CN110247761A - The ciphertext policy ABE encryption method of attribute revocation is supported on a kind of lattice - Google Patents

The ciphertext policy ABE encryption method of attribute revocation is supported on a kind of lattice Download PDF

Info

Publication number
CN110247761A
CN110247761A CN201910526965.7A CN201910526965A CN110247761A CN 110247761 A CN110247761 A CN 110247761A CN 201910526965 A CN201910526965 A CN 201910526965A CN 110247761 A CN110247761 A CN 110247761A
Authority
CN
China
Prior art keywords
access member
key
attribute
cancel
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910526965.7A
Other languages
Chinese (zh)
Other versions
CN110247761B (en
Inventor
屈碧莹
张姗姗
董思越
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201910526965.7A priority Critical patent/CN110247761B/en
Publication of CN110247761A publication Critical patent/CN110247761A/en
Application granted granted Critical
Publication of CN110247761B publication Critical patent/CN110247761B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms

Abstract

The present invention proposes the ciphertext policy ABE encryption method that attribute revocation is supported on a kind of lattice, for solving the lower technical problem of efficiency and flexibility in existing attribute encryption technology, realizes step are as follows: (1) parameter generates center and initializes system parameter;(2) key generation centre obtains the attribute private key of access member to (sk1,sk2);(3) it is accessed user and obtains cipher-text message to (C0,(C1,C2));(4) key generation centre calculates commission key PXK and sends;(5) proxy server calculates Lagrange coefficient and sends;(6) access member is not cancelled to cipher-text message to (C0,(C1,C2)) be decrypted.In actual social networks, the present invention can also support flexible access structure while making the efficiency of attribute base encryption method get a promotion.

Description

The ciphertext policy ABE encryption method of attribute revocation is supported on a kind of lattice
Technical field
The invention belongs to fields of communication technology, are related to a kind of ciphertext policy ABE encryption method, and in particular to information security The ciphertext policy ABE encryption method of attribute revocation is supported on a kind of lattice of technical field.
Background technique
With the fast development of the communication technology, the level of economy and information globalization is increasingly improved, safe transmission channel Important foundation stone with information security as internet and e-commerce development, and most basic in information security, most crucial technology It is exactly information encryption.Contemporary cryptology mostly encrypts information using public encryption system, but in the system, The distribution and maintenance of public key certificate need to occupy more resource, and management is more complicated, will lead to certificate server excess load fortune Row, the encryption system for being then based on attribute are suggested, and the accessed user in the system only needs to encrypt message according to member property, Without paying close attention to the quantity and identity of member in group, reduces data encryption expense and protect privacy of user.
Encryption attribute is divided into the encryption attribute method based on key strategy and the encryption attribute method based on Ciphertext policy, In, although the access structure comparison of the encryption attribute method based on key strategy is abundant, it is a lack of flexibility, is not adapted to existing Changeable user property in reality, and the then flexibility with higher of the encryption attribute method based on Ciphertext policy are visited in this method Ask that the private key of member is generated according to the attribute set of the member, access structure is embedded in ciphertext, and if only if access member Meet the access structure in ciphertext, access member could decrypt ciphertext, so that accessed user can be right in encryption The identity of access member is defined.
Since traditional ciphertext policy ABE encryption method can not be kept out, quantum is attacked and operand is larger, and based on lattice Encryption method can also reduce the computation complexity of original encryption process while with higher-security, therefore construct lattice On encryption attribute method be necessary.Although the existing encryption attribute method based on lattice solves above-mentioned ask Topic, but in social networks, the attribute for accessing member can change with many factors such as times, existing encryption method It can only be checked and be updated in real time by private key information of the key generation centre to all access members, therefore can to add Decrypting process operand is very big, and especially when the quantity of system access member is very big, the efficiency of this method can be very low, while by Access structure is embedded in member keys in the prior art, leads to the attribute letter that can not specify access member in ciphering process Breath, flexibility are also very low.
For example, application publication number is CN105162589A, it is entitled " a kind of to can verify that encryption attribute method based on lattice " Patent application, disclose it is a kind of can verify that encryption attribute method based on lattice, that realizes the encryption attribute scheme based on lattice can Operability, this method construct the encryption attribute scheme based on key strategy on lattice using most short amount difficult problem on lattice, lead to It crosses and constructs new Dynamical Secret Key Building Algorithm, also generate the verification information of key while generating key, user can be to awarding The confidence level of power mechanism is verified, and solves existing encryption attribute mechanism under quantum calculation by no longer safe defect, together When can exercise supervision to authorized organization, enhance the safety of system, still, the shortcoming that this method still has is: Under actual conditions, the identity attribute of user can change with time and position, so that the access authority of user can be made to send out Raw corresponding variation, this method need to carry out considerably complicated operation, efficiency is very low, simultaneously when member property changes Since this method binds attribute and ciphertext, the flexibility of this method is limited.
Summary of the invention
The ciphertext that it is an object of the invention to, propose to support attribute revocation on a kind of lattice in view of the above shortcomings of the prior art Policy attribute encryption method, for solving efficiency existing in the prior art and the low technical problem of flexibility.
Technical thought of the invention is: in the technical foundation of case theory, parameter generates center initialization system parameter simultaneously Generation system public key and master key;Key generation centre is each member meter by the master key of system and the attribute of access member Calculate private key;Accessed user, which encrypts plaintext by system public key, generates cipher-text message pair;Key generation centre calculate comprising to The commission key of revocation access information about firms;Proxy server belongs to for calculating random number polynomial and access member in commission key The Lagrange coefficient of property;Access member is not cancelled by commission key recovery private key and decrypts cipher-text message pair.
To achieve the above object, the technical solution that the present invention takes realizes that the system includes ginseng by encryption attribute system Number generation center, key generation centre, is accessed user and including wait cancel access member and do not cancel access at proxy server The access member of member implements step are as follows:
(1) parameter generates center and initializes system parameter:
It includes L property element w that (1a) parameter, which generates center setting,iAccessed user property set
W'={ w1,…,wi,…wL, it include t property element wlAttribute set W={ w to be cancelled1,…,wl,… wt, L-t property element wkDo not cancel attribute set W0={ wt+1,…,wk,…wL, it include J property element ajAccess Member property set A={ a1,…,aj,…,aJ, the identification information I of member is accessed, wait cancel the identification information of access memberThe identification information of access member is not cancelledGroup of integers Z comprising q elementq, in ZqUpper random L order of generation is t MultinomialWherein, 0 < i≤L, 0 < l≤t, 0 < t < L, t < k≤L, W'=W ∪ W0, 0 < j≤J, q is prime number,Corresponding property element wi, y expression variable;
(1b) parameter generates center and sets security parameter λ, and uses algorithm TrapGen, and generating size by λ is n × m's Random matrix A0To passOne group of short base of full rankIt willMaster key MSK as system, wherein 2 < n < m;
(1c) parameter generates the random matrix B for being centrally generated that size is n × m, while being each w in W'iGenerate size For the random matrix of n × mAnd by A0, B, L random matrixPublic key as systemWherein, matrix B and matrixIn the value of each element be just whole no more than q Number;
(2) key generation centre obtains the attribute private key of access member to (sk1,sk2):
(2a) key generation centre generates random vector μ=(μ1,…,μz,…,μn), and in access member property collection A Each ajRandom generator polynomial groupAnd Pz'(aj) constant term Pz' (0)= μz, wherein μzIndicate z-th of component of vector μ, Pz'(aj) representative polynomial groupZ-th of multinomial, 1 < z < n, ()T Indicate transposition operation;
(2b) key generation centre uses left sampling algorithm, and passes through the master key MSK of system, the public key pk and J of system A multinomial groupCalculate the attribute private key e for not cancelling access members
(2c) key generation centre passes through esWith any one wiCorresponding multinomialConstant termIt calculates and visits Ask the attribute private key sk of member1,And by access member identification information I andCalculate access member Attribute private key sk2,sk1And sk2The attribute private key of composition access member is to (sk1,sk2);
(3) it is accessed user and obtains cipher-text message to (C0,(C1,C2)):
(3a) be accessed user generate n dimension random vector f, obey on lattice discrete Gaussian Profile n dimension random vector x and The random matrix that L size is m × mWherein, the positive integer that q is less than per one-dimensional component value of f, matrixEach element Value be to be randomly selected from -1 or 1;
(3b) is accessed user and encrypts to plaintext M, obtains cipher-text message C0, and obtain cipher-text message C0Auxiliary disappear Breath is to (C1,C2), C0(C1,C2) cipher-text message of accessed user is formed to (C0,(C1,C2)):
C1=A0 Tf+x
Wherein,Indicate downward floor operation;
(4) key generation centre calculates commission key PXK and sends:
Key generation centre passes through L multinomialWith the identification information wait cancel access memberCalculate commission Key PXK, and commission key PXK is sent to proxy server and does not cancel access member, wherein
(5) proxy server calculates Lagrange coefficient and sends:
Proxy server is by entrusting key PXK, accessing the identification information I of member and not cancelling access member identification informationCalculate separately L multinomialCorresponding Lagrange coefficientPass through L property element { w simultaneously1,…,wi,…wLValue calculate separately this L property element Lagrange coefficient { H1,…,Hi,…,HL, and willAnd { H1,…,Hi,…,HLBe sent to and do not cancel Access member;
(6) access member is not cancelled to cipher-text message to (C0,(C1,C2)) it is decrypted:
(6a) do not cancel access member by PXK,With the attribute private key (sk of access member1, sk2), calculate the private key e for not cancelling access members:
Wherein,It indicatesIn any one Lagrange coefficient;
(6b) does not cancel the Lagrange coefficient { H that access member passes through L property element1,…,Hi,…,HLAnd do not remove The private key e of pin access membersTo (C0,(C1,C2)) be decrypted, the plaintext M after being decrypted ':
Wherein, Ω=W' ∩ A, (;) indicate to press row concatenation;
(6c) does not cancel access member and calculates the error term r ' of M', and judgesIt is whether true, if so, decryption Success, i.e., using M' as plaintext M, otherwise decryption failure.
Compared with prior art, the present invention having the advantage that
It, can be with 1. the present invention is changed using access member's private key for generating on the basis of case theory of commission key pair The permission of the member of revocation access in real time avoids private key inspection and more of the prior art by key generation centre to access member The big defect of encryption and decryption operand, effectively increases the efficiency of encryption attribute caused by new.
It, can be directly to the identity for accessing member 2. the present invention calculates the private key of access member by accessing member property It is defined, it is more by causing the access structure and access member's private key binding not to adapt to member property to avoid the prior art The defect of change effectively increases the flexibility of encryption attribute.
Detailed description of the invention
Fig. 1 is the structural schematic diagram for the encryption attribute system that the present invention uses;
Fig. 2 is implementation flow chart of the invention.
Specific embodiment
In the following with reference to the drawings and specific embodiments, present invention is further described in detail.
Referring to Fig.1, the encryption attribute system that the present invention uses, including parameter generate center, proxy server, key generation Center, accessed user and include wait cancel access member and do not cancel the access member of access member: where during parameter generates The heart is for initializing system parameter and generating system public key and master key, and accessed user is by system public key to adding in plain text It is close;Proxy server is used to calculate the Lagrange coefficient of random number polynomial and access member property in commission key;Key is raw While calculating private key by the master key of system and the attribute of access member at center for each member, calculate comprising wait cancel Access the commission key of information about firms;Accessed user, which encrypts plaintext by system public key, generates cipher-text message pair;Wait cancel Accessing member is the access member for needing to cancel in this method;Access member is not cancelled by commission security key change private key and is decrypted Cipher-text message pair.
Referring to Fig. 2, the encryption attribute method of the Ciphertext policy of attribute revocation is supported on a kind of lattice, is included the following steps:
Step 1) parameter generates center and initializes system parameter:
Step 1a) parameter generate center setting include L property element wiAccessed user property set W'= {w1,…,wi,…wL, it include t property element wlAttribute set W={ w to be cancelled1,…,wl,…wt, include L-t category Property element wkDo not cancel attribute set W0={ wt+1,…,wk,…wL, being accessed user property set W' is attribute to be cancelled Set W and attribute set W is not cancelled0Union, include J property element ajAccess member property set A={ a1,…, aj,…,aJ, wherein setting L=10, t=3, J=5,0 < i≤10,0 < l≤3,3 < k≤10,0 j≤5 <;
Parameter generates the identification information I of center setting access member, wait cancel the identification information of access memberIt does not remove The identification information of pin access memberWherein, I indicates the identification information of all access members,It indicates and attribute w to be cancelledl The relevant mark wait cancel access member,It indicates and attribute w to be cancelledkThe relevant mark wait cancel access member;
Parameter generates the group of integers Z that center setting includes q elementq, set Zq=1,2 ... q }, wherein q is one Big prime;
Parameter generates center in ZqThe upper random multinomial for generating 10 orders and being 3 Wherein, multinomialProperty element w in corresponding accessed user property seti, y expression variable, generator polynomialShamir Polynomial secret share mechanism is applied, which is divided into d parts for a secret and is shared by d access member, Each member obtains the portion in d parts, and complete secret cannot be inferred in any d-1 member after sharing.
Step 1b) parameter generate center set security parameter λ, and use algorithm TrapGen, by λ generate size be n × The matrix A of m0To passOne group of short base of full rankIt willMaster key MSK, TrapGen algorithm as system is such as Under:
Security parameter λ is set as the binary number of 1024bit, algorithm output matrix A within the probabilistic polynomial time0And it is whole Number latticeSubstratePass through the substrate as master key MSK againIt carries out plus solves It is close, wherein 2 < n < m, e indicate the integer vectors of m dimension, and mod indicates modulo operation;
Step 1c) parameter generates the random matrix B for being centrally generated that size is n × m, while being each w in W'iIt generates big The small random matrix for n × mAnd by A0, B, random matrixPublic key as systemWherein, matrix B and matrixIn the value of each element be just whole no more than q Number;
Step 2) key generation centre obtains the attribute private key of access member to (sk1,sk2):
Step 2a) key generation centre generation n dimension random vector μ, and be each a in access member property collection AjAt random Generation has n polynomial multinomial groups
Step 2a1) key generation centre generation random vector μ=(μ1,…,μz,…,μn), random vector μ is for assisting Generator polynomial groupWherein, each component value of vector μ is random number, μzIndicate z-th of component of μ, 1 < z < n;
Step 2a2) in order to by access member property calculate access member private key, key generation centre be access at Each a in member's property set AjRandom generator polynomial groupWherein, Pz'(aj) Constant term Pz' (0)=μz, Pz'(aj) representative polynomial groupZ-th of multinomial, ()TIndicate transposition operation;
Step 2b) key generation centre uses SampleLeft algorithm, and passes through the master key MSK of system, the public affairs of system Key pk and multinomial groupCalculate the attribute private key e for not cancelling access members, algorithm SampleLeft is such as Under:
Wherein, g is Gaussian parameter, exports esIt is statistically close to the discrete distribution vector of Gauss, as not cancelling The attribute private key of member is accessed, each component value of the vector is the positive integer no more than q;
Step 2c) key generation centre is by by esWith any one wiCorresponding multinomialConstant term Calculate the attribute private key sk of access member1,It realizes to the private key e for not cancelling access membersIt is hidden;For Convenient for revocation, by access member identification information I andCalculate the access of the identity information of implicit access member at The attribute private key sk of member2,sk1And sk2The attribute private key of composition access member is to (sk1,sk2);
Step 3) is accessed user and obtains cipher-text message to (C0,(C1,C2)):
Step 3a) it is accessed the random matrix that user generates n dimension random vector f, 10 sizes are m × mWith obey from Dissipate the n-dimensional vector x of Gaussian Profile, wherein the positive integer that q is less than per one-dimensional component value of f, matrixThe value of each element It is to be randomly selected from -1 or 1, because the encipherment scheme on lattice is built upon in the hypothesis of LWE problem difficulty, and LWE Amount of error in problem be typically all from Gauss discrete distribution sampling obtain, therefore in order to ensure in encryption process just True property, generating and obeying the random vector x of discrete Gaussian Profile on lattice is necessary, discrete height of the random vector x on lattice This distribution are as follows:
Wherein, c is the n-dimensional vector on set of real numbers, and L' is n dimension lattice, real number s > 0, ρs,c(x) it is Gaussian function, calculates Method is as follows:
Wherein, e is the nature truth of a matter, and π is pi, | | | | indicate that the quadratic sum of each component of vector opens radical sign operation;
Step 3b) accessed user passes through system public key pk, vector f, any property element wiCorresponding matrixAnd to It measures x and calculates cipher-text message to (C0,(C1,C2)):
Step 3b1) accessed user encrypts plaintext M, obtain cipher-text message C0:
Wherein,Indicate downward floor operation;
Step 3b2) it is accessed user's calculating cipher-text message C0Assistance messages to (C1,C2):
C1=A0 Tf+x
Step 3b3) user is accessed by C0(C1,C2) cipher-text message is formed to (C0,(C1,C2));
Step 4) key generation centre calculates commission key PXK and sends:
Key generation centre passes throughWith the identification information wait cancel access member The commission key PXK for changing member's private key is calculated, and PXK is sent to proxy server and does not cancel access member, In,
Step 5) proxy server calculates Lagrange coefficient and sends:
Step 5a) proxy server by commission key PXK, access member identification information I, do not cancel access member mark Know informationWith the identification information wait cancel access memberCalculate separately multinomialIt is right The Lagrange coefficient answeredIt is private by the reduction of calculated Lagrange coefficient that access user is not cancelled Key es, wherein Lagrange coefficientCalculation formula are as follows:
Wherein,For Lagrange coefficient,For the identification information for not cancelling access member, I is the mark for accessing member Information,For the identification information wait cancel access member.
Step 5b) proxy server pass through property element { w1,…,wi,…w10Value calculate separately each property element Lagrange coefficient { H1,…,Hi,…,H10}:
Wherein, wpIndicate in set W' with wiDifferent property elements;
Step 5c) proxy server generalAnd { H1,…,Hi,…,H10Be sent to and do not cancel access Member;
Step 6) does not cancel access member to cipher-text message to (C0,(C1,C2)) it is decrypted:
Step 6a) do not cancel access member by PXK,With the attribute private key of access member (sk1,sk2), the private key e for not cancelling access member is calculated by Lagrange interpolation polynomials, realize by entrusting key Attribute private key (sk of the PXK to access member1,sk2) it is modified:
Wherein,It indicatesIn any one Lagrange coefficient;
Step 6b) access member is not cancelled by { H1,…,Hi,…,H10And do not cancel access member private key esIt is right (C0,(C1,C2)) be decrypted, the plaintext M after being decrypted ':
Wherein, Ω=W' ∩ A, (;) indicate to press row concatenation;
Step 6c) the error term r' that access member calculates M' is not cancelled, error term r' indicates the difference of M' and M, judgementIt is whether true, if so, thinking M' so that M, successful decryption can be restored in the case where ignoring error, and M' is made For plaintext M, otherwise decryption failure.

Claims (3)

1. supporting the ciphertext policy ABE encryption method of attribute revocation on a kind of lattice, which is characterized in that pass through encryption attribute system It realizes, which includes that parameter generates center, proxy server, key generation centre, is accessed user and including visiting wait cancel It asks member and does not cancel the access member of access member, implement step are as follows:
(1) parameter generates center and initializes system parameter:
It includes L property element w that (1a) parameter, which generates center setting,iAccessed user property set W'={ w1,…,wi,… wL, it include t property element wlAttribute set W={ w to be cancelled1,…,wl,…wt, L-t property element wkDo not cancel Attribute set W0={ wt+1,…,wk,…wL, it include J property element ajAccess member property set A={ a1,…, aj,…,aJ, the identification information I of member is accessed, wait cancel the identification information of access memberThe mark of access member is not cancelled InformationGroup of integers Z comprising q elementq, in ZqThe multinomial that upper random L order of generation is tWherein, 0 < i≤L, 0 < l≤t, 0 < t < L, t < k≤L, W'=W ∪ W0, 0 < j≤ J, q are a Big prime,Corresponding property element wi, y expression variable;
(1b) parameter generates center and sets security parameter λ, and uses algorithm TrapGen, and generating size by λ is the random of n × m Matrix A0To passOne group of short base of full rankIt willMaster key MSK as system, wherein 2 < n < m;
(1c) parameter generates the random matrix B for being centrally generated that size is n × m, while being each w in W'iGeneration size is n × m Random matrixAnd by A0, B, L random matrixPublic key as systemWherein, matrix B and matrixIn the value of each element be just whole no more than q Number;
(2) key generation centre obtains the attribute private key of access member to (sk1,sk2):
(2a) key generation centre generates random vector μ=(μ1,…,μz,…,μn), and be every in access member property collection A A ajRandom generator polynomial groupAnd P 'z(aj) constant term P 'z(0)=μz, In, μzIndicate z-th of component of vector μ, P 'z(aj) representative polynomial groupZ-th of multinomial, 1 < z < n, ()TIt indicates Transposition operation;
(2b) key generation centre uses SampleLeft algorithm, and passes through the master key MSK of system, the public key pk and J of system A multinomial groupCalculate the attribute private key e for not cancelling access members
(2c) key generation centre passes through esWith any one wiCorresponding multinomialConstant termCalculate access at The attribute private key sk of member1,And by access member identification information I andCalculate the category of access member Property private key sk2,sk1And sk2The attribute private key of composition access member is to (sk1,sk2);
(3) it is accessed user and obtains cipher-text message to (C0,(C1,C2)):
N dimension random vector x and L of discrete Gaussian Profile is obeyed on (3a) accessed user's generation n dimension random vector f, lattice Size is the random matrix of m × mWherein, the positive integer that q is less than per one-dimensional component value of f, matrixEach element Value is randomly selected from -1 or 1;
(3b) is accessed user and encrypts to plaintext M, obtains cipher-text message C0, and obtain cipher-text message C0Assistance messages pair (C1,C2), C0(C1,C2) cipher-text message of accessed user is formed to (C0,(C1,C2)):
C1=A0 Tf+x
Wherein,Indicate downward floor operation;
(4) key generation centre calculates commission key PXK and sends:
Key generation centre passes through L multinomialWith the identification information wait cancel access memberCalculate commission key PXK, and commission key PXK is sent to proxy server and does not cancel access member, wherein
(5) proxy server calculates Lagrange coefficient and sends:
Proxy server is by entrusting key PXK, the identification information I for accessing member, not cancelling access member identification informationAnd t A identification information wait cancel access memberCalculate separately L multinomialCorresponding drawing Ge Lang coefficientPass through L property element { w simultaneously1,…,wi,…wLValue calculate separately this L Lagrange coefficient { the H of property element1,…,Hi,…,HL, and willAnd { H1,…,Hi,…,HLHair Send to do not cancel access member;
(6) access member is not cancelled to cipher-text message to (C0,(C1,C2)) it is decrypted:
(6a) do not cancel access member by PXK,With the attribute private key (sk of access member1,sk2), meter Calculate the private key e for not cancelling access members:
Wherein,It indicatesIn any one Lagrange coefficient;
(6b) does not cancel the Lagrange coefficient { H that access member passes through L property element1,…,Hi,…,HLAnd do not cancel visit Ask the private key e of membersTo (C0,(C1,C2)) be decrypted, the plaintext M after being decrypted ':
Wherein, Ω=W' ∩ A, (;) indicate to press row concatenation;
(6c) does not cancel access member and calculates the error term r' of M', and judgesIt is whether true, if so, successful decryption, I.e. using M' as plaintext M, otherwise decryption failure.
2. the support access authority according to claim 1 based on lattice cancels encryption attribute method, which is characterized in that step Suddenly the n dimension random vector x of discrete Gaussian Profile, discrete Gaussian Profile of the x on lattice are obeyed on lattice described in (3a) are as follows:
Wherein, c is the n-dimensional vector on set of real numbers, and L' is n dimension lattice, real number s > 0, ρs,cIt (x) is Gaussian function, calculation method It is as follows:
Wherein, e is the nature truth of a matter, and π is pi, | | | | indicate that the quadratic sum of each component of vector opens radical sign operation.
3. the support access authority according to claim 1 based on lattice cancels encryption attribute method, which is characterized in that step Suddenly calculating described in (5)Lagrange coefficientCalculation formula are as follows:
Wherein,For Lagrange coefficient,For the identification information for not cancelling access member, I is the mark letter for accessing member Breath,For the identification information wait cancel access member.
CN201910526965.7A 2019-06-18 2019-06-18 Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner Active CN110247761B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910526965.7A CN110247761B (en) 2019-06-18 2019-06-18 Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910526965.7A CN110247761B (en) 2019-06-18 2019-06-18 Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner

Publications (2)

Publication Number Publication Date
CN110247761A true CN110247761A (en) 2019-09-17
CN110247761B CN110247761B (en) 2021-04-20

Family

ID=67887763

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910526965.7A Active CN110247761B (en) 2019-06-18 2019-06-18 Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner

Country Status (1)

Country Link
CN (1) CN110247761B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111970106A (en) * 2020-08-19 2020-11-20 北京邮电大学 Short ciphertext attribute-based encryption method and system supporting full homomorphism in lattice
CN112383550A (en) * 2020-11-11 2021-02-19 郑州轻工业大学 Dynamic authority access control method based on privacy protection

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546161A (en) * 2010-12-08 2012-07-04 索尼公司 Ciphertext policy based revocable attribute-based encryption method and equipment and system utilizing same
CN104113408A (en) * 2014-07-11 2014-10-22 西安电子科技大学 Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption
CN106452735A (en) * 2016-07-04 2017-02-22 广东工业大学 Outsourcing attribute encryption method supporting attribute cancellation
CN108512662A (en) * 2018-04-12 2018-09-07 上海海事大学 The hiding multimachine structure encryption method of support policy on a kind of lattice
CN108810004A (en) * 2018-06-22 2018-11-13 西安电子科技大学 More authorization center access control methods, cloud storage system can be revoked based on agency
CN108880801A (en) * 2018-07-09 2018-11-23 西南交通大学 The distributed nature base encryption method of fine granularity attribute revocation is supported on a kind of lattice

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546161A (en) * 2010-12-08 2012-07-04 索尼公司 Ciphertext policy based revocable attribute-based encryption method and equipment and system utilizing same
CN104113408A (en) * 2014-07-11 2014-10-22 西安电子科技大学 Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption
CN106452735A (en) * 2016-07-04 2017-02-22 广东工业大学 Outsourcing attribute encryption method supporting attribute cancellation
CN108512662A (en) * 2018-04-12 2018-09-07 上海海事大学 The hiding multimachine structure encryption method of support policy on a kind of lattice
CN108810004A (en) * 2018-06-22 2018-11-13 西安电子科技大学 More authorization center access control methods, cloud storage system can be revoked based on agency
CN108880801A (en) * 2018-07-09 2018-11-23 西南交通大学 The distributed nature base encryption method of fine granularity attribute revocation is supported on a kind of lattice

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
YOSHIAKI SHIRAISHI等: ""Attribute-Based Encryption with Attribute Revocation and Grant Function Using Proxy Re-encryption and Attribute Key for Updating"", 《HUMAN-CENTRIC COMPUTING AND INFORMATION SCIENCES》 *
于金霞等: ""外包环境下格上可撤销的属性基加密方案"", 《计算机科学与探索》 *
张佳乐等: ""边缘计算数据安全与隐私保护研究综述"", 《通信学报》 *
李继国等: ""隐私保护且支持用户撤销的属性基加密方案"", 《计算机研究与发展》 *
熊安萍: ""云存储环境下基于属性的密文策略访问控制机制研究"", 《中国博士学位论文全文数据库信息科技辑》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111970106A (en) * 2020-08-19 2020-11-20 北京邮电大学 Short ciphertext attribute-based encryption method and system supporting full homomorphism in lattice
CN111970106B (en) * 2020-08-19 2021-11-05 北京邮电大学 Short ciphertext attribute-based encryption method and system supporting full homomorphism in lattice
CN112383550A (en) * 2020-11-11 2021-02-19 郑州轻工业大学 Dynamic authority access control method based on privacy protection
CN112383550B (en) * 2020-11-11 2022-07-26 郑州轻工业大学 Dynamic authority access control method based on privacy protection

Also Published As

Publication number Publication date
CN110247761B (en) 2021-04-20

Similar Documents

Publication Publication Date Title
Choudhuri et al. Fairness in an unfair world: Fair multiparty computation from public bulletin boards
CN109040045A (en) A kind of cloud storage access control method based on the encryption of ciphertext policy ABE base
CN109559117A (en) Block chain contract method for secret protection and system based on the encryption of attribute base
CN106059768B (en) Encryption system and method can be revoked in the attribute for resisting re-encrypted private key leakage
CN115549887A (en) Determination of a common secret and hierarchical deterministic keys for the secure exchange of information
CN113595726A (en) Method for controlling and distributing blockchain implementation of digital content
EP2228942A1 (en) Securing communications sent by a first user to a second user
CN107359986A (en) The outsourcing encryption and decryption CP ABE methods of user revocation
CN106487506A (en) A kind of many mechanisms KP ABE method supporting pre-encrypt and outsourcing deciphering
CN102594570A (en) Key threshold algorithm based on level identity encryption
CN114036539A (en) Safety auditable Internet of things data sharing system and method based on block chain
Susilo et al. EACSIP: Extendable access control system with integrity protection for enhancing collaboration in the cloud
Liu et al. A novel quantum group proxy blind signature scheme based on five-qubit entangled state
CN106059765A (en) Digital virtual asset access control method based on attribute password under cloud environment
Han et al. Anonymous single sign-on with proxy re-verification
CN108712259A (en) Identity-based acts on behalf of the efficient auditing method of cloud storage for uploading data
Cao et al. A quantum proxy weak blind signature scheme
CN109547413A (en) The access control method of convertible data cloud storage with data source authentication
Meshram et al. A provably secure lightweight subtree-based short signature scheme with fuzzy user data sharing for human-centered IoT
CN110247761A (en) The ciphertext policy ABE encryption method of attribute revocation is supported on a kind of lattice
Ren et al. Building resilient web 3.0 with quantum information technologies and blockchain: An ambilateral view
CN109743162A (en) A kind of operated using ideal lattice carries out the matched encryption method of identity attribute
CN105763322B (en) A kind of encryption key isolation digital signature method and system obscured
CN107959725A (en) The Publish-subscribe class service agreement of consideration privacy of user based on elliptic curve
CN110519040B (en) Anti-quantum computation digital signature method and system based on identity

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant