CN108512662A - The hiding multimachine structure encryption method of support policy on a kind of lattice - Google Patents
The hiding multimachine structure encryption method of support policy on a kind of lattice Download PDFInfo
- Publication number
- CN108512662A CN108512662A CN201810326938.0A CN201810326938A CN108512662A CN 108512662 A CN108512662 A CN 108512662A CN 201810326938 A CN201810326938 A CN 201810326938A CN 108512662 A CN108512662 A CN 108512662A
- Authority
- CN
- China
- Prior art keywords
- vector
- attribute
- user
- access
- matrix
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 230000007246 mechanism Effects 0.000 claims abstract description 40
- 239000013598 vector Substances 0.000 claims description 80
- 239000011159 matrix material Substances 0.000 claims description 40
- 230000008569 process Effects 0.000 claims description 17
- 238000005070 sampling Methods 0.000 claims description 10
- 238000013507 mapping Methods 0.000 claims description 6
- 238000005192 partition Methods 0.000 claims description 6
- 230000017105 transposition Effects 0.000 claims description 6
- 238000000638 solvent extraction Methods 0.000 claims description 3
- 230000002123 temporal effect Effects 0.000 claims description 3
- 238000011522 transarterial infusion chemotherapy Methods 0.000 claims description 3
- 241000764238 Isis Species 0.000 claims description 2
- 238000011160 research Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 239000003643 water by type Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses the multimachine structure encryption methods that support policy on a kind of lattice is hidden, and it includes following steps:When S1, system initialization, common parameter and main system private key are generated;S2, user are the property set application key of oneself, and attribute mechanism generates private key according to common parameter, main system private key and the property set of user for it;S3, access structure is converted to corresponding access tree to realize hiding completely for access strategy;S4, data owner generate ciphertext data, then upload to Cloud Server and stored according to system common parameter, plaintext and the access tree being converted;S5, user send access request to Cloud Server, obtain the ciphertext data being stored in Cloud Server;The ciphertext data obtained from Cloud Server are decrypted in the private key that S6, user are obtained using dependence mechanism, obtain the plaintext of data owner and carry out relevant subsequent operation.Its advantage is that:The efficiency of system can be improved and quantum attack, the privacy of effective protection user can be resisted.
Description
Technical Field
The invention relates to the technical field of cloud environment and cryptography, in particular to a multi-mechanism encryption method supporting policy hiding in a lattice mode.
Background
With the development of information technology, data of private persons and enterprises are more and more, and a big data form is presented, so that the development of cloud computing is promoted, people tend to store the data in a cloud, convenience is realized, cost and resources are saved, and the method is particularly suitable for small and medium-sized enterprises. However, while convenience is brought, there are some problems, especially in the cloud storage security events that are continuously occurring in recent years, people store data in the cloud, the data inevitably contain privacy information of users, and the users lose control over sensitive data, a server in the cloud may access data that are interesting to the users for curiosity or business interests, and an illegal user may snoop or tamper on the privacy of the users. Therefore, before the user stores the data in the cloud, the encryption processing of the data is an effective method. In 2005, Sahai and Waters proposed an Attribute Based Encryption (ABE) scheme, which quickly became a hotspot in research by learners and in recent years was one of the hot problems in cryptology research, wherein attribute based encryption associates a user identity with a series of attributes, and the user can decrypt shared data only when the user attributes satisfy an access structure set by the data owner. Attribute-based encryption is now considered a promising cryptographic primitive in terms of achieving information security and flexible access control. However, in cloud storage, a data owner outsources own data to a cloud server, and when an access policy is customized to generate a ciphertext, the access rule and the ciphertext are usually issued together, so that any user trying to decrypt in the system can push out some sensitive information (even push out a possible receiver), so that personal data of the user is at a high risk of leakage (for example, a potential profit mode of the ciphertext issued by a merchant can be analyzed, or private information of the user is analyzed for the ciphertext issued by a patient in a personal health record system, and the like), and therefore, in order to prevent leakage of the private information, the access policy is often required to be hidden during encryption. Meanwhile, most of the encryption methods based on the lattices are managed by a single trusted authority, so that the security is not high, and the actual application requirements are not met. In addition, the novel password scheme constructed based on the lattice theory has the advantages of parallelism, simple operation, quantum attack resistance and the like, and becomes a new hotspot for the research of the later quantum era. Therefore, based on the lattice password and the encryption algorithm supporting the strategy hiding, the design of the multi-mechanism encryption method supporting the strategy hiding in a lattice manner has important significance.
Disclosure of Invention
The invention aims to provide a multi-mechanism encryption method for supporting policy hiding in a lattice manner, which can improve the efficiency of a system, resist quantum attack, effectively protect the privacy of a user, increase the flexibility of the system and avoid the problem that the security of the system is threatened by a single mechanism which is attacked.
In order to achieve the purpose, the invention is realized by the following technical scheme:
a multi-mechanism encryption method supporting policy hiding in a lattice manner is characterized by comprising the following steps:
s1, generating public parameters and a system master private key when the system is initialized;
s2, the user applies for a key for the own attribute set, and the attribute mechanism generates a private key for the user according to the public parameter, the system master private key and the attribute set of the user;
s3, converting the access structure into a corresponding access tree to realize complete hiding of the access strategy;
s4, generating ciphertext data by the data owner according to the system public parameters, the plaintext and the converted access tree, and uploading the ciphertext data to the cloud server for storage;
s5, the user sends an access request to the cloud server to obtain ciphertext data stored in the cloud server;
and S6, the user decrypts the ciphertext data obtained from the cloud server by using the private key obtained from the attribute mechanism to obtain the plaintext of the data owner and perform related subsequent operations.
The above multi-mechanism encryption method for supporting policy hiding in a lattice manner, wherein the process of step S1 specifically includes:
inputting safety parameters lambda, n, m and q, wherein lambda is an integer of input parameters of an initialization stage algorithm, n and m are related parameters, and q is a prime number;
running the trapdoor generation algorithm to generate a uniform random matrixHege gridLattice base ofThen a uniform random vector is selectedOutputting a public parameter PP ═ { A, u }, and outputting a system master private key MSK ═ T }AAnd (c) the step of (c) in which,andare all finite fields, u1,u2,...,unIs an element of vector u;
the trapdoor generation algorithm is that for prime number q ═ poly (n), n is a positive integer, a probability polynomial time algorithm TrpGen (q, n) generates a uniform random matrixAndwherein m is more than or equal to 5n log q, A isIs statistically uniform, TAIs a gridA trapdoor base ofWhere O represents temporal complexity.
The above multi-mechanism encryption method for supporting policy hiding in a lattice manner, wherein the specific process in the step S2 is as follows:
inputting system public parameter PP, main private key MSK and attribute set A of useruThe system utilizes a (k, n ') Shamir threshold secret sharing mechanism to calculate k partitions of the random vector u, namely k is a threshold value and is the number of attribute mechanisms, and n' is the number of the partitions of the random vector u; then dividing k random vectorsRespectively sent to k attribute authorities AAiFollowed by attribute mechanism AAiN for managing itiAn attribute value ai,j∈A′i,A′iFor each set of possible values of the attribute, use (t)i,ni) Shamir threshold secret sharing mechanism on random vector u'iIs divided into u'iIs the vector component of u, tiIs a threshold value, to obtain niOne random vector shares u ″)i,j(i=1,2,...,k,j=1,2,...,ni) Selecting two uniform random matricesComputing matrix Fi,j=A|A1,i+H(u″i,j)·A2,iWherein H (-) is a full two-rank differential coding function;
the user requests the key from the attribute mechanism, the two interact, the attribute mechanism AAiRunning a left sampling algorithm, calculating a vector: e.g. of the typei,j←SampleLeft(A,A1,i+H(u″i,j)·A2,i,TA,u′i,jσ), and then outputs the user's private keyWherein when ai,j∈Au∩A′iTime, vector ei,jA private key representing a user;a set of possible values for each attribute;possible values for each attribute; sigma is a parameter;is a finite field.
In the above multi-mechanism encryption method supporting policy hiding in lattice, the full-two-rank differential coding function refers to a given prime number q, a positive integer n, and a full-two-rank differential coding functionCan be combined withThe attribute information of the upper user is mapped to ZqAn n × n matrix of (a); for input random vectorDefining a polynomialLet f be Zq[X]A non-reducible polynomial of order n, then:
wherein coeffs represents a row vector consisting of polynomial coefficients; wherein,andall are finite fields; zq[X]Is an arbitrary domain; x is X'iX is a domain, X' is an argument; h means a mapping that maps a random vector u ″i,jMapping into a matrix;
the left sampling algorithm is SampleLeft(A,M1,TAU, σ): inputting: a matrix of rank nA matrixGrid (C)Lattice base ofA vectorAnd a Gaussian parameterAnd (3) outputting: let matrix F1=(A|M1) (ii) a The algorithm outputs a vectorWherein, m1Are all positive integers; m1Is a matrix, represents the matrix A in the left sampling operation1,i+H(u″i,j)·A2,i(ii) a Omega is an operation parameter; σ is a Gaussian parameter.
In the above multi-mechanism encryption method for supporting policy hiding in a lattice manner, the process of converting the access structure into the access tree in step S3 is as follows:
the access structure adopts an AND/OR/threshold form of multiple-valued attributes, before a data owner encrypts a plaintext, the access structure W is converted into an access tree gamma, leaf nodes in the tree represent attributes, non-leaf nodes represent operators, corresponding values are used for replacing information of the leaf nodes in the access tree, the information does not appear in the access structure in the form of the plaintext, and a user cannot obtain any information related to the data owner and other decryptors during decryption, so that complete hiding of a strategy is realized;
the access tree is constructed through a sharer secret sharing mechanism, a root node of the access tree gamma is set as a vector s, and simultaneously, a vector is randomly selectedWherein s is1,s2,...,sn″For the component of the random vector s, T is the transpose of the vector and is marked as allocated, all remaining nodes are marked as unallocated, and the following operations are performed on the remaining unallocated non-leaf nodes:
A. if the operator of the node is Λ and its child nodes are unassigned, then the vector is randomly selectedWhere n "is the number of its child nodes and the nth" child node is assigned as a vectorAnd mark these nodes as allocated;
B. if the operator of the node is a V-cut and its child nodes are unassigned, then set the values of all of its child nodes to s and mark those nodes as assigned;
C. if the operator of the node is of and its child nodes are unassigned, then the vector is subtended using the sharer (t, n') threshold secret sharing mechanismPartitioning is carried out, wherein t is a threshold value, n' is the number of child nodes, and the ith child node is assigned as a vectorThen marking the nodes as allocated; wherein l is the attribute index of the leaf node in the access tree;is a finite field; wherein P is a prime number, and the meaning of P isModulo operation in the domain.
In the above multi-mechanism encryption method supporting policy hiding in a lattice manner, the ciphertext generating process in step S4 is as follows:
inputting a system common parameter PP, plaintext b ∈ {0,1}, and an access tree Γ transformed by the access structure W, such that the parameter K ═ K! d2WhereinSelecting a uniform random matrix R e { -1,1}m×mThen selecting a noise interference term x epsilon ZqAndlet vector z be RTxi,jFor each leaf node l, calculate: outputting the ciphertext
Wherein k is the number of attribute mechanisms; wherein, A'iA set of possible values for each attribute; zqAndis a finite field; q is a prime number; u, slAre all vectors;is a matrix; a isi,jPossible values for the attributes; c. C0Andis a ciphertext component; t represents a transposition operation; r is a randomly selected uniform matrix.
In the above multi-mechanism encryption method supporting policy hiding in a lattice manner, the user decryption process in step S6 is:
inputting the public parameter PP, the ciphertext CT and the user private key SK, outputting ⊥ if the attribute set of the user does not satisfy the access structure W, otherwise successfully decrypting and selecting the minimum attribute set I satisfying the access structureACalculating the plaintextWherein LiAnd LlIs the Lagrange coefficient ifOutputting 1, otherwise outputting 0; wherein, ai,jPossible values for the attributes; q is a prime number; k is the number of attribute mechanisms;is a vector; t denotes a transposition operation of the vector.
Compared with the prior art, the invention has the following advantages:
1. the conventional bilinear pairings are replaced by utilizing the lattice theory, so that the efficiency of the system is improved, and quantum attack can be resisted;
2. the access structure is converted into an access tree, each node in the tree is assigned, and then the access strategy is embedded into a ciphertext to realize complete hiding of the access strategy and fine-grained access control; hiding an attribute-based encryption scheme of an access policy, wherein an encryptor can specify the role of a decryptor; in addition, the fuzziness of attribute-based encryption is utilized, and an object is described by using an attribute, so that sensitive information of an encryptor can be protected;
3. the Shamir threshold secret sharing mechanism is utilized, and/or and threshold three operations of the access control strategy are realized through the access tree, and the flexibility of the system is improved;
4. the multi-mechanism attribute-based encryption scheme constructed based on the lattice theory manages different attribute sets by a plurality of attribute mechanisms and distributes keys for users under the authority, thereby avoiding the problems that a single mechanism is broken and the security of the system is threatened.
Drawings
FIG. 1 is a flow chart of a method of the present invention;
FIG. 2 is a comparison of the present invention and a prior art method in an embodiment of the present invention.
Detailed Description
The present invention will now be further described by way of the following detailed description of a preferred embodiment thereof, taken in conjunction with the accompanying drawings.
As shown in fig. 1, the present invention discloses a multi-mechanism encryption method for supporting policy hiding in a lattice manner, which comprises the following steps: s1, generating public parameters and a system master private key when the system is initialized; s2, the user applies for a key for the own attribute set, and the attribute mechanism generates a private key for the user according to the public parameter, the system master private key and the attribute set of the user; s3, converting the access structure into a corresponding access tree to realize complete hiding of the access strategy; s4, generating ciphertext data by the data owner according to the system public parameters, the plaintext and the converted access tree, and uploading the ciphertext data to the cloud server for storage; s5, the user sends an access request to the cloud server to obtain ciphertext data stored in the cloud server; and S6, the user decrypts the ciphertext data obtained from the cloud server by using the private key obtained from the attribute mechanism to obtain the plaintext of the data owner and perform related subsequent operations.
The process is further illustrated below with an example:
suppose there are k attribute organizations AA in the systemi(i ═ 1, 2.. times, k), per attribute authority AAiGenerating a private key for a legal user under the authority of the legal user by using a left sampling SampleLeft algorithm on grids, and simultaneously sending the private key to the user through a secure channel; each attribute authority AAiManaging niAn attribute value.
Illustratively, the implementation method of the key process in the above-described step S1, step S2, step S3, step S4, and step S6 is given below:
the specific process of step S1 is: inputting safety parameters lambda, n, m and q, wherein lambda is an integer of input parameters of an initialization stage algorithm, n and m are related parameters, and q is a prime number;
running the trapdoor generation algorithm to generate a uniform random matrixHege gridLattice base ofThen a uniform random vector is selectedOutputting a public parameter PP ═ { A, u }, and outputting a system master private key MSK ═ T }AAnd (c) the step of (c) in which,andare all finite fields, u1,u2,...,unIs an element of the vector u, λ is an integer;
the trapdoor generation algorithm is that when a probability polynomial exists for prime number q ═ poly (n), n is a positive integer, m is more than or equal to 5nlogqThe inter-algorithm TrapGen (q, n) generates a uniform random matrixAndwherein A is inIs statistically uniform, TAIs a gridA trapdoor base ofWhere O represents temporal complexity.
The specific process of step S2 is: inputting system public parameter PP, main private key MSK and attribute set A of useruThe system utilizes a (k, n ') Shamir threshold secret sharing mechanism to calculate k partitions of the random vector u, namely k is a threshold value and is the number of attribute mechanisms, and n' is the number of the partitions of the random vector u; then dividing k random vectorsRespectively sent to k attribute authorities AAiFollowed by attribute mechanism AAiN for managing itiAn attribute value ai,j∈A′i,A′iFor each set of possible values of the attribute, use (t)i,ni) Shamir threshold secret sharing mechanism on random vector u'iIs divided to obtain niOne random vector shares u ″)i,j(i=1,2,...,k,j=1,2,...,ni) Selecting two uniform random matricesComputing matrix Fi,j=A|A1,i+H(u″i,j)·A2,iWherein H (-) is a full two-rank differential coding function;
the user requests the key from the attribute mechanism, the two interact, the attribute mechanism AAiRunning a left sampling algorithm, calculating a vector: e.g. of the typei,j←SampleLeft(A,A1,i+H(u″i,j)·A2,i,TA,u′i,jσ), and then outputs the user's private key
Wherein when ai,j∈Au∩A′iTime, vector ei,jA private key representing a user;a set of possible values for each attribute;possible values for each attribute; t isAIs a gridSigma is a parameter;is a finite field; a is a uniform random matrix; t is tiIs a threshold value;
the full-two-rank differential coding function refers to a given prime number q, a positive integer n and a full-two-rank differential coding functionCan be combined withThe attribute information of the upper user is mapped to ZqAn n × n matrix of (a); for input random vectorDefining a polynomialLet f be Zq[X]A non-reducible polynomial of order n, then:
wherein coeffs represents a row vector consisting of polynomial coefficients; wherein,andall are finite fields; zq[X]Is an arbitrary domain; x is X'iX is a domain, X' is an argument; h means a mapping that maps a random vector u ″i,jMapping into a matrix;
the left sampling algorithm is SampleLeft (A, M)1,TAU, σ): inputting: a matrix of rank nA matrixGrid (C)Lattice base ofA vectorAnd a Gaussian parameterAnd (3) outputting: let matrix F1=(A|M1) (ii) a The algorithm outputs a vectorWherein, m1Are all positive integers; m1Is a matrix, represents the matrix A in the left sampling operation1,i+H(u″i,j)·A2,i(ii) a Omega is an operation parameter.
In step S3, the process of converting the access structure into the access tree is: the access structure adopts an AND/OR/threshold form of multiple-valued attributes, before a data owner encrypts a plaintext, the access structure W is converted into an access tree gamma, leaf nodes in the tree represent attributes, non-leaf nodes represent operators, corresponding values are used for replacing information of the leaf nodes in the access tree, the information does not appear in the access structure in the form of the plaintext, and a user cannot obtain any information related to the data owner and other decryptors during decryption, so that complete hiding of a strategy is realized;
the access tree is constructed through a sharer secret sharing mechanism, a root node of the access tree gamma is set as a vector s, and simultaneously, a vector is randomly selectedWherein s is1,s2,...,sn″For the component of the random vector s, T is the transpose of the vector and is marked as allocated, all remaining nodes are marked as unallocated, and the following operations are performed on the remaining unallocated non-leaf nodes:
A. if the operator of the node is Λ and its child nodes are unassigned, then the vector is randomly selectedWhere n "is the number of its child nodes and the nth" child node is assigned as a vectorAnd mark these nodes as allocated;
B. if the operator of the node is a V-cut and its child nodes are unassigned, then set the values of all of its child nodes to s and mark those nodes as assigned;
C. if the operator of the node is of and its child nodes are unassigned, then the vector is subtended using the sharer (t, n') threshold secret sharing mechanismPartitioning is carried out, wherein t is a threshold value, n' is the number of child nodes, and the ith child node is assigned as a vectorThen marking the nodes as allocated; wherein l is the attribute index of the leaf node in the access tree;is a finite field; wherein P is a prime number, and the meaning of P isModulo operation in the domain.
In step S4, the ciphertext generation process is: inputting a system common parameter PP, plaintext b ∈ {0,1}, and an access tree Γ transformed by the access structure W, such that the parameter K ═ K! d2WhereinSelecting a uniform random matrix R e { -1,1}m×mThen selecting a noise interference term x epsilon ZqAndlet vector z be RTxi,jFor each leaf node l, calculate: outputting the ciphertext
Wherein k is the number of attribute mechanisms; wherein, A'iA set of possible values for each attribute; zqAndis a finite field; q is a prime number; u, slAre all vectors;is a matrix; a isi,jPossible values for the attributes; c. C0Andis a ciphertext component; t represents a transposition operation; r is a randomly selected uniform matrix.
In step S6, the user decryption process comprises inputting the public parameter PP, the ciphertext CT and the user private key SK, outputting ⊥ if the attribute set of the user does not satisfy the access structure W, otherwise successfully decrypting and selecting the minimum attribute set I satisfying the access structureACalculating the plaintextWherein LiAnd LlIs the Lagrange coefficient ifOutputting 1, otherwise outputting 0; wherein, ai,jPossible values for the attributes; q is a prime number; k is the number of attribute mechanisms;is a vector; t denotes a transposition operation of the vector.
The method is illustrated below by way of an example.
N denotes the total number of attributes of the system, AuIs the attribute of the userNumber, AeThe number of encrypted attributes, q, n and m are all related parameters, q is a prime number, n is a positive integer, m is an integer, k is the number of attribute mechanisms, and d represents the hierarchical depth of the attributes.
As can be seen from FIG. 2, the length of the solution of LIU Ximeng et al in the above four aspects is significantly greater than the solution of ZHANGGuoyan et al and the present invention. Although the user private key length is larger than the ZHANG Guoyan et al scheme, the resulting system performance reduction is negligible in view of the fact that the user private key is stored locally. Overall, the present invention is superior in performance to the other two schemes.
While the present invention has been described in detail with reference to the preferred embodiments, it should be understood that the above description should not be taken as limiting the invention. Various modifications and alterations to this invention will become apparent to those skilled in the art upon reading the foregoing description. Accordingly, the scope of the invention should be determined from the following claims.
Claims (7)
1. A multi-mechanism encryption method for supporting policy hiding in a lattice manner is characterized by comprising the following steps:
s1, generating public parameters and a system master private key when the system is initialized;
s2, the user applies for a key for the own attribute set, and the attribute mechanism generates a private key for the user according to the public parameter, the system master private key and the attribute set of the user;
s3, converting the access structure into a corresponding access tree to realize complete hiding of the access strategy;
s4, generating ciphertext data by the data owner according to the system public parameters, the plaintext and the converted access tree, and uploading the ciphertext data to the cloud server for storage;
s5, the user sends an access request to the cloud server to obtain ciphertext data stored in the cloud server;
and S6, the user decrypts the ciphertext data obtained from the cloud server by using the private key obtained from the attribute mechanism to obtain the plaintext of the data owner and perform related subsequent operations.
2. The multi-mechanism encryption method for supporting policy hiding in lattice according to claim 1, wherein the process of step S1 is specifically:
inputting safety parameters lambda, n, m and q, wherein lambda is an integer of input parameters of an initialization stage algorithm, n and m are related parameters, and q is a prime number;
running the trapdoor generation algorithm to generate a uniform random matrixHege gridLattice base ofThen a uniform random vector is selectedOutputting a public parameter PP ═ { A, u }, and outputting a system master private key MSK ═ T }AAnd (c) the step of (c) in which,andare all finite fields, u1,u2,...,unIs an element of vector u;
the above-mentionedThe trapdoor generation algorithm is that for a prime number q ═ poly (n), n is a positive integer, a probability polynomial time algorithm TrpGen (q, n) generates a uniform random matrixAndwherein m is not less than 5nlogq, A isIs statistically uniform, TAIs a gridA trapdoor base ofWhere O represents temporal complexity.
3. The multi-mechanism encryption method for supporting policy hiding according to claim 2, wherein the specific process in the step S2 is as follows:
inputting system public parameter PP, main private key MSK and attribute set A of useruThe system utilizes a (k, n ') Shamir threshold secret sharing mechanism to calculate k partitions of the random vector u, namely k is a threshold value and is the number of attribute mechanisms, and n' is the number of the partitions of the random vector u; then dividing k random vectorsRespectively sent to k attribute authorities AAiFollowed by attribute mechanism AAiN for managing itiAn attribute value ai,j∈A′i,A′iFor each set of possible values of the attribute, use (t)i,ni) Shamir threshold secret sharing mechanism on random vector u'iIs divided into u'iIs the vector component of u, tiIs a threshold value, to obtain niOne random vector shares u ″)i,j(i=1,2,...,k,j=1,2,...,ni) Two uniform random matrices A are selected1,i,Computing matrix Fi,j=A|A1,i+H(u″i,j)·A2,iWherein H (-) is a full two-rank differential coding function;
the user requests the key from the attribute mechanism, the two interact, the attribute mechanism AAiRunning a left sampling algorithm, calculating a vector: e.g. of the typei,j←SampleLeft(A,A1,i+H(u″i,j)·A2,i,TA,u′i,jσ), and then outputs the user's private keyWherein when ai,j∈Au∩A′iTime, vector ei,jA private key representing a user;a set of possible values for each attribute;possible values for each attribute; sigma is a parameter;is a finite field.
4. The multi-mechanism encryption method in support of policy hiding in lattice as recited in claim 3, wherein:
the full-two-rank differential coding function refers to a given prime number q, a positive integer n and a full-two-rank differential coding functionCan be combined withThe attribute information of the upper user is mapped to ZqAn n × n matrix of (a); for input random vectorDefining a polynomialLet f be Zq[X]A non-reducible polynomial of order n, then:
wherein coeffs represents a row vector consisting of polynomial coefficients; wherein,andall are finite fields; zq[X]Is an arbitrary domain; x is X'iX is a domain, X' is an argument; h means a mapping that maps a random vector u ″i,jMapping into a matrix;
the left sampling algorithm is SampleLeft (A, M)1,TAU, σ): inputting: a matrix of rank nA matrixGrid (C)Lattice base ofA vectorAnd a Gaussian parameterAnd (3) outputting: let matrix F1=(A|M1) (ii) a The algorithm outputs a vectorWherein, m1Are all positive integers; m1Is a matrix, represents the matrix A in the left sampling operation1,i+H(u″i,j)·A2,i(ii) a Omega is an operation parameter; σ is a Gaussian parameter.
5. The multi-mechanism encryption method for supporting policy hiding in lattice according to claim 3, wherein the process of converting the access structure into the access tree in step S3 is:
the access structure adopts an AND/OR/threshold form of multiple-valued attributes, before a data owner encrypts a plaintext, the access structure W is converted into an access tree gamma, leaf nodes in the tree represent attributes, non-leaf nodes represent operators, corresponding values are used for replacing information of the leaf nodes in the access tree, the information does not appear in the access structure in the form of the plaintext, and a user cannot obtain any information related to the data owner and other decryptors during decryption, so that complete hiding of a strategy is realized;
the access tree is constructed through a sharer secret sharing mechanism, a root node of the access tree gamma is set as a vector s, and simultaneously, a vector is randomly selectedWherein s is1,s2,...,sn"is the component of the random vector s, T is the transpose of the vector and is marked as allocated, all the remaining nodes are marked as unallocated and the rest are unallocatedThe non-leaf node of (2) performs the following operations:
A. if the operator of the node is Λ and its child nodes are unassigned, then the vector is randomly selectedWhere n "is the number of its child nodes and the nth" child node is assigned as a vectorAnd mark these nodes as allocated;
B. if the operator of the node is a V-cut and its child nodes are unassigned, then set the values of all of its child nodes to s and mark those nodes as assigned;
C. if the operator of the node is of and its child nodes are unassigned, then the vector is subtended using the sharer (t, n') threshold secret sharing mechanismPartitioning is carried out, wherein t is a threshold value, n' is the number of child nodes, and the ith child node is assigned as a vectorThen marking the nodes as allocated; wherein l is the attribute index of the leaf node in the access tree;is a finite field; wherein P is a prime number, and the meaning of P isModulo operation in the domain.
6. The multi-mechanism encryption method for supporting policy hiding according to claim 5, wherein the ciphertext generating process in step S4 is:
inputting a system common parameter PP, plaintext b ∈ {0,1}, and an access tree Γ transformed by the access structure W, such that the parameter K ═ K! d2WhereinSelecting a uniform random matrix R e { -1,1}m×mThen selecting a noise interference term x epsilon ZqAndlet vector z be RTxi,jFor each leaf node l, calculate:outputting the ciphertext
Wherein k is the number of attribute mechanisms; wherein, A'iA set of possible values for each attribute; zqAndis a finite field; q is a prime number; u, slAre all vectors;is a matrix; a isi,jPossible values for the attributes; c. C0Andis a ciphertext component; t represents a transposition operation; r is a randomly selected uniform matrix.
7. The multi-mechanism encryption method for supporting policy hiding according to claim 6, wherein said user decryption process in step S6 is:
inputting the public parameter PP, the ciphertext CT and the user private key SK, if the attribute set of the user does not meet the requirementIf the structure W is accessed, ⊥ is output, otherwise, the decryption can be successfully carried out, and the minimum attribute set I meeting the access structure is selectedACalculating the plaintextWherein LiAnd LlIs the Lagrange coefficient ifOutputting 1, otherwise outputting 0; wherein, ai,jPossible values for the attributes; q is a prime number; k is the number of attribute mechanisms;is a vector; t denotes a transposition operation of the vector.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810326938.0A CN108512662A (en) | 2018-04-12 | 2018-04-12 | The hiding multimachine structure encryption method of support policy on a kind of lattice |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810326938.0A CN108512662A (en) | 2018-04-12 | 2018-04-12 | The hiding multimachine structure encryption method of support policy on a kind of lattice |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108512662A true CN108512662A (en) | 2018-09-07 |
Family
ID=63381984
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810326938.0A Pending CN108512662A (en) | 2018-04-12 | 2018-04-12 | The hiding multimachine structure encryption method of support policy on a kind of lattice |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108512662A (en) |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109525385A (en) * | 2018-11-23 | 2019-03-26 | 全链通有限公司 | A kind of packaging method of shared key, first node and second node |
| CN109740364A (en) * | 2019-01-04 | 2019-05-10 | 大连大学 | The cipher text searching method based on attribute of controllable search permission |
| CN110247761A (en) * | 2019-06-18 | 2019-09-17 | 西安电子科技大学 | The ciphertext policy ABE encryption method of attribute revocation is supported on a kind of lattice |
| CN110635909A (en) * | 2019-10-16 | 2019-12-31 | 淮北师范大学 | Attribute-based collusion attack resistant proxy re-encryption method |
| CN110753056A (en) * | 2019-10-25 | 2020-02-04 | 高秀芬 | Non-interactive encryption access control method |
| CN110912691A (en) * | 2019-11-15 | 2020-03-24 | 任子行网络技术股份有限公司 | Ciphertext distribution method, device and system based on grid access control encryption algorithm in cloud environment and storage medium |
| CN111651788A (en) * | 2020-06-03 | 2020-09-11 | 山东省计算中心(国家超级计算济南中心) | Terminal access control system and method based on lattice code |
| CN111861473A (en) * | 2020-07-31 | 2020-10-30 | 贵州光奕科科技有限公司 | Electronic bidding system and method |
| CN111970106A (en) * | 2020-08-19 | 2020-11-20 | 北京邮电大学 | Short ciphertext attribute-based encryption method and system supporting full homomorphism in lattice |
| CN112035855A (en) * | 2020-08-14 | 2020-12-04 | 吴小兵 | Access control system based on privacy information on crowd funding platform |
| CN112118101A (en) * | 2020-09-23 | 2020-12-22 | 山东建筑大学 | Post-quantum secure dynamic data sharing method |
| CN112291053A (en) * | 2020-11-06 | 2021-01-29 | 中国科学院重庆绿色智能技术研究院 | Lattice and basic access tree based CP-ABE method |
| CN112287368A (en) * | 2020-10-29 | 2021-01-29 | 重庆大学 | Cloud storage searchable encryption method based on-grid attribute base |
| CN112926078A (en) * | 2021-04-23 | 2021-06-08 | 电子科技大学 | Compact multi-target attribute-based addition homomorphic encryption method |
| CN112929153A (en) * | 2021-02-23 | 2021-06-08 | 上海麟羿信息科技有限公司 | Data multi-stage encryption system and method based on complete homomorphic encryption |
| CN113033943A (en) * | 2020-12-28 | 2021-06-25 | 航天科工网络信息发展有限公司 | Distributed unified management method applied to national defense industry supply chain |
| CN113343258A (en) * | 2021-06-09 | 2021-09-03 | 哈尔滨学院 | Attribute-based agent re-encryption method applicable to lattice-based ciphertext strategy shared by body test result cloud |
| CN113468556A (en) * | 2021-06-07 | 2021-10-01 | 北京邮电大学 | Data access control method with complete strategy hiding and related equipment thereof |
| CN114024676A (en) * | 2022-01-05 | 2022-02-08 | 华中科技大学 | Post-quantum encryption and decryption method, system, equipment and medium based on identity identification |
| CN114218604A (en) * | 2021-12-14 | 2022-03-22 | 华南农业大学 | Attribute-based encryption method, device and medium with hierarchical extensible access policy |
| CN114826759A (en) * | 2022-05-11 | 2022-07-29 | 贵州大学 | Verifiable fine-grained access control inner product function encryption method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106209790A (en) * | 2016-06-28 | 2016-12-07 | 电子科技大学 | A kind of hiding Ciphertext policy efficiently can verify that outsourcing attribute base encryption method |
| WO2017076705A1 (en) * | 2015-11-03 | 2017-05-11 | Commissariat A L'energie Atomique Et Aux Energies Alternatives | Method of encryption based on the attributes comprising a pre-calculation phase |
| CN107682157A (en) * | 2017-10-11 | 2018-02-09 | 河南理工大学 | More mechanical properties base encryption methods based on LWE on a kind of new lattice |
-
2018
- 2018-04-12 CN CN201810326938.0A patent/CN108512662A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017076705A1 (en) * | 2015-11-03 | 2017-05-11 | Commissariat A L'energie Atomique Et Aux Energies Alternatives | Method of encryption based on the attributes comprising a pre-calculation phase |
| CN106209790A (en) * | 2016-06-28 | 2016-12-07 | 电子科技大学 | A kind of hiding Ciphertext policy efficiently can verify that outsourcing attribute base encryption method |
| CN107682157A (en) * | 2017-10-11 | 2018-02-09 | 河南理工大学 | More mechanical properties base encryption methods based on LWE on a kind of new lattice |
Non-Patent Citations (2)
| Title |
|---|
| 闫玺玺等: "云环境下基于LWE的多机构属性基加密方案", 《信息网络安全》 * |
| 闫玺玺等: "理想格上支持隐私保护的属性基加密方案", 《通信学报》 * |
Cited By (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109525385A (en) * | 2018-11-23 | 2019-03-26 | 全链通有限公司 | A kind of packaging method of shared key, first node and second node |
| CN109740364A (en) * | 2019-01-04 | 2019-05-10 | 大连大学 | The cipher text searching method based on attribute of controllable search permission |
| CN110247761B (en) * | 2019-06-18 | 2021-04-20 | 西安电子科技大学 | Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner |
| CN110247761A (en) * | 2019-06-18 | 2019-09-17 | 西安电子科技大学 | The ciphertext policy ABE encryption method of attribute revocation is supported on a kind of lattice |
| CN110635909A (en) * | 2019-10-16 | 2019-12-31 | 淮北师范大学 | Attribute-based collusion attack resistant proxy re-encryption method |
| CN110753056A (en) * | 2019-10-25 | 2020-02-04 | 高秀芬 | Non-interactive encryption access control method |
| CN110912691A (en) * | 2019-11-15 | 2020-03-24 | 任子行网络技术股份有限公司 | Ciphertext distribution method, device and system based on grid access control encryption algorithm in cloud environment and storage medium |
| CN111651788A (en) * | 2020-06-03 | 2020-09-11 | 山东省计算中心(国家超级计算济南中心) | Terminal access control system and method based on lattice code |
| CN111651788B (en) * | 2020-06-03 | 2022-06-10 | 山东省计算中心(国家超级计算济南中心) | Terminal access control system and method based on lattice code |
| CN111861473A (en) * | 2020-07-31 | 2020-10-30 | 贵州光奕科科技有限公司 | Electronic bidding system and method |
| CN112035855A (en) * | 2020-08-14 | 2020-12-04 | 吴小兵 | Access control system based on privacy information on crowd funding platform |
| CN111970106A (en) * | 2020-08-19 | 2020-11-20 | 北京邮电大学 | Short ciphertext attribute-based encryption method and system supporting full homomorphism in lattice |
| CN111970106B (en) * | 2020-08-19 | 2021-11-05 | 北京邮电大学 | Short ciphertext attribute-based encryption method and system supporting full homomorphism in lattice |
| CN112118101B (en) * | 2020-09-23 | 2023-07-28 | 山东建筑大学 | Post quantum security dynamic data sharing method |
| CN112118101A (en) * | 2020-09-23 | 2020-12-22 | 山东建筑大学 | Post-quantum secure dynamic data sharing method |
| CN112287368A (en) * | 2020-10-29 | 2021-01-29 | 重庆大学 | Cloud storage searchable encryption method based on-grid attribute base |
| CN112287368B (en) * | 2020-10-29 | 2024-02-13 | 重庆大学 | Cloud storage searchable encryption method based on lattice attribute base |
| CN112291053A (en) * | 2020-11-06 | 2021-01-29 | 中国科学院重庆绿色智能技术研究院 | Lattice and basic access tree based CP-ABE method |
| CN112291053B (en) * | 2020-11-06 | 2022-10-25 | 中国科学院重庆绿色智能技术研究院 | Lattice and basic access tree based CP-ABE method |
| CN113033943A (en) * | 2020-12-28 | 2021-06-25 | 航天科工网络信息发展有限公司 | Distributed unified management method applied to national defense industry supply chain |
| CN113033943B (en) * | 2020-12-28 | 2024-03-29 | 航天科工网络信息发展有限公司 | Distributed unified management method applied to national defense industry supply chain |
| CN112929153B (en) * | 2021-02-23 | 2022-07-22 | 上海麟羿信息科技有限公司 | Data multi-stage encryption system and method based on complete homomorphic encryption |
| CN112929153A (en) * | 2021-02-23 | 2021-06-08 | 上海麟羿信息科技有限公司 | Data multi-stage encryption system and method based on complete homomorphic encryption |
| CN112926078B (en) * | 2021-04-23 | 2022-12-27 | 电子科技大学 | Compact multi-target attribute-based addition homomorphic encryption method |
| CN112926078A (en) * | 2021-04-23 | 2021-06-08 | 电子科技大学 | Compact multi-target attribute-based addition homomorphic encryption method |
| CN113468556B (en) * | 2021-06-07 | 2023-07-25 | 北京邮电大学 | Data access control method with complete policy hiding and related equipment thereof |
| CN113468556A (en) * | 2021-06-07 | 2021-10-01 | 北京邮电大学 | Data access control method with complete strategy hiding and related equipment thereof |
| CN113343258A (en) * | 2021-06-09 | 2021-09-03 | 哈尔滨学院 | Attribute-based agent re-encryption method applicable to lattice-based ciphertext strategy shared by body test result cloud |
| CN114218604A (en) * | 2021-12-14 | 2022-03-22 | 华南农业大学 | Attribute-based encryption method, device and medium with hierarchical extensible access policy |
| CN114218604B (en) * | 2021-12-14 | 2024-07-12 | 华南农业大学 | Attribute-based encryption method, device and medium with hierarchical extensible access policy |
| CN114024676A (en) * | 2022-01-05 | 2022-02-08 | 华中科技大学 | Post-quantum encryption and decryption method, system, equipment and medium based on identity identification |
| CN114826759A (en) * | 2022-05-11 | 2022-07-29 | 贵州大学 | Verifiable fine-grained access control inner product function encryption method |
| CN114826759B (en) * | 2022-05-11 | 2023-10-03 | 贵州大学 | Verifiable fine grain access control inner product function encryption method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108512662A (en) | The hiding multimachine structure encryption method of support policy on a kind of lattice | |
| Kumar et al. | Secure storage and access of data in cloud computing | |
| Jung et al. | Privacy preserving cloud data access with multi-authorities | |
| Li et al. | Fine-grained data access control systems with user accountability in cloud computing | |
| Fu et al. | Large universe attribute based access control with efficient decryption in cloud storage system | |
| Xu et al. | Dynamic user revocation and key refreshing for attribute-based encryption in cloud storage | |
| CN104168108B (en) | It is a kind of to reveal the traceable attribute base mixed encryption method of key | |
| CN105049430B (en) | A kind of ciphertext policy ABE base encryption method with efficient user revocation | |
| Ali et al. | A fully distributed hierarchical attribute-based encryption scheme | |
| CN110635909B (en) | Attribute-based collusion attack resistant proxy re-encryption method | |
| CN106059763B (en) | The properties base multi-mechanism hierarchical Ciphertext policy weight encryption method of cloud environment | |
| Zhou et al. | Privacy-preserved access control for cloud computing | |
| CN104901942A (en) | Distributed access control method for attribute-based encryption | |
| Hu et al. | An expressive “test-decrypt-verify” attribute-based encryption scheme with hidden policy for smart medical cloud | |
| CN108111540A (en) | The hierarchical access control system and method for data sharing are supported in a kind of cloud storage | |
| CN111431897A (en) | Multi-attribute mechanism attribute-based encryption method with tracking function for cloud-assisted Internet of things | |
| Huang et al. | EABDS: Attribute‐Based Secure Data Sharing with Efficient Revocation in Cloud Computing | |
| Zhang et al. | Feacs: A flexible and efficient access control scheme for cloud computing | |
| Sabitha et al. | Access control based privacy preserving secure data sharing with hidden access policies in cloud | |
| Suveetha et al. | Ensuring confidentiality of cloud data using homomorphic encryption | |
| Zhang et al. | Data owner based attribute based encryption | |
| Yang et al. | A fine-grained access control scheme for big data based on classification attributes | |
| Wang et al. | Research on Ciphertext‐Policy Attribute‐Based Encryption with Attribute Level User Revocation in Cloud Storage | |
| CN117097469A (en) | Data hierarchical access control method based on attribute encryption | |
| Zhang et al. | Multi-authority attribute-based encryption with user revocation and outsourcing decryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180907 |
|
| RJ01 | Rejection of invention patent application after publication |