext, the data owner first converts the access structure W into an access tree Γ. The leaf nodes in the tree represent attributes, and the non-leaf nodes represent operators. , in the access tree, replace the leaf node information with the corresponding value, which does not appear in the access structure in the form of plain text, and the user cannot obtain any information about the data owner and other decryptors when decrypting, so as to realize the policy completely hidden; 所述的访问树是指通过shamir秘密共享机制来构造,设置访问树Γ的根节点设为向量s,同时随机选取向量其中,s1,s2,...,sn″为随机向量s的分量,T为向量的转置,并标记为已分配,其余的所有节点标记为未分配,对其余未分配的非叶子节点进行以下操作:The access tree is constructed through the shamir secret sharing mechanism, the root node of the access tree Γ is set as vector s, and the vector is randomly selected at the same time Among them, s 1 , s 2 ,...,s n ″ are the components of the random vector s, T is the transposition of the vector, and marked as allocated, and all other nodes are marked as unallocated, and the rest of the unallocated non The leaf nodes perform the following operations: A、如果该节点的操作符为∧,并且其孩子节点为未分配,则随机选择向量其中的n″为其孩子节点的个数,并对第n″个孩子节点赋值为向量并将这些节点标记为已分配;A. If the operator of the node is ∧, and its child node is unassigned, randomly select the vector Among them, n" is the number of its child nodes, and the n"th child node is assigned a vector and mark those nodes as allocated; B、如果该节点的操作符为∨,并且其孩子节点为未分配,则将其所有的孩子节点的值设置为s,并将这些节点标记为已分配;B. If the operator of the node is ∨, and its child nodes are unassigned, set the value of all its child nodes to s, and mark these nodes as allocated; C、如果该节点的操作符为of,并且其孩子节点为未分配,则利用shamir(t,n″)门限秘密共享机制对向量进行分割,其中的t为门限值,n″为孩子节点数,将第l个孩子节点赋值为向量然后将这些节点标记为已分配;其中的l为访问树中叶子节点的属性索引;为有限域;其中P是素数,P的含义为域中的运算模。C. If the operator of the node is of and its child node is unassigned, use the shamir(t,n″) threshold secret sharing mechanism to vector Carry out segmentation, where t is the threshold value, n″ is the number of child nodes, and the lth child node is assigned as a vector Then mark these nodes as allocated; where l is the attribute index of the leaf node in the access tree; is a finite field; where P is a prime number, and the meaning of P is Modulus of operations in the domain. 6.如权利要求5所述的格上支持策略隐藏的多机构加密方法,其特征在于,所述的步骤S4中的密文生成过程为:6. The multi-organization encryption method supporting strategy hiding on the lattice as claimed in claim 5, is characterized in that, the ciphertext generation process in the described step S4 is: 输入系统公共参数PP,明文b∈{0,1},由访问结构W转化来的访问树Γ,令参数K=(k!d!)2,其中的选择均匀随机矩阵R∈{-1,1}m×m,然后选择噪音干扰项x∈Zq令向量z=RTxi,j,对每个叶子节点l计算:输出密文 Input system public parameter PP, plaintext b∈{0,1}, access tree Γ converted from access structure W, set parameter K=(k!d!) 2 , where Choose a uniform random matrix R∈{-1,1} m×m , then choose the noise interference term x∈Z q and Let the vector z=R T x i,j calculate for each leaf node l: output ciphertext 其中k为属性机构的个数;其中,A′i为每个属性可能取值的集合;Zq为有限域;q为素数;u,s,sl均为向量;为矩阵;ai,j为属性可能的取值;c0为密文组件;T表示转置运算;R是随机选择的均匀矩阵。where k is the number of attribute institutions; among them, A' i is the set of possible values of each attribute; Z q and is a finite field; q is a prime number; u, s, s l are all vectors; is a matrix; a i, j are the possible values of attributes; c 0 and is the ciphertext component; T represents the transpose operation; R is a randomly selected uniform matrix. 7.如权利要求6所述的格上支持策略隐藏的多机构加密方法,其特征在于,所述的步骤S6中的用户解密过程为:7. The multi-organization encryption method supporting policy hiding on the grid as claimed in claim 6, wherein the user decryption process in the described step S6 is: 输入公共参数PP,密文CT和用户私钥SK,如果用户的属性集不满足访问结构W,则输出⊥;否则可以成功解密,选择满足访问结构的最小属性集IA,计算明文其中的Li和Ll为拉格朗日系数,如果输出1,否则输出0;其中,ai,j为属性可能的取值;q为素数;k为属性机构的个数;为向量;T表示向量的转置运算。Input the public parameter PP, the ciphertext CT and the user's private key SK, if the user's attribute set does not satisfy the access structure W, then output ⊥; otherwise, it can be decrypted successfully, select the minimum attribute set I A that satisfies the access structure, and calculate the plaintext Among them, L i and L l are Lagrange coefficients, if Output 1, otherwise output 0; among them, a i, j are the possible values of attributes; q is a prime number; k is the number of attribute institutions; is a vector; T represents the transpose operation of the vector.
CN201810326938.0A 2018-04-12 2018-04-12 The hiding multimachine structure encryption method of support policy on a kind of lattice Pending CN108512662A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810326938.0A CN108512662A (en) 2018-04-12 2018-04-12 The hiding multimachine structure encryption method of support policy on a kind of lattice

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810326938.0A CN108512662A (en) 2018-04-12 2018-04-12 The hiding multimachine structure encryption method of support policy on a kind of lattice

Publications (1)

Publication Number Publication Date
CN108512662A true CN108512662A (en) 2018-09-07

Family

ID=63381984

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810326938.0A Pending CN108512662A (en) 2018-04-12 2018-04-12 The hiding multimachine structure encryption method of support policy on a kind of lattice

Country Status (1)

Country Link
CN (1) CN108512662A (en)

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109525385A (en) * 2018-11-23 2019-03-26 全链通有限公司 A kind of packaging method of shared key, first node and second node
CN109740364A (en) * 2019-01-04 2019-05-10 大连大学 Attribute-based ciphertext search method with controllable search authority
CN110247761A (en) * 2019-06-18 2019-09-17 西安电子科技大学 The ciphertext policy ABE encryption method of attribute revocation is supported on a kind of lattice
CN110635909A (en) * 2019-10-16 2019-12-31 淮北师范大学 An attribute-based proxy re-encryption method against collusion attacks
CN110753056A (en) * 2019-10-25 2020-02-04 高秀芬 Non-interactive encryption access control method
CN110912691A (en) * 2019-11-15 2020-03-24 任子行网络技术股份有限公司 A ciphertext distribution method, device, system and storage medium based on on-grid access control encryption algorithm in cloud environment
CN111651788A (en) * 2020-06-03 2020-09-11 山东省计算中心(国家超级计算济南中心) A terminal access control system and method based on lattice password
CN111861473A (en) * 2020-07-31 2020-10-30 贵州光奕科科技有限公司 Electronic bidding system and method
CN111970106A (en) * 2020-08-19 2020-11-20 北京邮电大学 Short ciphertext attribute-based encryption method and system supporting full homomorphism in lattice
CN112035855A (en) * 2020-08-14 2020-12-04 吴小兵 Access control system based on privacy information on crowd funding platform
CN112118101A (en) * 2020-09-23 2020-12-22 山东建筑大学 A Post-Quantum Secure Dynamic Data Sharing Method
CN112287368A (en) * 2020-10-29 2021-01-29 重庆大学 A Searchable Encryption Method for Cloud Storage Based on Attribute Base on Lattice
CN112291053A (en) * 2020-11-06 2021-01-29 中国科学院重庆绿色智能技术研究院 A CP-ABE Method Based on Lattice and Basic Access Tree
CN112929153A (en) * 2021-02-23 2021-06-08 上海麟羿信息科技有限公司 Data multi-stage encryption system and method based on complete homomorphic encryption
CN112926078A (en) * 2021-04-23 2021-06-08 电子科技大学 Compact multi-target attribute-based addition homomorphic encryption method
CN113033943A (en) * 2020-12-28 2021-06-25 航天科工网络信息发展有限公司 Distributed unified management method applied to national defense industry supply chain
CN113343258A (en) * 2021-06-09 2021-09-03 哈尔滨学院 Attribute-based agent re-encryption method applicable to lattice-based ciphertext strategy shared by body test result cloud
CN113468556A (en) * 2021-06-07 2021-10-01 北京邮电大学 Data access control method with complete strategy hiding and related equipment thereof
CN114024676A (en) * 2022-01-05 2022-02-08 华中科技大学 Post-quantum encryption and decryption method, system, equipment and medium based on identity identification
CN114218604A (en) * 2021-12-14 2022-03-22 华南农业大学 Attribute-based encryption method, device and medium with hierarchical extensible access policy
CN114826759A (en) * 2022-05-11 2022-07-29 贵州大学 Verifiable fine-grained access control inner product function encryption method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106209790A (en) * 2016-06-28 2016-12-07 电子科技大学 A kind of hiding Ciphertext policy efficiently can verify that outsourcing attribute base encryption method
WO2017076705A1 (en) * 2015-11-03 2017-05-11 Commissariat A L'energie Atomique Et Aux Energies Alternatives Method of encryption based on the attributes comprising a pre-calculation phase
CN107682157A (en) * 2017-10-11 2018-02-09 河南理工大学 More mechanical properties base encryption methods based on LWE on a kind of new lattice

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017076705A1 (en) * 2015-11-03 2017-05-11 Commissariat A L'energie Atomique Et Aux Energies Alternatives Method of encryption based on the attributes comprising a pre-calculation phase
CN106209790A (en) * 2016-06-28 2016-12-07 电子科技大学 A kind of hiding Ciphertext policy efficiently can verify that outsourcing attribute base encryption method
CN107682157A (en) * 2017-10-11 2018-02-09 河南理工大学 More mechanical properties base encryption methods based on LWE on a kind of new lattice

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
闫玺玺等: "云环境下基于LWE的多机构属性基加密方案", 《信息网络安全》 *
闫玺玺等: "理想格上支持隐私保护的属性基加密方案", 《通信学报》 *

Cited By (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109525385A (en) * 2018-11-23 2019-03-26 全链通有限公司 A kind of packaging method of shared key, first node and second node
CN109740364A (en) * 2019-01-04 2019-05-10 大连大学 Attribute-based ciphertext search method with controllable search authority
CN110247761B (en) * 2019-06-18 2021-04-20 西安电子科技大学 A ciphertext policy attribute encryption method supporting attribute revocation on lattice
CN110247761A (en) * 2019-06-18 2019-09-17 西安电子科技大学 The ciphertext policy ABE encryption method of attribute revocation is supported on a kind of lattice
CN110635909A (en) * 2019-10-16 2019-12-31 淮北师范大学 An attribute-based proxy re-encryption method against collusion attacks
CN110753056A (en) * 2019-10-25 2020-02-04 高秀芬 Non-interactive encryption access control method
CN110912691A (en) * 2019-11-15 2020-03-24 任子行网络技术股份有限公司 A ciphertext distribution method, device, system and storage medium based on on-grid access control encryption algorithm in cloud environment
CN111651788A (en) * 2020-06-03 2020-09-11 山东省计算中心(国家超级计算济南中心) A terminal access control system and method based on lattice password
CN111651788B (en) * 2020-06-03 2022-06-10 山东省计算中心(国家超级计算济南中心) Terminal access control system and method based on lattice code
CN111861473A (en) * 2020-07-31 2020-10-30 贵州光奕科科技有限公司 Electronic bidding system and method
CN112035855A (en) * 2020-08-14 2020-12-04 吴小兵 Access control system based on privacy information on crowd funding platform
CN111970106A (en) * 2020-08-19 2020-11-20 北京邮电大学 Short ciphertext attribute-based encryption method and system supporting full homomorphism in lattice
CN111970106B (en) * 2020-08-19 2021-11-05 北京邮电大学 Short ciphertext attribute-based encryption method and system supporting full homomorphism in lattice
CN112118101B (en) * 2020-09-23 2023-07-28 山东建筑大学 A post-quantum secure dynamic data sharing method
CN112118101A (en) * 2020-09-23 2020-12-22 山东建筑大学 A Post-Quantum Secure Dynamic Data Sharing Method
CN112287368A (en) * 2020-10-29 2021-01-29 重庆大学 A Searchable Encryption Method for Cloud Storage Based on Attribute Base on Lattice
CN112287368B (en) * 2020-10-29 2024-02-13 重庆大学 Cloud storage searchable encryption method based on lattice attribute base
CN112291053A (en) * 2020-11-06 2021-01-29 中国科学院重庆绿色智能技术研究院 A CP-ABE Method Based on Lattice and Basic Access Tree
CN112291053B (en) * 2020-11-06 2022-10-25 中国科学院重庆绿色智能技术研究院 A CP-ABE Method Based on Lattice and Basic Access Tree
CN113033943A (en) * 2020-12-28 2021-06-25 航天科工网络信息发展有限公司 Distributed unified management method applied to national defense industry supply chain
CN113033943B (en) * 2020-12-28 2024-03-29 航天科工网络信息发展有限公司 Distributed unified management method applied to national defense industry supply chain
CN112929153B (en) * 2021-02-23 2022-07-22 上海麟羿信息科技有限公司 Data multi-stage encryption system and method based on complete homomorphic encryption
CN112929153A (en) * 2021-02-23 2021-06-08 上海麟羿信息科技有限公司 Data multi-stage encryption system and method based on complete homomorphic encryption
CN112926078B (en) * 2021-04-23 2022-12-27 电子科技大学 Compact multi-target attribute-based addition homomorphic encryption method
CN112926078A (en) * 2021-04-23 2021-06-08 电子科技大学 Compact multi-target attribute-based addition homomorphic encryption method
CN113468556B (en) * 2021-06-07 2023-07-25 北京邮电大学 Data access control method with complete policy hiding and related equipment thereof
CN113468556A (en) * 2021-06-07 2021-10-01 北京邮电大学 Data access control method with complete strategy hiding and related equipment thereof
CN113343258A (en) * 2021-06-09 2021-09-03 哈尔滨学院 Attribute-based agent re-encryption method applicable to lattice-based ciphertext strategy shared by body test result cloud
CN114218604A (en) * 2021-12-14 2022-03-22 华南农业大学 Attribute-based encryption method, device and medium with hierarchical extensible access policy
CN114218604B (en) * 2021-12-14 2024-07-12 华南农业大学 Attribute-based encryption method, device and medium with hierarchical extensible access policy
CN114024676A (en) * 2022-01-05 2022-02-08 华中科技大学 Post-quantum encryption and decryption method, system, equipment and medium based on identity identification
CN114826759A (en) * 2022-05-11 2022-07-29 贵州大学 Verifiable fine-grained access control inner product function encryption method
CN114826759B (en) * 2022-05-11 2023-10-03 贵州大学 Verifiable fine grain access control inner product function encryption method

Similar Documents

Publication Publication Date Title
CN108512662A (en) The hiding multimachine structure encryption method of support policy on a kind of lattice
Yang et al. Privacy-preserving attribute-keyword based data publish-subscribe service on cloud platforms
Li et al. Fine-grained data access control systems with user accountability in cloud computing
Jung et al. Privacy preserving cloud data access with multi-authorities
Kumar et al. Secure storage and access of data in cloud computing
CN104168108B (en) It is a kind of to reveal the traceable attribute base mixed encryption method of key
CN104320393B (en) The controllable efficient attribute base proxy re-encryption method of re-encryption
CN111130757A (en) Multi-cloud CP-ABE access control method based on block chain
CN108111540B (en) Hierarchical access control system and method supporting data sharing in cloud storage
CN110635909B (en) Attribute-based collusion attack resistant proxy re-encryption method
CN105100083B (en) An attribute-based encryption method and system that protects privacy and supports user revocation
Zhou et al. Privacy-preserved access control for cloud computing
CN108989026A (en) A kind of voidable method of user property under publish/subscribe environment
CN108833077A (en) Encryption and decryption method based on outsourcing classifier based on homomorphic OU cipher
CN111859444A (en) A blockchain data supervision method and system based on attribute encryption
Zhang et al. Feacs: A flexible and efficient access control scheme for cloud computing
CN107154845A (en) A kind of BGN types ciphertext decryption outsourcing scheme based on attribute
CN106878322A (en) An Encryption and Decryption Method Based on Attribute-Based Fixed-length Ciphertext and Key
CN107086912A (en) Ciphertext conversion method, decryption method and system in a heterogeneous storage system
Pandian Development of secure cloud based storage using the elgamal hyper elliptic curve cryptography with fuzzy logic based integer selection
Sabitha et al. Access control based privacy preserving secure data sharing with hidden access policies in cloud
Nooh Cloud Cryptography: User End Encryption
CN113872757B (en) Broadcast encryption method based on SM2 public key encryption algorithm
Cheng et al. Obfuscation for multi‐use re‐encryption and its application in cloud computing
Chuang et al. An Efficient GDPR-Compliant Data Management for IoHT Applications

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180907