CN110247761A - The ciphertext policy ABE encryption method of attribute revocation is supported on a kind of lattice - Google Patents
The ciphertext policy ABE encryption method of attribute revocation is supported on a kind of lattice Download PDFInfo
- Publication number
- CN110247761A CN110247761A CN201910526965.7A CN201910526965A CN110247761A CN 110247761 A CN110247761 A CN 110247761A CN 201910526965 A CN201910526965 A CN 201910526965A CN 110247761 A CN110247761 A CN 110247761A
- Authority
- CN
- China
- Prior art keywords
- access member
- key
- attribute
- cancel
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
Abstract
The present invention proposes the ciphertext policy ABE encryption method that attribute revocation is supported on a kind of lattice, for solving the lower technical problem of efficiency and flexibility in existing attribute encryption technology, realizes step are as follows: (1) parameter generates center and initializes system parameter;(2) key generation centre obtains the attribute private key of access member to (sk1,sk2);(3) it is accessed user and obtains cipher-text message to (C0,(C1,C2));(4) key generation centre calculates commission key PXK and sends;(5) proxy server calculates Lagrange coefficient and sends;(6) access member is not cancelled to cipher-text message to (C0,(C1,C2)) be decrypted.In actual social networks, the present invention can also support flexible access structure while making the efficiency of attribute base encryption method get a promotion.
Description
Technical field
The invention belongs to fields of communication technology, are related to a kind of ciphertext policy ABE encryption method, and in particular to information security
The ciphertext policy ABE encryption method of attribute revocation is supported on a kind of lattice of technical field.
Background technique
With the fast development of the communication technology, the level of economy and information globalization is increasingly improved, safe transmission channel
Important foundation stone with information security as internet and e-commerce development, and most basic in information security, most crucial technology
It is exactly information encryption.Contemporary cryptology mostly encrypts information using public encryption system, but in the system,
The distribution and maintenance of public key certificate need to occupy more resource, and management is more complicated, will lead to certificate server excess load fortune
Row, the encryption system for being then based on attribute are suggested, and the accessed user in the system only needs to encrypt message according to member property,
Without paying close attention to the quantity and identity of member in group, reduces data encryption expense and protect privacy of user.
Encryption attribute is divided into the encryption attribute method based on key strategy and the encryption attribute method based on Ciphertext policy,
In, although the access structure comparison of the encryption attribute method based on key strategy is abundant, it is a lack of flexibility, is not adapted to existing
Changeable user property in reality, and the then flexibility with higher of the encryption attribute method based on Ciphertext policy are visited in this method
Ask that the private key of member is generated according to the attribute set of the member, access structure is embedded in ciphertext, and if only if access member
Meet the access structure in ciphertext, access member could decrypt ciphertext, so that accessed user can be right in encryption
The identity of access member is defined.
Since traditional ciphertext policy ABE encryption method can not be kept out, quantum is attacked and operand is larger, and based on lattice
Encryption method can also reduce the computation complexity of original encryption process while with higher-security, therefore construct lattice
On encryption attribute method be necessary.Although the existing encryption attribute method based on lattice solves above-mentioned ask
Topic, but in social networks, the attribute for accessing member can change with many factors such as times, existing encryption method
It can only be checked and be updated in real time by private key information of the key generation centre to all access members, therefore can to add
Decrypting process operand is very big, and especially when the quantity of system access member is very big, the efficiency of this method can be very low, while by
Access structure is embedded in member keys in the prior art, leads to the attribute letter that can not specify access member in ciphering process
Breath, flexibility are also very low.
For example, application publication number is CN105162589A, it is entitled " a kind of to can verify that encryption attribute method based on lattice "
Patent application, disclose it is a kind of can verify that encryption attribute method based on lattice, that realizes the encryption attribute scheme based on lattice can
Operability, this method construct the encryption attribute scheme based on key strategy on lattice using most short amount difficult problem on lattice, lead to
It crosses and constructs new Dynamical Secret Key Building Algorithm, also generate the verification information of key while generating key, user can be to awarding
The confidence level of power mechanism is verified, and solves existing encryption attribute mechanism under quantum calculation by no longer safe defect, together
When can exercise supervision to authorized organization, enhance the safety of system, still, the shortcoming that this method still has is:
Under actual conditions, the identity attribute of user can change with time and position, so that the access authority of user can be made to send out
Raw corresponding variation, this method need to carry out considerably complicated operation, efficiency is very low, simultaneously when member property changes
Since this method binds attribute and ciphertext, the flexibility of this method is limited.
Summary of the invention
The ciphertext that it is an object of the invention to, propose to support attribute revocation on a kind of lattice in view of the above shortcomings of the prior art
Policy attribute encryption method, for solving efficiency existing in the prior art and the low technical problem of flexibility.
Technical thought of the invention is: in the technical foundation of case theory, parameter generates center initialization system parameter simultaneously
Generation system public key and master key;Key generation centre is each member meter by the master key of system and the attribute of access member
Calculate private key;Accessed user, which encrypts plaintext by system public key, generates cipher-text message pair;Key generation centre calculate comprising to
The commission key of revocation access information about firms;Proxy server belongs to for calculating random number polynomial and access member in commission key
The Lagrange coefficient of property;Access member is not cancelled by commission key recovery private key and decrypts cipher-text message pair.
To achieve the above object, the technical solution that the present invention takes realizes that the system includes ginseng by encryption attribute system
Number generation center, key generation centre, is accessed user and including wait cancel access member and do not cancel access at proxy server
The access member of member implements step are as follows:
(1) parameter generates center and initializes system parameter:
It includes L property element w that (1a) parameter, which generates center setting,iAccessed user property set
W'={ w1,…,wi,…wL, it include t property element wlAttribute set W={ w to be cancelled1,…,wl,…
wt, L-t property element wkDo not cancel attribute set W0={ wt+1,…,wk,…wL, it include J property element ajAccess
Member property set A={ a1,…,aj,…,aJ, the identification information I of member is accessed, wait cancel the identification information of access memberThe identification information of access member is not cancelledGroup of integers Z comprising q elementq, in ZqUpper random L order of generation is t
MultinomialWherein, 0 < i≤L, 0 < l≤t, 0 < t < L, t < k≤L, W'=W ∪
W0, 0 < j≤J, q is prime number,Corresponding property element wi, y expression variable;
(1b) parameter generates center and sets security parameter λ, and uses algorithm TrapGen, and generating size by λ is n × m's
Random matrix A0To passOne group of short base of full rankIt willMaster key MSK as system, wherein 2 < n < m;
(1c) parameter generates the random matrix B for being centrally generated that size is n × m, while being each w in W'iGenerate size
For the random matrix of n × mAnd by A0, B, L random matrixPublic key as systemWherein, matrix B and matrixIn the value of each element be just whole no more than q
Number;
(2) key generation centre obtains the attribute private key of access member to (sk1,sk2):
(2a) key generation centre generates random vector μ=(μ1,…,μz,…,μn), and in access member property collection A
Each ajRandom generator polynomial groupAnd Pz'(aj) constant term Pz' (0)=
μz, wherein μzIndicate z-th of component of vector μ, Pz'(aj) representative polynomial groupZ-th of multinomial, 1 < z < n, ()T
Indicate transposition operation;
(2b) key generation centre uses left sampling algorithm, and passes through the master key MSK of system, the public key pk and J of system
A multinomial groupCalculate the attribute private key e for not cancelling access members;
(2c) key generation centre passes through esWith any one wiCorresponding multinomialConstant termIt calculates and visits
Ask the attribute private key sk of member1,And by access member identification information I andCalculate access member
Attribute private key sk2,sk1And sk2The attribute private key of composition access member is to (sk1,sk2);
(3) it is accessed user and obtains cipher-text message to (C0,(C1,C2)):
(3a) be accessed user generate n dimension random vector f, obey on lattice discrete Gaussian Profile n dimension random vector x and
The random matrix that L size is m × mWherein, the positive integer that q is less than per one-dimensional component value of f, matrixEach element
Value be to be randomly selected from -1 or 1;
(3b) is accessed user and encrypts to plaintext M, obtains cipher-text message C0, and obtain cipher-text message C0Auxiliary disappear
Breath is to (C1,C2), C0(C1,C2) cipher-text message of accessed user is formed to (C0,(C1,C2)):
C1=A0 Tf+x
Wherein,Indicate downward floor operation;
(4) key generation centre calculates commission key PXK and sends:
Key generation centre passes through L multinomialWith the identification information wait cancel access memberCalculate commission
Key PXK, and commission key PXK is sent to proxy server and does not cancel access member, wherein
(5) proxy server calculates Lagrange coefficient and sends:
Proxy server is by entrusting key PXK, accessing the identification information I of member and not cancelling access member identification informationCalculate separately L multinomialCorresponding Lagrange coefficientPass through L property element { w simultaneously1,…,wi,…wLValue calculate separately this L property element
Lagrange coefficient { H1,…,Hi,…,HL, and willAnd { H1,…,Hi,…,HLBe sent to and do not cancel
Access member;
(6) access member is not cancelled to cipher-text message to (C0,(C1,C2)) it is decrypted:
(6a) do not cancel access member by PXK,With the attribute private key (sk of access member1,
sk2), calculate the private key e for not cancelling access members:
Wherein,It indicatesIn any one Lagrange coefficient;
(6b) does not cancel the Lagrange coefficient { H that access member passes through L property element1,…,Hi,…,HLAnd do not remove
The private key e of pin access membersTo (C0,(C1,C2)) be decrypted, the plaintext M after being decrypted ':
Wherein, Ω=W' ∩ A, (;) indicate to press row concatenation;
(6c) does not cancel access member and calculates the error term r ' of M', and judgesIt is whether true, if so, decryption
Success, i.e., using M' as plaintext M, otherwise decryption failure.
Compared with prior art, the present invention having the advantage that
It, can be with 1. the present invention is changed using access member's private key for generating on the basis of case theory of commission key pair
The permission of the member of revocation access in real time avoids private key inspection and more of the prior art by key generation centre to access member
The big defect of encryption and decryption operand, effectively increases the efficiency of encryption attribute caused by new.
It, can be directly to the identity for accessing member 2. the present invention calculates the private key of access member by accessing member property
It is defined, it is more by causing the access structure and access member's private key binding not to adapt to member property to avoid the prior art
The defect of change effectively increases the flexibility of encryption attribute.
Detailed description of the invention
Fig. 1 is the structural schematic diagram for the encryption attribute system that the present invention uses;
Fig. 2 is implementation flow chart of the invention.
Specific embodiment
In the following with reference to the drawings and specific embodiments, present invention is further described in detail.
Referring to Fig.1, the encryption attribute system that the present invention uses, including parameter generate center, proxy server, key generation
Center, accessed user and include wait cancel access member and do not cancel the access member of access member: where during parameter generates
The heart is for initializing system parameter and generating system public key and master key, and accessed user is by system public key to adding in plain text
It is close;Proxy server is used to calculate the Lagrange coefficient of random number polynomial and access member property in commission key;Key is raw
While calculating private key by the master key of system and the attribute of access member at center for each member, calculate comprising wait cancel
Access the commission key of information about firms;Accessed user, which encrypts plaintext by system public key, generates cipher-text message pair;Wait cancel
Accessing member is the access member for needing to cancel in this method;Access member is not cancelled by commission security key change private key and is decrypted
Cipher-text message pair.
Referring to Fig. 2, the encryption attribute method of the Ciphertext policy of attribute revocation is supported on a kind of lattice, is included the following steps:
Step 1) parameter generates center and initializes system parameter:
Step 1a) parameter generate center setting include L property element wiAccessed user property set W'=
{w1,…,wi,…wL, it include t property element wlAttribute set W={ w to be cancelled1,…,wl,…wt, include L-t category
Property element wkDo not cancel attribute set W0={ wt+1,…,wk,…wL, being accessed user property set W' is attribute to be cancelled
Set W and attribute set W is not cancelled0Union, include J property element ajAccess member property set A={ a1,…,
aj,…,aJ, wherein setting L=10, t=3, J=5,0 < i≤10,0 < l≤3,3 < k≤10,0 j≤5 <;
Parameter generates the identification information I of center setting access member, wait cancel the identification information of access memberIt does not remove
The identification information of pin access memberWherein, I indicates the identification information of all access members,It indicates and attribute w to be cancelledl
The relevant mark wait cancel access member,It indicates and attribute w to be cancelledkThe relevant mark wait cancel access member;
Parameter generates the group of integers Z that center setting includes q elementq, set Zq=1,2 ... q }, wherein q is one
Big prime;
Parameter generates center in ZqThe upper random multinomial for generating 10 orders and being 3
Wherein, multinomialProperty element w in corresponding accessed user property seti, y expression variable, generator polynomialShamir Polynomial secret share mechanism is applied, which is divided into d parts for a secret and is shared by d access member,
Each member obtains the portion in d parts, and complete secret cannot be inferred in any d-1 member after sharing.
Step 1b) parameter generate center set security parameter λ, and use algorithm TrapGen, by λ generate size be n ×
The matrix A of m0To passOne group of short base of full rankIt willMaster key MSK, TrapGen algorithm as system is such as
Under:
Security parameter λ is set as the binary number of 1024bit, algorithm output matrix A within the probabilistic polynomial time0And it is whole
Number latticeSubstratePass through the substrate as master key MSK againIt carries out plus solves
It is close, wherein 2 < n < m, e indicate the integer vectors of m dimension, and mod indicates modulo operation;
Step 1c) parameter generates the random matrix B for being centrally generated that size is n × m, while being each w in W'iIt generates big
The small random matrix for n × mAnd by A0, B, random matrixPublic key as systemWherein, matrix B and matrixIn the value of each element be just whole no more than q
Number;
Step 2) key generation centre obtains the attribute private key of access member to (sk1,sk2):
Step 2a) key generation centre generation n dimension random vector μ, and be each a in access member property collection AjAt random
Generation has n polynomial multinomial groups
Step 2a1) key generation centre generation random vector μ=(μ1,…,μz,…,μn), random vector μ is for assisting
Generator polynomial groupWherein, each component value of vector μ is random number, μzIndicate z-th of component of μ, 1 < z < n;
Step 2a2) in order to by access member property calculate access member private key, key generation centre be access at
Each a in member's property set AjRandom generator polynomial groupWherein, Pz'(aj)
Constant term Pz' (0)=μz, Pz'(aj) representative polynomial groupZ-th of multinomial, ()TIndicate transposition operation;
Step 2b) key generation centre uses SampleLeft algorithm, and passes through the master key MSK of system, the public affairs of system
Key pk and multinomial groupCalculate the attribute private key e for not cancelling access members, algorithm SampleLeft is such as
Under:
Wherein, g is Gaussian parameter, exports esIt is statistically close to the discrete distribution vector of Gauss, as not cancelling
The attribute private key of member is accessed, each component value of the vector is the positive integer no more than q;
Step 2c) key generation centre is by by esWith any one wiCorresponding multinomialConstant term
Calculate the attribute private key sk of access member1,It realizes to the private key e for not cancelling access membersIt is hidden;For
Convenient for revocation, by access member identification information I andCalculate the access of the identity information of implicit access member at
The attribute private key sk of member2,sk1And sk2The attribute private key of composition access member is to (sk1,sk2);
Step 3) is accessed user and obtains cipher-text message to (C0,(C1,C2)):
Step 3a) it is accessed the random matrix that user generates n dimension random vector f, 10 sizes are m × mWith obey from
Dissipate the n-dimensional vector x of Gaussian Profile, wherein the positive integer that q is less than per one-dimensional component value of f, matrixThe value of each element
It is to be randomly selected from -1 or 1, because the encipherment scheme on lattice is built upon in the hypothesis of LWE problem difficulty, and LWE
Amount of error in problem be typically all from Gauss discrete distribution sampling obtain, therefore in order to ensure in encryption process just
True property, generating and obeying the random vector x of discrete Gaussian Profile on lattice is necessary, discrete height of the random vector x on lattice
This distribution are as follows:
Wherein, c is the n-dimensional vector on set of real numbers, and L' is n dimension lattice, real number s > 0, ρs,c(x) it is Gaussian function, calculates
Method is as follows:
Wherein, e is the nature truth of a matter, and π is pi, | | | | indicate that the quadratic sum of each component of vector opens radical sign operation;
Step 3b) accessed user passes through system public key pk, vector f, any property element wiCorresponding matrixAnd to
It measures x and calculates cipher-text message to (C0,(C1,C2)):
Step 3b1) accessed user encrypts plaintext M, obtain cipher-text message C0:
Wherein,Indicate downward floor operation;
Step 3b2) it is accessed user's calculating cipher-text message C0Assistance messages to (C1,C2):
C1=A0 Tf+x
Step 3b3) user is accessed by C0(C1,C2) cipher-text message is formed to (C0,(C1,C2));
Step 4) key generation centre calculates commission key PXK and sends:
Key generation centre passes throughWith the identification information wait cancel access member
The commission key PXK for changing member's private key is calculated, and PXK is sent to proxy server and does not cancel access member,
In,
Step 5) proxy server calculates Lagrange coefficient and sends:
Step 5a) proxy server by commission key PXK, access member identification information I, do not cancel access member mark
Know informationWith the identification information wait cancel access memberCalculate separately multinomialIt is right
The Lagrange coefficient answeredIt is private by the reduction of calculated Lagrange coefficient that access user is not cancelled
Key es, wherein Lagrange coefficientCalculation formula are as follows:
Wherein,For Lagrange coefficient,For the identification information for not cancelling access member, I is the mark for accessing member
Information,For the identification information wait cancel access member.
Step 5b) proxy server pass through property element { w1,…,wi,…w10Value calculate separately each property element
Lagrange coefficient { H1,…,Hi,…,H10}:
Wherein, wpIndicate in set W' with wiDifferent property elements;
Step 5c) proxy server generalAnd { H1,…,Hi,…,H10Be sent to and do not cancel access
Member;
Step 6) does not cancel access member to cipher-text message to (C0,(C1,C2)) it is decrypted:
Step 6a) do not cancel access member by PXK,With the attribute private key of access member
(sk1,sk2), the private key e for not cancelling access member is calculated by Lagrange interpolation polynomials, realize by entrusting key
Attribute private key (sk of the PXK to access member1,sk2) it is modified:
Wherein,It indicatesIn any one Lagrange coefficient;
Step 6b) access member is not cancelled by { H1,…,Hi,…,H10And do not cancel access member private key esIt is right
(C0,(C1,C2)) be decrypted, the plaintext M after being decrypted ':
Wherein, Ω=W' ∩ A, (;) indicate to press row concatenation;
Step 6c) the error term r' that access member calculates M' is not cancelled, error term r' indicates the difference of M' and M, judgementIt is whether true, if so, thinking M' so that M, successful decryption can be restored in the case where ignoring error, and M' is made
For plaintext M, otherwise decryption failure.
Claims (3)
1. supporting the ciphertext policy ABE encryption method of attribute revocation on a kind of lattice, which is characterized in that pass through encryption attribute system
It realizes, which includes that parameter generates center, proxy server, key generation centre, is accessed user and including visiting wait cancel
It asks member and does not cancel the access member of access member, implement step are as follows:
(1) parameter generates center and initializes system parameter:
It includes L property element w that (1a) parameter, which generates center setting,iAccessed user property set W'={ w1,…,wi,…
wL, it include t property element wlAttribute set W={ w to be cancelled1,…,wl,…wt, L-t property element wkDo not cancel
Attribute set W0={ wt+1,…,wk,…wL, it include J property element ajAccess member property set A={ a1,…,
aj,…,aJ, the identification information I of member is accessed, wait cancel the identification information of access memberThe mark of access member is not cancelled
InformationGroup of integers Z comprising q elementq, in ZqThe multinomial that upper random L order of generation is tWherein, 0 < i≤L, 0 < l≤t, 0 < t < L, t < k≤L, W'=W ∪ W0, 0 < j≤
J, q are a Big prime,Corresponding property element wi, y expression variable;
(1b) parameter generates center and sets security parameter λ, and uses algorithm TrapGen, and generating size by λ is the random of n × m
Matrix A0To passOne group of short base of full rankIt willMaster key MSK as system, wherein 2 < n < m;
(1c) parameter generates the random matrix B for being centrally generated that size is n × m, while being each w in W'iGeneration size is n × m
Random matrixAnd by A0, B, L random matrixPublic key as systemWherein, matrix B and matrixIn the value of each element be just whole no more than q
Number;
(2) key generation centre obtains the attribute private key of access member to (sk1,sk2):
(2a) key generation centre generates random vector μ=(μ1,…,μz,…,μn), and be every in access member property collection A
A ajRandom generator polynomial groupAnd P 'z(aj) constant term P 'z(0)=μz,
In, μzIndicate z-th of component of vector μ, P 'z(aj) representative polynomial groupZ-th of multinomial, 1 < z < n, ()TIt indicates
Transposition operation;
(2b) key generation centre uses SampleLeft algorithm, and passes through the master key MSK of system, the public key pk and J of system
A multinomial groupCalculate the attribute private key e for not cancelling access members;
(2c) key generation centre passes through esWith any one wiCorresponding multinomialConstant termCalculate access at
The attribute private key sk of member1,And by access member identification information I andCalculate the category of access member
Property private key sk2,sk1And sk2The attribute private key of composition access member is to (sk1,sk2);
(3) it is accessed user and obtains cipher-text message to (C0,(C1,C2)):
N dimension random vector x and L of discrete Gaussian Profile is obeyed on (3a) accessed user's generation n dimension random vector f, lattice
Size is the random matrix of m × mWherein, the positive integer that q is less than per one-dimensional component value of f, matrixEach element
Value is randomly selected from -1 or 1;
(3b) is accessed user and encrypts to plaintext M, obtains cipher-text message C0, and obtain cipher-text message C0Assistance messages pair
(C1,C2), C0(C1,C2) cipher-text message of accessed user is formed to (C0,(C1,C2)):
C1=A0 Tf+x
Wherein,Indicate downward floor operation;
(4) key generation centre calculates commission key PXK and sends:
Key generation centre passes through L multinomialWith the identification information wait cancel access memberCalculate commission key
PXK, and commission key PXK is sent to proxy server and does not cancel access member, wherein
(5) proxy server calculates Lagrange coefficient and sends:
Proxy server is by entrusting key PXK, the identification information I for accessing member, not cancelling access member identification informationAnd t
A identification information wait cancel access memberCalculate separately L multinomialCorresponding drawing
Ge Lang coefficientPass through L property element { w simultaneously1,…,wi,…wLValue calculate separately this L
Lagrange coefficient { the H of property element1,…,Hi,…,HL, and willAnd { H1,…,Hi,…,HLHair
Send to do not cancel access member;
(6) access member is not cancelled to cipher-text message to (C0,(C1,C2)) it is decrypted:
(6a) do not cancel access member by PXK,With the attribute private key (sk of access member1,sk2), meter
Calculate the private key e for not cancelling access members:
Wherein,It indicatesIn any one Lagrange coefficient;
(6b) does not cancel the Lagrange coefficient { H that access member passes through L property element1,…,Hi,…,HLAnd do not cancel visit
Ask the private key e of membersTo (C0,(C1,C2)) be decrypted, the plaintext M after being decrypted ':
Wherein, Ω=W' ∩ A, (;) indicate to press row concatenation;
(6c) does not cancel access member and calculates the error term r' of M', and judgesIt is whether true, if so, successful decryption,
I.e. using M' as plaintext M, otherwise decryption failure.
2. the support access authority according to claim 1 based on lattice cancels encryption attribute method, which is characterized in that step
Suddenly the n dimension random vector x of discrete Gaussian Profile, discrete Gaussian Profile of the x on lattice are obeyed on lattice described in (3a) are as follows:
Wherein, c is the n-dimensional vector on set of real numbers, and L' is n dimension lattice, real number s > 0, ρs,cIt (x) is Gaussian function, calculation method
It is as follows:
Wherein, e is the nature truth of a matter, and π is pi, | | | | indicate that the quadratic sum of each component of vector opens radical sign operation.
3. the support access authority according to claim 1 based on lattice cancels encryption attribute method, which is characterized in that step
Suddenly calculating described in (5)Lagrange coefficientCalculation formula are as follows:
Wherein,For Lagrange coefficient,For the identification information for not cancelling access member, I is the mark letter for accessing member
Breath,For the identification information wait cancel access member.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910526965.7A CN110247761B (en) | 2019-06-18 | 2019-06-18 | Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910526965.7A CN110247761B (en) | 2019-06-18 | 2019-06-18 | Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110247761A true CN110247761A (en) | 2019-09-17 |
CN110247761B CN110247761B (en) | 2021-04-20 |
Family
ID=67887763
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910526965.7A Active CN110247761B (en) | 2019-06-18 | 2019-06-18 | Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110247761B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111970106A (en) * | 2020-08-19 | 2020-11-20 | 北京邮电大学 | Short ciphertext attribute-based encryption method and system supporting full homomorphism in lattice |
CN112383550A (en) * | 2020-11-11 | 2021-02-19 | 郑州轻工业大学 | Dynamic authority access control method based on privacy protection |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102546161A (en) * | 2010-12-08 | 2012-07-04 | 索尼公司 | Ciphertext policy based revocable attribute-based encryption method and equipment and system utilizing same |
CN104113408A (en) * | 2014-07-11 | 2014-10-22 | 西安电子科技大学 | Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption |
CN106452735A (en) * | 2016-07-04 | 2017-02-22 | 广东工业大学 | Outsourcing attribute encryption method supporting attribute cancellation |
CN108512662A (en) * | 2018-04-12 | 2018-09-07 | 上海海事大学 | The hiding multimachine structure encryption method of support policy on a kind of lattice |
CN108810004A (en) * | 2018-06-22 | 2018-11-13 | 西安电子科技大学 | More authorization center access control methods, cloud storage system can be revoked based on agency |
CN108880801A (en) * | 2018-07-09 | 2018-11-23 | 西南交通大学 | The distributed nature base encryption method of fine granularity attribute revocation is supported on a kind of lattice |
-
2019
- 2019-06-18 CN CN201910526965.7A patent/CN110247761B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102546161A (en) * | 2010-12-08 | 2012-07-04 | 索尼公司 | Ciphertext policy based revocable attribute-based encryption method and equipment and system utilizing same |
CN104113408A (en) * | 2014-07-11 | 2014-10-22 | 西安电子科技大学 | Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption |
CN106452735A (en) * | 2016-07-04 | 2017-02-22 | 广东工业大学 | Outsourcing attribute encryption method supporting attribute cancellation |
CN108512662A (en) * | 2018-04-12 | 2018-09-07 | 上海海事大学 | The hiding multimachine structure encryption method of support policy on a kind of lattice |
CN108810004A (en) * | 2018-06-22 | 2018-11-13 | 西安电子科技大学 | More authorization center access control methods, cloud storage system can be revoked based on agency |
CN108880801A (en) * | 2018-07-09 | 2018-11-23 | 西南交通大学 | The distributed nature base encryption method of fine granularity attribute revocation is supported on a kind of lattice |
Non-Patent Citations (5)
Title |
---|
YOSHIAKI SHIRAISHI等: ""Attribute-Based Encryption with Attribute Revocation and Grant Function Using Proxy Re-encryption and Attribute Key for Updating"", 《HUMAN-CENTRIC COMPUTING AND INFORMATION SCIENCES》 * |
于金霞等: ""外包环境下格上可撤销的属性基加密方案"", 《计算机科学与探索》 * |
张佳乐等: ""边缘计算数据安全与隐私保护研究综述"", 《通信学报》 * |
李继国等: ""隐私保护且支持用户撤销的属性基加密方案"", 《计算机研究与发展》 * |
熊安萍: ""云存储环境下基于属性的密文策略访问控制机制研究"", 《中国博士学位论文全文数据库信息科技辑》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111970106A (en) * | 2020-08-19 | 2020-11-20 | 北京邮电大学 | Short ciphertext attribute-based encryption method and system supporting full homomorphism in lattice |
CN111970106B (en) * | 2020-08-19 | 2021-11-05 | 北京邮电大学 | Short ciphertext attribute-based encryption method and system supporting full homomorphism in lattice |
CN112383550A (en) * | 2020-11-11 | 2021-02-19 | 郑州轻工业大学 | Dynamic authority access control method based on privacy protection |
CN112383550B (en) * | 2020-11-11 | 2022-07-26 | 郑州轻工业大学 | Dynamic authority access control method based on privacy protection |
Also Published As
Publication number | Publication date |
---|---|
CN110247761B (en) | 2021-04-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Choudhuri et al. | Fairness in an unfair world: Fair multiparty computation from public bulletin boards | |
CN109040045A (en) | A kind of cloud storage access control method based on the encryption of ciphertext policy ABE base | |
CN109559117A (en) | Block chain contract method for secret protection and system based on the encryption of attribute base | |
CN106059768B (en) | Encryption system and method can be revoked in the attribute for resisting re-encrypted private key leakage | |
CN115549887A (en) | Determination of a common secret and hierarchical deterministic keys for the secure exchange of information | |
CN113595726A (en) | Method for controlling and distributing blockchain implementation of digital content | |
EP2228942A1 (en) | Securing communications sent by a first user to a second user | |
CN107359986A (en) | The outsourcing encryption and decryption CP ABE methods of user revocation | |
CN106487506A (en) | A kind of many mechanisms KP ABE method supporting pre-encrypt and outsourcing deciphering | |
CN102594570A (en) | Key threshold algorithm based on level identity encryption | |
CN114036539A (en) | Safety auditable Internet of things data sharing system and method based on block chain | |
Susilo et al. | EACSIP: Extendable access control system with integrity protection for enhancing collaboration in the cloud | |
Liu et al. | A novel quantum group proxy blind signature scheme based on five-qubit entangled state | |
CN106059765A (en) | Digital virtual asset access control method based on attribute password under cloud environment | |
Han et al. | Anonymous single sign-on with proxy re-verification | |
CN108712259A (en) | Identity-based acts on behalf of the efficient auditing method of cloud storage for uploading data | |
Cao et al. | A quantum proxy weak blind signature scheme | |
CN109547413A (en) | The access control method of convertible data cloud storage with data source authentication | |
Meshram et al. | A provably secure lightweight subtree-based short signature scheme with fuzzy user data sharing for human-centered IoT | |
CN110247761A (en) | The ciphertext policy ABE encryption method of attribute revocation is supported on a kind of lattice | |
Ren et al. | Building resilient web 3.0 with quantum information technologies and blockchain: An ambilateral view | |
CN109743162A (en) | A kind of operated using ideal lattice carries out the matched encryption method of identity attribute | |
CN105763322B (en) | A kind of encryption key isolation digital signature method and system obscured | |
CN107959725A (en) | The Publish-subscribe class service agreement of consideration privacy of user based on elliptic curve | |
CN110519040B (en) | Anti-quantum computation digital signature method and system based on identity |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |