CN110247761B - Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner - Google Patents
Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner Download PDFInfo
- Publication number
- CN110247761B CN110247761B CN201910526965.7A CN201910526965A CN110247761B CN 110247761 B CN110247761 B CN 110247761B CN 201910526965 A CN201910526965 A CN 201910526965A CN 110247761 B CN110247761 B CN 110247761B
- Authority
- CN
- China
- Prior art keywords
- attribute
- access member
- key
- generation center
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a ciphertext strategy attribute encryption method supporting attribute revocation in a lattice manner, which is used for solving the technical problems of lower efficiency and flexibility in the existing attribute encryption technology and comprises the following implementation steps: (1) initializing system parameters by a parameter generation center; (2) the key generation center obtains an attribute private key pair (sk) of the access member1,sk2) (ii) a (3) Obtaining ciphertext message pair by accessed user (C)0,(C1,C2) ); (4) the key generation center calculates and transmits the entrusted key PXK; (5) the proxy server calculates and transmits the Lagrange coefficient; (6) unrevoked access member pair ciphertext message pair (C)0,(C1,C2) To decrypt the content). In an actual social network, the invention can support a flexible access structure while improving the efficiency of the attribute-based encryption method.
Description
Technical Field
The invention belongs to the technical field of communication, relates to a ciphertext policy attribute encryption method, and particularly relates to a ciphertext policy attribute encryption method supporting attribute revocation in a lattice manner in the technical field of information security.
Background
With the rapid development of communication technology, the level of economy and information globalization is increasing day by day, secure transmission channels and information security become important cornerstones for the development of internet and electronic commerce, and the most basic and core technology in information security is information encryption technology. Modern cryptography mostly uses a public key encryption system to encrypt information, but in the system, distribution and maintenance of a public key certificate need to occupy more resources, management is complex, and overload operation of an authentication server can be caused.
The attribute encryption is divided into an attribute encryption method based on a key strategy and an attribute encryption method based on a ciphertext strategy, wherein the attribute encryption method based on the key strategy has rich access structure, but lacks flexibility and cannot adapt to changeable user attributes in reality, while the attribute encryption method based on the ciphertext strategy has higher flexibility.
Because the traditional ciphertext strategy attribute encryption method cannot resist quantum attack and has larger calculation amount, and the encryption method based on the lattice has higher safety and can also reduce the calculation complexity of the original encryption process, the establishment of the lattice attribute encryption method is very necessary. Although the existing attribute encryption method based on the lattice solves the problems, in a social network, the attribute of an access member changes along with various factors such as time, the existing encryption method can only check and update the private key information of all the access members in real time through a key generation center, so that the calculation amount of the encryption and decryption process is large, particularly when the number of the access members of a system is large, the efficiency of the method is low, and meanwhile, because the access structure is embedded into the member key in the prior art, the attribute information of the access member cannot be specified in the encryption process, and the flexibility is also low.
For example, a patent application with publication number CN105162589A entitled "a lattice-based verifiable attribute encryption method" discloses a lattice-based verifiable attribute encryption method, which realizes operability of a lattice-based attribute encryption scheme, and the method utilizes the problem of difficult vectors on lattices, constructs a lattice-based attribute encryption scheme based on a key policy, and constructs a new dynamic key generation algorithm to generate a key and verification information of the key at the same time, so that a user can verify the credibility of an authority, thereby solving the defect that the existing attribute encryption mechanism is no longer safe under quantum computation, and can supervise the authority to enhance the security of the system, but the method still has the following defects: in practical situations, the identity attribute of the user changes along with time and position, so that the access right of the user changes correspondingly.
Disclosure of Invention
The invention aims to provide a ciphertext policy attribute encryption method supporting attribute revocation in a lattice manner aiming at the defects of the prior art, and is used for solving the technical problems of low efficiency and low flexibility in the prior art.
The technical idea of the invention is as follows: on the basis of the technical basis of the lattice theory, a parameter generation center initializes system parameters and generates a system public key and a master key; the key generation center calculates a private key for each member through the master key of the system and the attribute of the access member; the accessed user encrypts a plaintext through a system public key to generate a ciphertext message pair; the key generation center calculates an entrusted key containing the information of the access member to be revoked; the proxy server is used for calculating the Lagrange coefficient of the random polynomial and the access member attribute in the entrusting key; and the unrevoked access member recovers the private key and decrypts the ciphertext message pair by using the entrusted key.
In order to achieve the above object, the technical solution adopted by the present invention is implemented by an attribute encryption system, which includes a parameter generation center, a proxy server, a key generation center, an accessed user, and an access member including an access member to be revoked and an access member not to be revoked, and specifically implemented steps are:
(1) initializing system parameters by a parameter generation center:
(1a) the parameter generation center is set to contain L attribute elements wiAccessed user attribute set
W'={w1,…,wi,…wLContains t attribute elements wlSet W ═ W of attributes to be revoked1,…,wl,…wtL-t attribute elements wkOf an unrevoked attribute set W0={wt+1,…,wk,…wLContains J attribute elements ajAccess member attribute set a ═ { a ═ a1,…,aj,…,aJIdentification information I of the access member, identification information of the access member to be revokedIdentification information of non-revoked access memberInteger group Z containing q elementsqAt ZqUp-randomly generating L polynomials of order tWherein i is more than 0 and less than or equal to L, L is more than 0 and less than or equal to t, t is more than 0 and less than or equal to L, t is more than k and less than or equal to L, and W' ═ W ^ W0J is more than 0 and less than or equal to J, q is prime number,corresponding attribute element wiY represents a variable;
(1b) setting a safety parameter lambda by a parameter generation center, and generating a random matrix A with the size of n multiplied by m through lambda by adopting an algorithm TrapGen0And passing throughSet of full rank short basesWill be provided withThe MSK is used as a master key of the system, wherein n is more than 2 and less than m;
(1c) the parameter generation center generates a random matrix B of size n m, while for each W of WiGenerating random matrices of size n mAnd A is0B, L random matrixesAs a public key of the systemWherein, the matrix B and the matrixThe value of each element in (a) is a positive integer not exceeding q;
(2) the key generation center obtains an attribute private key pair (sk) of the access member1,sk2):
(2a) Key generation center generates random vector mu ═ mu1,…,μz,…,μn) And for each a in the access member attribute set AjRandomly generating a set of polynomialsAnd P isz'(aj) Constant term P ofz'(0)=μzWherein, muzDenotes the z-th component, P, of the vector muz'(aj) Representing sets of polynomialsZ polynomial of (1 < z < n) ()TRepresenting transpose operationsMaking;
(2b) the key generation center adopts a left sampling algorithm and passes through a master key MSK of the system, a public key pk of the system and a plurality of polynomial sets of JComputing an attribute private key e of an unrevoked access members;
(2c) Key generation center by esAnd any one of wiCorresponding polynomialConstant term ofComputing an attribute private key sk of an access member1,And by accessing the identification information I and I of the membersComputing an attribute private key sk of an access member2,sk1And sk2Attribute private key pair (sk) comprising access members1,sk2);
(3) Obtaining ciphertext message pair by accessed user (C)0,(C1,C2)):
(3a) The accessed user generates an n-dimensional random vector f, an n-dimensional random vector x obeying discrete Gaussian distribution on a grid and L random matrixes with the size of m multiplied by mWhere each dimension component value of f is a positive integer less than q, the matrixThe value of each element is randomly selected from-1 or 1Of (1);
(3b) the accessed user encrypts the plaintext M to obtain a ciphertext message C0And obtaining a ciphertext message C0Auxiliary message pair (C)1,C2),C0And (C)1,C2) Ciphertext message pair (C) forming accessed user0,(C1,C2)):
C1=A0 Tf+x
(4) the key generation center calculates the entrusted key PXK and sends:
the key generation center passes through L polynomialsAnd identification information of members to be revokedCalculates the entrusted key PXK and sends the entrusted key PXK to the proxy server and to the unreleased access member, wherein,
(5) the proxy server calculates the Lagrange coefficient and sends:
the proxy server passes the entrusting secret key PXK, the identification information I of the access member and the identification information of the unrevoked access memberRespectively calculating L polynomialsCorresponding Lagrange coefficientPassing L attribute elements { w ] simultaneously1,…,wi,…wLThe values of these L attribute elements are computed separately for the Lagrangian coefficients { H }1,…,Hi,…,HLAnd will beAnd { H1,…,Hi,…,HLSending to the unreleased access member;
(6) unrevoked access member pair ciphertext message pair (C)0,(C1,C2) To decrypt:
(6a) the unreleased access member passes through PXK,And an attribute private key (sk) of the access member1,sk2) Calculating the private key e of the unrevoked access members:
Wherein the content of the first and second substances,to representAny of the lagrangian coefficients;
(6b) lagrange coefficient { H) of unrevoked access member through L attribute elements1,…,Hi,…,HLAnd the private key e of the unrevoked access membersTo (C)0,(C1,C2) Decryption to obtain decrypted plaintext M':
wherein, omega ═ W' # A, (;) represents the row-wise splicing operation;
(6c) the unrevoked access member calculates the error term r 'of M' and judgesAnd if so, the decryption is successful, namely M' is used as the plaintext M, otherwise, the decryption is failed.
Compared with the prior art, the invention has the following advantages:
1. the invention changes the private key of the access member generated on the basis of the lattice theory by adopting the entrusted key, can revoke the authority of the access member in real time, avoids the defect of large encryption and decryption computation amount caused by the check and update of the private key of the access member through a key generation center in the prior art, and effectively improves the efficiency of attribute encryption.
2. The private key of the access member is calculated through the access member attribute, the identity of the access member can be directly limited, the defect that the prior art cannot adapt to the variable member attribute due to the fact that the access structure is bound with the private key of the access member is overcome, and the flexibility of attribute encryption is effectively improved.
Drawings
FIG. 1 is a schematic diagram of an attribute encryption system employed in the present invention;
fig. 2 is a flow chart of the implementation of the present invention.
Detailed Description
The invention is described in further detail below with reference to the figures and the specific embodiments.
Referring to fig. 1, the attribute encryption system adopted in the present invention includes a parameter generation center, a proxy server, a key generation center, an accessed user, and access members including an access member to be revoked and an access member not to be revoked: the parameter generation center is used for initializing system parameters and generating a system public key and a master key, and the accessed user encrypts a plaintext through the system public key; the proxy server is used for calculating the Lagrange coefficient of the random polynomial and the access member attribute in the entrusting key; the key generation center calculates a private key for each member through the master key of the system and the attributes of the access members, and calculates an entrusting key containing the information of the access members to be revoked; the accessed user encrypts a plaintext through a system public key to generate a ciphertext message pair; the access member to be revoked is the access member needing to be revoked in the method; and the unrevoked access member changes the private key through the entrusted key and decrypts the ciphertext message pair.
Referring to fig. 2, an attribute encryption method for a ciphertext policy supporting attribute revocation includes the following steps:
step 1) parameter generation center initialization system parameters:
step 1a) the parameter generation center is set to contain L attribute elements wiIs accessed as a set of user attributes W ═ W1,…,wi,…wLContains t attribute elements wlSet W ═ W of attributes to be revoked1,…,wl,…wtContains L-t attribute elements wkOf an unrevoked attribute set W0={wt+1,…,wk,…wLAn accessed user attribute set W' is a set W of attributes to be revoked and a set W of attributes not to be revoked0Contains J attribute elements ajAccess member attribute set a ═ { a ═ a1,…,aj,…,aJWherein L is 10, t is 3, J is 5, i is greater than 0 and less than or equal to 10, L is greater than 0 and less than or equal to 3, k is greater than 3 and less than or equal to 10, and J is greater than 0 and less than or equal to 5;
the parameter generation center sets identification information I of the access member, the identification information of the access member to be cancelledIdentification information of non-revoked access memberWherein I represents identification information of all access members,representation and attributes to be revoked wlThe identity of the associated member of access to be revoked,representation and attributes to be revoked wkIdentification of the relevant member to be revoked;
the parameter generation center sets an integer group Z containing q elementsqSetting ZqQ, where q is a large prime number;
center of parameter generation at ZqRandomly generating 10 polynomials of order 3Wherein the polynomial expressionCorresponding attribute element w in accessed user attribute setiY represents a variable, generating a polynomialA Shamir polynomial secret sharing mechanism is applied that divides a secret into d shares to be shared by d access members, each member obtaining one of the d shares after which no d-1 members can deduce the complete secret.
Step 1b) a parameter generation center sets a safety parameter lambda, and generates a matrix A with the size of n multiplied by m through lambda by adopting an algorithm TrapGen0And passing throughSet of full rank short basesWill be provided withAs the master key MSK of the system, the trappen algorithm is as follows:
setting a binary number with a security parameter lambda of 1024 bits, and outputting a matrix A in a probability polynomial time by an algorithm0And integral latticeOf (2) a substrateThen passes through the substrate as the master key MSKCarrying out encryption and decryption, wherein n is more than 2 and less than m, e represents an integer vector with m dimensions, and mod represents a modulus operation;
step 1c) the parameter generation center generates a random matrix B of size n × m, simultaneously for each W in WiGenerating random matrices of size n mAnd A is0B, random matrixAs a public key of the systemWherein, the matrix B and the matrixThe value of each element in (a) is a positive integer not exceeding q;
step 2) the key generation center obtains the attribute private key pair (sk) of the access member1,sk2):
Step 2a) the key generation center generates an n-dimensional random vector mu and accesses each a in the member attribute set AjRandomly generating a polynomial set having n polynomials
Step 2a1) key generation center generates a random vector μ ═ μ (μ ═ m1,…,μz,…,μn) With random vectors mu for assisting in generating polynomial setsWherein each component value of the vector mu is a random number, muzRepresents the z-th component of mu, 1 < z < n;
step 2a2) in order to calculate the private key of the access member by the access member attribute, the key generation center calculates for each a in the access member attribute set AjRandomly generating a set of polynomialsWherein, Pz'(aj) Constant term P ofz'(0)=μz,Pz'(aj) Representing sets of polynomialsZ polynomial of (1) ()TRepresenting a transpose operation;
step 2b) the key generation center adopts a SampleLeft algorithm and passes through the master key MSK of the system, the public key pk of the system and the polynomial setComputing an attribute private key e of an unrevoked access membersThe algorithm SampleLeft is as follows:
where g is a Gaussian parameter, output esStatistically, the vector is close to a Gaussian discrete distribution vector and is used as an attribute private key of an unrevoked access member, and each component value of the vector is a positive integer not exceeding q;
step 2c) Key Generation center bysAnd any one ofA wiCorresponding polynomialConstant term ofComputing an attribute private key sk of an access member1,Enabling private keys e to non-revoked access memberssHiding; for the revocation, by accessing the identification information I of the membersAttribute private key sk of access member for calculating identity information of hidden access member2,sk1And sk2Attribute private key pair (sk) comprising access members1,sk2);
Step 3) the accessed user acquires the ciphertext message pair (C)0,(C1,C2)):
Step 3a) the accessed user generates n-dimensional random vectors f and 10 random matrixes with the size of m multiplied by mAnd an n-dimensional vector x from a discrete Gaussian distribution, where each dimension component value of f is a positive integer less than q, a matrixThe value of each element is randomly selected from-1 or 1, because the encryption scheme on the grid is based on the assumption of the difficulty of the LWE problem, and the error amount in the LWE problem is generally sampled from a Gaussian discrete distribution, so that in order to ensure the correctness in the encryption and decryption process, it is necessary to generate a random vector x on the grid which follows the discrete Gaussian distribution, and the discrete height of the random vector x on the grid is highThe distribution of the Si is:
where c is an n-dimensional vector on the real number set, L' is an n-dimensional lattice, the real number s > 0, ρs,c(x) Is a gaussian function and is calculated as follows:
wherein e is a natural base number, pi is a circumferential rate, and | | represents the square sum of each component of the vector and the root-opening operation;
step 3b), the accessed user passes through the system public key pk, the vector f and the arbitrary attribute element wiCorresponding matrixAnd vector x computing ciphertext message pair (C)0,(C1,C2)):
Step 3b1) the accessed user encrypts the plaintext M to obtain the ciphertext message C0:
step 3b2) accessed user computes ciphertext message C0Auxiliary message pair (C)1,C2):
C1=A0 Tf+x
Step 3b3) visited user C0And (C)1,C2) Form a ciphertext message pair (C)0,(C1,C2));
Step 4), the key generation center calculates the entrusted key PXK and sends:
key generation center pass throughAnd identification information of members to be revokedComputing a proxy key PXK for changing the member private key, and sending the PXK to the proxy server and to the non-revoked access member, wherein,
step 5), the proxy server calculates the Lagrange coefficient and sends:
step 5a) the proxy server passes the entrusted key PXK, the identification information I of the access member and the identification information of the unrevoked access memberAnd identification information of members to be revokedRespectively calculating polynomialsCorresponding Lagrange coefficientThe unrevoked access user restores the private key e through the calculated Lagrangian coefficientsWherein the Lagrange coefficientThe calculation formula of (2) is as follows:
wherein the content of the first and second substances,in order to be a lagrange coefficient,identification information of an unrevoked access member, I identification information of an access member,identification information of the member to be revoked.
Step 5b) proxy Server passing Attribute element { w1,…,wi,…w10The values of which calculate the lagrangian coefficients H for each attribute element, respectively1,…,Hi,…,H10}:
Wherein, wpRepresented in the set W' with WiDifferent attribute elements;
step 6) Un-revoked access member pair ciphertext message pair (C)0,(C1,C2) To decrypt:
step 6a) non-revoked access members are connected via PXK,And an attribute private key (sk) of the access member1,sk2) Computing the private key e of an unrevoked access member by means of a Lagrange's interpolation polynomialsThe attribute of the access member through the entrusted key PXK is realizedPrivate key (sk)1,sk2) And (3) changing:
wherein the content of the first and second substances,to representAny of the lagrangian coefficients;
step 6b) Un-revoked access member passes through { H }1,…,Hi,…,H10And the private key e of the unrevoked access membersTo (C)0,(C1,C2) Decryption to obtain decrypted plaintext M':
wherein, omega ═ W' # A, (;) represents the row-wise splicing operation;
step 6c) calculating an error term r 'of M' by the unrevoked access member, wherein the error term r 'represents the difference between M' and M, and judgingAnd if so, considering M 'to recover M under the condition of ignoring errors, successfully decrypting, and taking M' as a plaintext M, otherwise, failing to decrypt.
Claims (3)
1. A ciphertext strategy attribute encryption method supporting attribute revocation in a lattice manner is characterized by being realized by an attribute encryption system, wherein the system comprises a parameter generation center, a proxy server, a key generation center, an accessed user and access members including access members to be revoked and access members not to be revoked, and the specific realization steps are as follows:
(1) initializing system parameters by a parameter generation center:
(1a) the parameter generation center is set to contain L attribute elements wiIs accessed as a set of user attributes W ═ W1,…,wi,…wLContains t attribute elements wlSet W ═ W of attributes to be revoked1,…,wl,…wtL-t attribute elements wkOf an unrevoked attribute set W0={wt+1,…,wk,…wLContains J attribute elements ajAccess member attribute set a ═ { a ═ a1,…,aj,…,aJIdentification information I of access member, identification information I of member to be revokedwlIdentification information I of unrevoked access memberwkInteger group Z comprising q elementsqAt ZqUp-randomly generating L polynomials of order tWherein i is more than 0 and less than or equal to L, L is more than 0 and less than or equal to t, t is more than 0 and less than or equal to L, t is more than k and less than or equal to L, and W' ═ W ^ W0J is more than 0 and less than or equal to J, q is a large prime number,corresponding attribute element wiY represents a variable;
(1b) setting a safety parameter lambda by a parameter generation center, and generating a random matrix A with the size of n multiplied by m through lambda by adopting an algorithm TrapGen0And passing throughSet of full rank short basesWill be provided withThe MSK is used as a master key of the system, wherein n is more than 2 and less than m;
(1c) the parameter generation center generates a random matrix B of size n m, while for each W of WiGenerating random with size n × mMatrix arrayAnd A is0B, L random matrixesAs a public key of the systemWherein, the matrix B and the matrixThe value of each element in (a) is a positive integer not exceeding q;
(2) the key generation center obtains an attribute private key pair (sk) of the access member1,sk2):
(2a) Key generation center generates random vector mu ═ mu1,…,μz,…,μn) And for each a in the access member attribute set AjRandomly generating a set of polynomialsAnd P isz'(aj) Constant term P ofz'(0)=μzWherein, muzDenotes the z-th component, P, of the vector muz'(aj) Representing sets of polynomialsZ polynomial of (1 < z < n) ()TRepresenting a transpose operation;
(2b) the key generation center adopts a SampleLeft algorithm and passes through a master key MSK of the system, a public key pk of the system and a plurality of polynomial sets of JComputing an attribute private key e of an unrevoked access members;
(2c) Key generation center by esAnd any one ofwiCorresponding polynomialConstant term ofComputing an attribute private key sk of an access member1,And by accessing the identification information I and I of the membersComputing an attribute private key sk of an access member2,sk1And sk2Attribute private key pair (sk) comprising access members1,sk2);
(3) Obtaining ciphertext message pair by accessed user (C)0,(C1,C2)):
(3a) The accessed user generates an n-dimensional random vector f, an n-dimensional random vector x obeying discrete Gaussian distribution on a grid and L random matrixes with the size of m multiplied by mWhere each dimension component value of f is a positive integer less than q, the matrixThe value of each element is randomly selected from-1 or 1;
(3b) the accessed user encrypts the plaintext M to obtain a ciphertext message C0And obtaining a ciphertext message C0Auxiliary message pair (C)1,C2),C0And (C)1,C2) Ciphertext message pair (C) forming accessed user0,(C1,C2)):
C1=A0 Tf+x
(4) the key generation center calculates the entrusted key PXK and sends:
the key generation center passes through L polynomialsAnd identification information of members to be revokedCalculates the entrusted key PXK and sends the entrusted key PXK to the proxy server and to the unreleased access member, wherein,
(5) the proxy server calculates the Lagrange coefficient and sends:
the proxy server passes the entrusting secret key PXK, the identification information I of the access member and the identification information of the unrevoked access memberAnd identification information of t access members to be revokedRespectively calculating L polynomialsCorresponding Lagrange coefficientPassing L attribute elements { w ] simultaneously1,…,wi,…wLThe values of these L attribute elements are computed separately for the Lagrangian coefficients { H }1,…,Hi,…,HLAnd will beAnd { H1,…,Hi,…,HLSending to the unreleased access member;
(6) unrevoked access member pair ciphertext message pair (C)0,(C1,C2) To decrypt:
(6a) the unreleased access member passes through PXK,And an attribute private key (sk) of the access member1,sk2) Calculating the private key e of the unrevoked access members:
Wherein the content of the first and second substances,to representAny of the lagrangian coefficients;
(6b) lagrange coefficient { H) of unrevoked access member through L attribute elements1,…,Hi,…,HLAnd the private key e of the unrevoked access membersTo (C)0,(C1,C2) Decryption to obtain decrypted plaintext M':
wherein, omega ═ W' # A, (;) represents the row-wise splicing operation;
2. The method for encrypting the ciphertext policy attribute according to claim 1, wherein the n-dimensional random vector x obeying discrete gaussian distribution on the lattice in the step (3a) is as follows:
where c is an n-dimensional vector on the real number set, L' is an n-dimensional lattice, the real number s > 0, ρs,c(x) Is a gaussian function and is calculated as follows:
wherein e is a natural base number, pi is a circumferential rate, and | | represents the square sum of each component of the vector and the root-opening operation.
3. The method for encrypting the ciphertext policy attribute according to claim 1, wherein the calculating in step (5) is performedLagrange coefficient ofThe calculation formula is as follows:
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910526965.7A CN110247761B (en) | 2019-06-18 | 2019-06-18 | Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910526965.7A CN110247761B (en) | 2019-06-18 | 2019-06-18 | Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110247761A CN110247761A (en) | 2019-09-17 |
CN110247761B true CN110247761B (en) | 2021-04-20 |
Family
ID=67887763
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910526965.7A Active CN110247761B (en) | 2019-06-18 | 2019-06-18 | Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110247761B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111970106B (en) * | 2020-08-19 | 2021-11-05 | 北京邮电大学 | Short ciphertext attribute-based encryption method and system supporting full homomorphism in lattice |
CN112383550B (en) * | 2020-11-11 | 2022-07-26 | 郑州轻工业大学 | Dynamic authority access control method based on privacy protection |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102546161A (en) * | 2010-12-08 | 2012-07-04 | 索尼公司 | Ciphertext policy based revocable attribute-based encryption method and equipment and system utilizing same |
CN104113408A (en) * | 2014-07-11 | 2014-10-22 | 西安电子科技大学 | Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption |
CN106452735A (en) * | 2016-07-04 | 2017-02-22 | 广东工业大学 | Outsourcing attribute encryption method supporting attribute cancellation |
CN108512662A (en) * | 2018-04-12 | 2018-09-07 | 上海海事大学 | The hiding multimachine structure encryption method of support policy on a kind of lattice |
CN108810004A (en) * | 2018-06-22 | 2018-11-13 | 西安电子科技大学 | More authorization center access control methods, cloud storage system can be revoked based on agency |
CN108880801A (en) * | 2018-07-09 | 2018-11-23 | 西南交通大学 | The distributed nature base encryption method of fine granularity attribute revocation is supported on a kind of lattice |
-
2019
- 2019-06-18 CN CN201910526965.7A patent/CN110247761B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102546161A (en) * | 2010-12-08 | 2012-07-04 | 索尼公司 | Ciphertext policy based revocable attribute-based encryption method and equipment and system utilizing same |
CN104113408A (en) * | 2014-07-11 | 2014-10-22 | 西安电子科技大学 | Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption |
CN106452735A (en) * | 2016-07-04 | 2017-02-22 | 广东工业大学 | Outsourcing attribute encryption method supporting attribute cancellation |
CN108512662A (en) * | 2018-04-12 | 2018-09-07 | 上海海事大学 | The hiding multimachine structure encryption method of support policy on a kind of lattice |
CN108810004A (en) * | 2018-06-22 | 2018-11-13 | 西安电子科技大学 | More authorization center access control methods, cloud storage system can be revoked based on agency |
CN108880801A (en) * | 2018-07-09 | 2018-11-23 | 西南交通大学 | The distributed nature base encryption method of fine granularity attribute revocation is supported on a kind of lattice |
Non-Patent Citations (5)
Title |
---|
"Attribute-Based Encryption with Attribute Revocation and Grant Function Using Proxy Re-encryption and Attribute Key for Updating";Yoshiaki Shiraishi等;《Human-centric Computing and Information Sciences》;20160205;第1-13页 * |
"云存储环境下基于属性的密文策略访问控制机制研究";熊安萍;《中国博士学位论文全文数据库信息科技辑》;20160315;第I137-14页 * |
"外包环境下格上可撤销的属性基加密方案";于金霞等;《计算机科学与探索》;20190612;第244-251页 * |
"边缘计算数据安全与隐私保护研究综述";张佳乐等;《通信学报》;20180325;第39卷(第3期);第1-21页 * |
"隐私保护且支持用户撤销的属性基加密方案";李继国等;《计算机研究与发展》;20151015;第52卷(第10期);第2281-2292页 * |
Also Published As
Publication number | Publication date |
---|---|
CN110247761A (en) | 2019-09-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Fu et al. | NPP: A new privacy-aware public auditing scheme for cloud data sharing with group users | |
US10903991B1 (en) | Systems and methods for generating signatures | |
Perlner et al. | Quantum resistant public key cryptography: a survey | |
CN111342976B (en) | Verifiable ideal on-grid threshold proxy re-encryption method and system | |
US20130191632A1 (en) | System and method for securing private keys issued from distributed private key generator (d-pkg) nodes | |
CN110830236B (en) | Identity-based encryption method based on global hash | |
CN102420691B (en) | Certificate-based forward security signature method and system thereof | |
CN114219483B (en) | Method, equipment and storage medium for sharing block chain data based on LWE-CPBE | |
CN104168114A (en) | Distributed type (k, n) threshold certificate-based encrypting method and system | |
CN106713349B (en) | Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text | |
Xiong et al. | Scalable and forward secure network attestation with privacy-preserving in cloud-assisted internet of things | |
KR20210063378A (en) | Computer-implemented systems and methods that share common secrets | |
CN110247761B (en) | Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner | |
CN110784300B (en) | Secret key synthesis method based on multiplication homomorphic encryption | |
CN117201132A (en) | Multi-committee attribute base encryption method capable of achieving complete decentralization and application of multi-committee attribute base encryption method | |
CN113098681B (en) | Port order enhanced and updatable blinded key management method in cloud storage | |
CN108809996B (en) | Integrity auditing method for duplicate deletion stored data with different popularity | |
CN108763944B (en) | Multi-center large-attribute domain attribute-based encryption method capable of being safely revoked in fog computing | |
CN114095171A (en) | Identity-based wearable proxy re-encryption method | |
Yao et al. | A Collusion‐Resistant Identity‐Based Proxy Reencryption Scheme with Ciphertext Evolution for Secure Cloud Sharing | |
CN115941180A (en) | Key distribution method and system based on post-quantum security and identity identification | |
Zhang et al. | New application of partitioning methodology: identity‐based dual receiver encryption | |
Yang et al. | Efficient certificateless encryption withstanding attacks from malicious KGC without using random oracles | |
CN112733176B (en) | Identification password encryption method based on global hash | |
CN115208656A (en) | Supply chain data sharing method and system based on block chain and authority management |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |