CN110391901B - Proxy re-encryption method supporting complex access control element description - Google Patents

Proxy re-encryption method supporting complex access control element description Download PDF

Info

Publication number
CN110391901B
CN110391901B CN201910602175.2A CN201910602175A CN110391901B CN 110391901 B CN110391901 B CN 110391901B CN 201910602175 A CN201910602175 A CN 201910602175A CN 110391901 B CN110391901 B CN 110391901B
Authority
CN
China
Prior art keywords
encryption
proxy
access control
ciphertext
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910602175.2A
Other languages
Chinese (zh)
Other versions
CN110391901A (en
Inventor
苏铓
连政
汪良辰
付安民
俞研
赵银艳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Science and Technology
Original Assignee
Nanjing University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Science and Technology filed Critical Nanjing University of Science and Technology
Priority to CN201910602175.2A priority Critical patent/CN110391901B/en
Publication of CN110391901A publication Critical patent/CN110391901A/en
Application granted granted Critical
Publication of CN110391901B publication Critical patent/CN110391901B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Abstract

The invention discloses a proxy re-encryption method supporting complex access control element description, which comprises the following steps: establishing a system; creating data; obtaining an access control element; generating proxy re-encryption key parameters; generating described ciphertext data; acquiring ciphertext data; and the user performs re-encryption and decryption on the ciphertext. The invention introduces XML language into the proxy re-encryption scheme for uniform description, and enhances the flexibility and expansibility of the system by a more convenient and faster analysis mode; meanwhile, the consideration of the attribute weight is added in the description process, the further management of the complex access control elements is realized, and the generation efficiency of the re-encryption key is improved.

Description

Proxy re-encryption method supporting complex access control element description
Technical Field
The invention belongs to the field of access control description and authorization management, and particularly relates to a proxy re-encryption method supporting complex access control element description.
Background
With the wide application of the internet and the rapid development of cloud computing, the cloud storage technology also becomes a research hotspot. The most critical point in cloud computing is to protect the security and integrity of cloud data. A large amount of data is stored in the cloud in a ciphertext mode, and on the premise of meeting the requirements of safety and high efficiency, the method has important research value on how to complete ciphertext protection and communication by using a proper access control technology. Meanwhile, the diversified application prospects will lead to continuous innovation of the information technology industry.
Aiming at the safety and integrity problems of cloud data, a ciphertext access control technology is provided, data are encrypted through a specified cipher algorithm and a secret key, and the encrypted data are stored in a cloud server in a ciphertext mode, so that the safety of the cloud data is ensured. In the traditional method, a data owner encrypts data before using cloud service, and rights management is performed by controlling a key of a user. For example, mechanisms such as role-based encryption, identity-based encryption, attribute-based encryption, etc. (ABE) use user role, identity, and attribute as decryption key parameters, respectively. The mechanism such as ABE can ensure the effectiveness of the authorization strategy to a certain extent by combining with the access control model, and the KP-ABE mechanism and the CP-ABE mechanism can support complex strategies, have very wide application prospect in the aspects of fine-grained data sharing and access control, and are suitable for the condition that a decryption party is not fixed. The traditional access control method depends on the structure of the access control tree, and when the system is expanded transversely, each time of node addition or deletion needs to be traversed, so that the flexibility is poor. Especially, the structure of the binary tree needs to be rearranged for the insertion of the nodes, and the expansibility is low, so that the efficiency of the system is difficult to improve.
Disclosure of Invention
The invention aims to provide a proxy re-encryption method supporting complex access control element description.
The technical scheme for realizing the purpose of the invention is as follows: a proxy re-encryption method supporting complex access control element description is realized based on a system model, wherein the system model comprises a key management center, a re-encryption key server and a proxy re-encryption server; the key management center generates a public and private key pair for a user, the re-encryption key server is used for describing the complex access control elements and generating re-encryption key parameters and keys, and the agent re-encryption server is used for completing the operation of agent re-encryption; the method comprises the following steps:
(1) system set-up
Initializing a system, and calling an algorithm Setup to generate public parameter proxy re-encryption related public/private key parameters of the system based on a given parameter k;
(2) data creation
The creator submits a key pair generation request to the key management center, and simultaneously provides parameters for system establishment, the key management center calls an algorithm layer function to generate a public and private key pair for the creator, and a data creator pairThe data is encrypted for the first time, and an algorithm level function is called to generate a ciphertext CAAnd transmitting to the proxy re-encryption server;
(3) access control element acquisition
When a data sharing user accesses ciphertext data, the system acquires related access control elements, uniformly describes the access control elements into a file through an XML language, and generates proxy re-encryption key parameters after analysis;
(4) proxy re-encryption key parameter generation
The system analyzes the XML file, generates related access control elements into a List, gives weight values to the elements in a main attribute set { sub }, thereby generating an access control condition parameter con, and calls an algorithm level function ReKeyGen to generate a re-encryption key;
(5) generating described ciphertext data
Proxy re-encryption server obtaining re-encryption key and ciphertext CACalling an algorithm level function ReEnc to obtain a shared ciphertext C by operationB
(6) Ciphertext data acquisition
The data sharer submits a re-encrypted ciphertext data acquisition request to the proxy re-encryption server, and the proxy re-encryption server acquires the request of the user and provides the user with a shared ciphertext C subjected to proxy re-encryptionB
(7) User carries out re-encryption ciphertext decryption
The legal user uses its own private key and the described ciphertext CBAnd calling an algorithm level function Dec to decrypt the ciphertext to obtain ciphertext data.
Compared with the prior art, the invention has the following remarkable advantages: (1) the user shared data only needs to calculate a first basic ciphertext, and then data re-encryption is carried out by relying on a secret key parameter generated by the cloud server according to the access control element of the sharer, so that the cloud computing overhead of the user is reduced; (2) complex access control elements are uniformly described through an XML language, and the access control structure is more flexible and convenient by means of a uniform form, so that the efficiency of the system is not influenced no matter the system is transversely or longitudinally expanded; meanwhile, the weight is introduced into the main attribute set as a reference value, and corresponding weights are given to different main attributes, so that the process of generating the key parameter has pertinence.
Drawings
FIG. 1 is a schematic diagram of a system model of the present invention.
Fig. 2 is a flow chart of a proxy re-encryption method supporting complex access control element descriptions.
FIG. 3 is a flow chart of data creation and access.
FIG. 4 is a diagram illustrating the structure of an access control element
Fig. 5 is a schematic diagram of re-encryption key parameter generation.
Detailed Description
Aiming at the problems in the prior art, the invention introduces the idea of Proxy Re-Encryption (PRE) into the complex access control, and provides a Proxy Re-Encryption method with cloud supporting the description of complex access control elements. The user shared data only needs to calculate a first basic ciphertext, and then data re-encryption is carried out by relying on a secret key parameter generated by the cloud server according to the access control element of the sharer, so that the cloud computing overhead of the user is reduced; meanwhile, complex access control elements are uniformly described through an XML language, and the access control structure is more flexible and convenient by means of a uniform form, so that the efficiency of the system is not influenced no matter the system is transversely or longitudinally expanded; in addition, the weight is introduced into the main attribute set as a reference value, and corresponding weights are given to different main attributes, so that the process of generating the key parameter is more targeted.
The invention relates to a complex access control element description method based on proxy re-encryption, which is realized based on a system model, as shown in figure 1, wherein the system model comprises a key management center, a re-encryption key server and a proxy re-encryption server;
key Management Center (KMC): and generating a public and private key pair for a user.
Re-encryption key server (REK): the method is used for describing the complex access control element and generating the re-encryption key parameter and the key.
Proxy Re-encryption server (Re-Enc): and finishing the operation of proxy re-encryption.
Data creator a: and creating accessed data M, carrying out security processing such as basic encryption on the accessed data M, and finally sharing the data through the cloud server and managing the access control of the data.
Data sharing user B: and (4) an access application is provided for the message M, and the data is acquired and decrypted through the cloud server, so that the data or service is finally acquired.
The creation and access of data relies on the internet: the data owner A and the sharing user B can be connected to the Internet so as to interact with cloud data servers such as REK, Re-Enc and the like and a KMC trusted server to realize data creation, access and the like.
The data sharer does not transfer and privately stores the authorized data: the sharer acquires and decrypts the parameters through the network when accessing the data, and then does not perform local storage and authorization of the data.
The KMC, the data owner and the data sharing user are trusted, the KMC is responsible for generating public parameters and a public and private key pair, and the data owner is a creator of basic ciphertext; the REK and Re-Enc semi-trusted server is responsible for generating Re-encrypted keys, generating Re-encrypted ciphertexts and the like, and the part can faithfully implement data cipher text Re-encryption and has the possibility of revealing user data and mining user privacy.
As shown in fig. 2, the method of the present invention mainly comprises the following steps:
(1) system set-up
And (4) initializing the system, and calling an algorithm Setup to generate a system public parameter and proxy to re-encrypt related public/private key parameters based on a given parameter k.
(2) Data creation
The creator submits a key pair generation request to the KMC, and simultaneously provides parameters for system establishment, the KMC calls an algorithm level function to generate a public and private key pair for the creator, the data creator encrypts the data for the first time, and the algorithm level function is called to generate a ciphertext CAAnd transmitted to the Re-Enc server.
(3) Access control element acquisition
When a data sharing user accesses ciphertext data, a system acquires related access control elements and uniformly describes the access control elements into a file through an XML language, the structure is divided into a main body, an object and a behavior, the main body is used for describing basic characteristics of the user, the object is used for limiting the elements of the main body, and the behavior is used for controlling user operation; and generating proxy re-encryption key parameters after analysis.
(4) Proxy re-encryption key parameter generation
The system analyzes the XML file, generates the related access control elements into List, and endows the elements given in the main attribute set { sub } with weight values, thereby generating access control condition parameters con, and calls an algorithm level function ReKeyGen to generate a re-encryption key.
(5) Generating described ciphertext data
Re-Enc server obtains Re-encryption key and ciphertext CACalling an algorithm level function ReEnc to obtain a shared ciphertext C by operationB
(6) Ciphertext data acquisition
The data sharer submits a Re-encrypted ciphertext data acquisition request to the Re-Enc server, and the Re-Enc provides the shared ciphertext C subjected to proxy Re-encryption for the Re-Enc after acquiring the request of the userB
(7) User carries out re-encryption ciphertext decryption
The legal user uses its own private key and the described ciphertext CBAnd calling an algorithm level function Dec to decrypt the ciphertext to obtain ciphertext data.
The algorithm function corresponding to the steps of the method is as follows:
(1) establishing parameters: setup (k) → prama
Setup (k) → prama, selecting a prime number k of length q, and grouping
Figure BDA00021196303400000511
Are multiplication loop groups of g, U
Figure BDA0002119630340000051
Is generated by a hash function set H1,H2,H3,H4,H5Wherein, in the step (A),
Figure BDA0002119630340000052
Figure BDA0002119630340000053
Zqis an integer cyclic group of modulo q,
Figure BDA0002119630340000054
representing an existing set of residual coefficients modulo q, q being a natural number;
Figure BDA0002119630340000055
and
Figure BDA0002119630340000056
all represent multiplication loop groups
Figure BDA0002119630340000057
The selected generator is raised to the power. Disclosure of parameters
Figure BDA0002119630340000058
(2) Generating a basic key: KeyGen (param) → (sk)A,pkA)
KeyGen(param)→(skA,pkA) Selecting
Figure BDA0002119630340000059
Sk is thenA=a,pkA=gaIn the same way, there is skB=b,pkB=gb.
(3) Encryption for the first time: enc (M, pk)A)→CA
User A uses its own public key pkAEncrypting plaintext information M, selecting
Figure BDA00021196303400000510
Then C isA=(c1,c2,c3,c4) Wherein, the step of mixing the raw materials,
c1=gr
c2=gu
c3=u+r·H2(c1,c2);
Figure BDA0002119630340000061
(4) generating a re-encryption key parameter con:
rekeyparam (xmlfile) → con, the access control elements are described in xml language after being acquired, and the file is analyzed to obtain List { { sub, obj, act } { { sub { (sub)i},{objj},{actk}};1≤i,j,k≤n;
For n elements in the subject attribute set sub in the List, each element corresponds to its weight
Figure BDA0002119630340000062
And construct a function
Figure BDA0002119630340000063
Then
Figure BDA0002119630340000064
Selecting
Figure BDA0002119630340000065
Calculating subi=H2(u,H1Sub) to generate a proxy re-encryption key parameter con f (sub)i)。
(5) Proxy re-encryption key generation:
Figure BDA0002119630340000066
selecting
Figure BDA0002119630340000067
Then Y is equal to gy
Let U1=UconThen there is
Figure BDA0002119630340000068
z2=y-skA·z1
Thus generating a re-encryption key by the A-to-B agent
Figure BDA0002119630340000069
(6) Proxy re-encryption:
Figure BDA00021196303400000610
encrypted proxy pair ciphertext CAPerform re-encryption to generate a skBDecrypted ciphertext CB=(c′1,c'2,c'3,c'4) If, if
Figure BDA00021196303400000611
Calculating as follows, otherwise, feeding back information with wrong integrity; wherein the content of the first and second substances,
Figure BDA00021196303400000612
Figure BDA00021196303400000613
Figure BDA00021196303400000614
c′4=c4
(7) and (3) decryption:
Dec(skB,CBcon) → M, the user B decrypts the re-encrypted ciphertext to obtain the plaintext M.
If it is
Figure BDA0002119630340000071
Then the following calculation is made, otherwise the feedback information integrity isAn error;
the sub attribute set in con has n elements, order
Figure BDA0002119630340000072
To all subi=H2(ui,H1(List. sub)). epsilon.S, and calculating
Figure BDA0002119630340000073
Calculate c ″)1And c ″)2Value of (A)
Figure BDA0002119630340000074
Computing
Figure BDA0002119630340000076
Then the plaintext is output
Figure BDA0002119630340000075
The following describes 2 embodiments of the re-encryption key parameter generation in the user data creation, data access and process to illustrate specific steps and algorithm usage.
Example 1
As shown in the left part of fig. 3, user a is the user for creating data.
(1) A, establishing a system, and calling an algorithm Setup to generate a system public parameter agent to re-encrypt related public/private key parameters;
(2) a submits a key pair generation request to the KMC and provides a parameter K for system establishment, and the KMC calls an algorithm level function KeyGen to generate a public and private key pair (sk) for AA,pkA);
(3) A, encrypting plaintext data M for the first time, and calling an algorithm level function Enc to generate a ciphertext CAAnd transmitting the data to a Re-Enc server;
(4) and the user A creates a data ciphertext and simultaneously sends a data related access control strategy (the strategy content: the user role B can perform related access on sensitive data in a Department of Department before 2019-12-31) to the REK, so that subsequent operations such as data access, proxy re-encryption and the like are facilitated, and data creation is completed.
Example 2
Data access procedure, as in the right part of fig. 3:
(1) assuming a user B data sharer, B submits a Re-encrypted ciphertext data acquisition request to Re-Enc;
(2) the REK acquires the access control element of the B, manages the access authority, and generates a re-encryption key for a legal data access user if the access control element is the legal data access user;
the specific process comprises the following steps:
after the access control elements of B are acquired, unified description, analytic extraction and weight addition are carried out.
a. Performing unified description on the complex access control elements of the B through XML to generate an XML file, wherein the structure of the XML file is divided into a subject, an object and a behavior, and the subject is used for describing basic characteristics of a user, such as a user name Bob, a Department, a role Manager and the like; the object is used for limiting the subject element and comprises an access validity period and access times, for example, before the role validity period of the user B is 2019-12-31; the behavior is used for controlling the operation of the user B, including downloading, uploading, updating, deleting and the like; referring to fig. 4, if user B accesses sensitive data of the information department, the main element of user B must be Manager of the information department, and the user B can legally access the data before 12/31/2019.
b. Subject description details see fig. 5, structure of objects and behaviors with reference to subject description, parsing the file into a List that can be used to generate proxy re-encryption key argumentsBAnd adding weight to the main element;
c. calling an algorithm level function ReKeyParam to generate a parameter conB
(3) Re-Enc acquisition of rkA→BCalling the algorithm level function ReEnc, operation CBAnd provides B with ciphertext C after proxy re-encryptionB
(4) Obtaining ciphertext CBThereafter, user B uses his private key skBInvoking the Dec function Dec to decrypt CBAnd plaintext data M is acquired.

Claims (6)

1. A proxy re-encryption method supporting complex access control element description is characterized in that the method is realized based on a system model, wherein the system model comprises a key management center, a re-encryption key server and a proxy re-encryption server; the key management center generates a public and private key pair for a user, the re-encryption key server is used for describing the complex access control elements and generating re-encryption key parameters and keys, and the agent re-encryption server is used for completing the operation of agent re-encryption; the method comprises the following steps:
(1) system set-up
Initializing a system, and calling an algorithm Setup to generate public parameter proxy re-encryption related public/private key parameters of the system based on a given parameter k;
(2) data creation
The creator submits a key pair generation request to a key management center, and simultaneously provides parameters for system establishment, the key management center calls an algorithm level function to generate a public and private key pair for the creator, the data creator encrypts data for the first time, and the algorithm level function is called to generate a ciphertext CAAnd transmitting to the proxy re-encryption server;
(3) access control element acquisition
When a data sharing user accesses ciphertext data, the system acquires related access control elements, uniformly describes the access control elements into a file through an XML language, and generates proxy re-encryption key parameters after analysis;
(4) proxy re-encryption key parameter generation
The system analyzes the XML file, generates related access control elements into a List, gives weight values to the elements in a main attribute set { sub }, thereby generating an access control condition parameter con, and calls an algorithm level function ReKeyGen to generate a re-encryption key;
(5) generating described ciphertext data
Proxy re-encryption server obtaining re-encryption key and ciphertext CACalling an algorithm level function ReEnc to obtain a shared secret by operationCharacter CB
(6) Ciphertext data acquisition
The data sharer submits a re-encrypted ciphertext data acquisition request to the proxy re-encryption server, and the proxy re-encryption server acquires the request of the user and provides the user with a shared ciphertext C subjected to proxy re-encryptionB
(7) User carries out re-encryption ciphertext decryption
The legal user uses its own private key and the described ciphertext CBAnd calling an algorithm level function Dec to decrypt the ciphertext to obtain ciphertext data.
2. The proxy re-encryption method supporting complex access control element description according to claim 1, wherein the public/private key parameter generation method is:
establishing parameters: setup (k) → prama
Setup (k) → prama, selecting a prime number k of length q, and grouping
Figure FDA0002119630330000021
Are multiplication loop groups of g, U
Figure FDA0002119630330000022
Is generated by a hash function set H1,H2,H3,H4,H5Wherein H is1:{0,1}*→{0,1}l,H2:
Figure FDA0002119630330000023
H3:
Figure FDA0002119630330000024
H4:
Figure FDA0002119630330000025
H5:
Figure FDA0002119630330000026
ZqIs a dieA cyclic group of integers of q is represented by,
Figure FDA0002119630330000027
representing an existing set of residual coefficients modulo q, q being a natural number;
Figure FDA0002119630330000028
and
Figure FDA0002119630330000029
all represent multiplication loop groups
Figure FDA00021196303300000214
The selected generation element power; disclosure of parameters
Figure FDA00021196303300000210
3. The proxy re-encryption method supporting complex access control element description according to claim 1, characterized in that the specific process of data creation is as follows:
generating a basic key: KeyGen (param) → (sk)A,pkA)
KeyGen(param)→(skA,pkA) Selecting the first group of the first,
Figure FDA00021196303300000211
sk is thenA=a,pkA=gaIn the same way, there is skB=b,pkB=gb.
Encryption for the first time: enc (M, pk)A)→CA
User A uses its own public key pkAThe plaintext information M is encrypted, r is selected,
Figure FDA00021196303300000212
then C isA=(c1,c2,c3,c4) (ii) a Wherein the content of the first and second substances,
c1=gr
c2=gu
c3=u+r·H2(c1,c2);
Figure FDA00021196303300000213
4. the proxy re-encryption method supporting complex access control element description according to claim 1, wherein the access control element obtaining and proxy re-encryption key parameter generating processes are as follows:
generating a re-encryption key parameter con:
rekeyparam (xmlfile) → con, the access control elements are described in xml language after being acquired, and the file is analyzed to obtain List { { sub, obj, act } { { sub { (sub)i},{objj},{actk}};1≤i,j,k≤n;
For n elements in the subject attribute set sub in the List, each element corresponds to its weight
Figure FDA0002119630330000031
And construct a function
Figure FDA0002119630330000032
Then
Figure FDA0002119630330000033
Selecting
Figure FDA0002119630330000034
Calculating subi=H2(u,H1Sub) to generate a proxy re-encryption key parameter con f (sub)i);
Proxy re-encryption key generation:
Figure FDA0002119630330000035
selecting
Figure FDA0002119630330000036
Then Y is equal to gy
Let U1=UconThen there is
Figure FDA0002119630330000037
z2=y-skA·z1
Thus generating a re-encryption key by the A-to-B agent
Figure FDA0002119630330000038
5. The proxy re-encryption method supporting complex access control element description according to claim 1, wherein the ciphertext data is generated by:
Figure FDA0002119630330000039
encrypted proxy pair ciphertext CAPerform re-encryption to generate a skBDecrypted ciphertext CB=(c′1,c′2,c′3,c′4) (ii) a If it is
Figure FDA00021196303300000310
Calculating as follows, otherwise, feeding back information with wrong integrity; wherein the content of the first and second substances,
Figure FDA00021196303300000311
Figure FDA00021196303300000312
Figure FDA00021196303300000313
c′4=c4
6. the proxy re-encryption method supporting complex access control element description according to claim 1, characterized in that the method for re-encrypting ciphertext and decrypting is as follows:
Dec(skB,CBcon) → M, the user B decrypts the re-encrypted ciphertext to obtain a plaintext M;
if it is
Figure FDA0002119630330000041
Calculating as follows, otherwise, feeding back information with wrong integrity;
the sub attribute set in con has n elements, order
Figure FDA0002119630330000042
To all subi=H2(ui,H1(List. sub)). epsilon.S, and calculating
Figure FDA0002119630330000043
Calculate c ″)1And c ″)2Value of (A)
Figure FDA0002119630330000044
Computing
Figure FDA0002119630330000045
Then the plaintext is output
Figure FDA0002119630330000046
CN201910602175.2A 2019-07-05 2019-07-05 Proxy re-encryption method supporting complex access control element description Active CN110391901B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910602175.2A CN110391901B (en) 2019-07-05 2019-07-05 Proxy re-encryption method supporting complex access control element description

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910602175.2A CN110391901B (en) 2019-07-05 2019-07-05 Proxy re-encryption method supporting complex access control element description

Publications (2)

Publication Number Publication Date
CN110391901A CN110391901A (en) 2019-10-29
CN110391901B true CN110391901B (en) 2021-09-21

Family

ID=68286252

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910602175.2A Active CN110391901B (en) 2019-07-05 2019-07-05 Proxy re-encryption method supporting complex access control element description

Country Status (1)

Country Link
CN (1) CN110391901B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115225364B (en) * 2022-07-15 2023-11-17 中国科学技术大学 Efficient dynamic access control method and system for cloud encrypted data

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106612175A (en) * 2016-08-25 2017-05-03 四川用联信息技术有限公司 Proxy re-encryption algorithm for multi-element access control in mobile cloud
CN106789058A (en) * 2016-12-09 2017-05-31 南京理工大学 One kind acts on behalf of re-encryption arthmetic statement and analytic method
CN108600217A (en) * 2018-04-23 2018-09-28 南京理工大学 A kind of data grant certainty update method of the high in the clouds based on proxy re-encryption
CN109660555A (en) * 2019-01-09 2019-04-19 上海交通大学 Content safety sharing method and system based on proxy re-encryption

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2645618A1 (en) * 2012-03-30 2013-10-02 British Telecommunications Public Limited Company Method and system for network data access

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106612175A (en) * 2016-08-25 2017-05-03 四川用联信息技术有限公司 Proxy re-encryption algorithm for multi-element access control in mobile cloud
CN106789058A (en) * 2016-12-09 2017-05-31 南京理工大学 One kind acts on behalf of re-encryption arthmetic statement and analytic method
CN108600217A (en) * 2018-04-23 2018-09-28 南京理工大学 A kind of data grant certainty update method of the high in the clouds based on proxy re-encryption
CN109660555A (en) * 2019-01-09 2019-04-19 上海交通大学 Content safety sharing method and system based on proxy re-encryption

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于代理重加密的云端多要素访问控制方案;苏铓等;《通信学报》;20180225;第39卷(第02期);99-101 *

Also Published As

Publication number Publication date
CN110391901A (en) 2019-10-29

Similar Documents

Publication Publication Date Title
CN108600217B (en) Cloud-based data authorization certainty updating method based on proxy re-encryption
CN109040045B (en) Cloud storage access control method based on ciphertext policy attribute-based encryption
Wang et al. Sieve: Cryptographically enforced access control for user data in untrusted clouds
CN104486315B (en) A kind of revocable key outsourcing decryption method based on contents attribute
Kumar et al. Secure storage and access of data in cloud computing
CN103763319B (en) Method for safely sharing mobile cloud storage light-level data
CN106375346B (en) Data guard method based on condition broadcast agent re-encryption under a kind of cloud environment
CN108111540B (en) Hierarchical access control system and method supporting data sharing in cloud storage
CN104158880B (en) User-end cloud data sharing solution
CN102655508A (en) Method for protecting privacy data of users in cloud environment
Jin et al. A secure and lightweight data access control scheme for mobile cloud computing
Xu et al. Multi-authority proxy re-encryption based on CPABE for cloud storage systems
CN113411323B (en) Medical record data access control system and method based on attribute encryption
Ming et al. Efficient revocable multi-authority attribute-based encryption for cloud storage
Shen et al. Keyword search with access control over encrypted cloud data
CN107181584A (en) Asymmetric complete homomorphic cryptography and its replacement of keys and ciphertext complete a business transaction method
CN105915333B (en) A kind of efficient key distribution method based on encryption attribute
CN114513327B (en) Block chain-based Internet of things private data rapid sharing method
CN104468496A (en) Method, information service system and program for information encryption/decryption
CN106612175A (en) Proxy re-encryption algorithm for multi-element access control in mobile cloud
CN114697042A (en) Block chain-based Internet of things security data sharing proxy re-encryption method
Sun et al. Webcloud: web-based cloud storage for secure data sharing across platforms
CN114095171A (en) Identity-based wearable proxy re-encryption method
CN111953487B (en) Key management system
CN110391901B (en) Proxy re-encryption method supporting complex access control element description

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant