CN113489591A - Traceable comparison attribute encryption method based on multiple authorization centers - Google Patents

Traceable comparison attribute encryption method based on multiple authorization centers Download PDF

Info

Publication number
CN113489591A
CN113489591A CN202110624902.2A CN202110624902A CN113489591A CN 113489591 A CN113489591 A CN 113489591A CN 202110624902 A CN202110624902 A CN 202110624902A CN 113489591 A CN113489591 A CN 113489591A
Authority
CN
China
Prior art keywords
user
key
attribute
data
authorization center
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110624902.2A
Other languages
Chinese (zh)
Other versions
CN113489591B (en
Inventor
孟倩
梁焯阳
陈克非
沈忠华
王付群
张仁军
胡宸
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Normal University
Original Assignee
Hangzhou Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Normal University filed Critical Hangzhou Normal University
Priority to CN202110624902.2A priority Critical patent/CN113489591B/en
Publication of CN113489591A publication Critical patent/CN113489591A/en
Application granted granted Critical
Publication of CN113489591B publication Critical patent/CN113489591B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • H04L9/0836Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a traceable comparison attribute encryption method based on multiple authorization centers, which overcomes the problems of high cost and single-point performance bottleneck of a single central authorization center along with data increase in the prior art, and comprises the following steps: s1, initializing the system; s2, encrypting the data; s3, user verification and final data generation; s4, decrypting the data; and S5, tracking. The invention provides an effective method of 0 code and 1 code, which can make the comparable attributes be used for random comparison, and the method is suitable for an ABE system, averagely reduces half of the expanded storage cost, greatly reduces the cost calculation amount of encryption and decryption, adopts a central authorization center and an attribute authorization center, reduces the burden of the central authorization center, accelerates the identity verification and the secret key generation of a user, avoids the single-point performance bottleneck, and adds a tracking mechanism so as to supervise the attribute authorization center.

Description

Traceable comparison attribute encryption method based on multiple authorization centers
Technical Field
The invention relates to the technical field of cryptography, in particular to a traceable comparison attribute encryption method based on multiple authorization centers.
Background
ATTRIBUTE-BASED encryption (ABE) is a popular research topic in the field of cryptography in recent years. It provides a flexible way to perform fine-grained access control, and can flexibly manage the association between ciphertexts and the effective security keys of users. Thus ABE is applicable in many situations such as cloud computing, cloud medical services, social networking, and the like.
There are two different implementations of ABE, key policy attribute based encryption (KP-ABE) and ciphertext policy attribute based encryption (CP-ABE). The main difference between these two categories is the method of embedding the access policy. In KP-ABE, the access policy is embedded in the user's security key, and the ciphertext is associated with several attributes. And in contrast, the access policy of the CP-ABE is embedded into the corresponding ciphertext, and the user key is associated with the attribute. Both methods use the same rule: successful decryption is possible if and only if the attributes of an entity satisfy the access policy of an element.
In the current ABE system, the comparison of the attributes of the security key and the ciphertext is not flexible enough in practical application, and is difficult to be applied in practical application. There are always some attributes in the access policy that are represented as a range of values, such as: "{ age >18 }". Like the range values of such attributes, it is not comparable using the boolean function. Since the results of comparisons between "{ age ═ 20 }" and "{ age >18 }" with boolean functions are not in agreement. One simple way to handle comparable attributes in current ABEs is to use all allowed attribute values to represent a range, i.e., to change the range values to a union, such as: "V" { age ═ 19} "V" { age ═ 20} "V. But this approach increases linearly with increasing data overhead.
Bethencourt et al made preliminary attempts to solve the above-mentioned problems. Their solution is to divide these numerical attributes into several sub-attributes in bits to solve this problem. However, the mechanism for designing the numerical comparison strategy is too complex, and the most fundamental problem is that the overhead is still relatively high.
Furthermore, most existing ABE systems are designed around a central authority, in which case a central authority needs to perform time-consuming user authentication and key distribution. This also results in a single central authority becoming a single point performance bottleneck, e.g., inefficiency, etc., for a large-scale distributed cloud system. Cloud services will also be affected if this central authority is broken or offline.
Disclosure of Invention
The invention aims to overcome the problem of high cost along with data increase in the prior art, provides a traceable comparative attribute encryption method based on multiple authorization centers, provides a hierarchical authorization center structure, comprises a central authorization center and a plurality of independent attribute authorization centers, and solves the problem of high calculation cost caused by performance bottleneck, namely certificate authentication of authorized users and distribution of keys to the authorization centers, of the traditional single authorization center based on an attribute ciphertext retrieval algorithm.
A second object of the present invention is to solve the problem of single-point performance bottleneck of a single central authority, allowing not only an arbitrary attribute authority to perform a part of key generation operations, but also the central authority to perform final key generation, and allowing the central authority to track a malicious attribute authority.
In order to achieve the purpose, the invention adopts the following technical scheme:
a traceable comparison attribute encryption method based on multiple authorization centers comprises the following steps:
s1, initializing the system;
s2, encrypting the data;
s3, user verification and final data generation;
s4, decrypting the data;
and S5, tracking.
The data owner encrypts the data and well establishes an access strategy, for the compared attributes in the model essay strategy, a 0 code and a 1 code are used for expanding an attribute set, then an access decision is established, the encrypted data and the access decision tree are uploaded to a cloud server by the data owner, and each user can obtain a unique identifier Uid from a central authorization center. In order to generate a final key for each user, the central authorization center and the attribute authorization center selected by the user cooperate, authorized users firstly obtain certificates from the central authorization center and submit the certificates to the selected attribute authorization center, then the attribute authorization center verifies the legality of the user certificates and generates intermediate keys for the user certificates according to the attribute set of the users, finally the central authorization center generates the final keys for the users by using the intermediate keys generated by the attribute authorization center, the users can download ciphertext data interested by the users from the cloud server, and the users can decrypt the ciphertext data only when the key attributes in the users are matched with the access decision tree.
In the system model of the scheme, five entities are involved: a Central Authority (CA), an Attribute Authority (AAs), a user (data user, DU), a Data Owner (DO), and a Cloud Service Provider (CSP).
CA: the CA is a key generation management center of the system. Unique identifications are generated for AAs and DUs, as well as their certificates. And generates a final key for the DU after receiving the intermediate key from the AA authentication DU. In addition, the CA may track malicious AAs of intermediate keys generated for suspect DUs.
AA: each AA has sufficient storage and computing power to authenticate any user independently. The AA will perform its certificate validation based on the properties submitted by the DU and generate the corresponding intermediate key on behalf of the CA. It is worth mentioning that: the purpose of introducing multiple AAs is to alleviate the burdensome task of CA certificate validation and key generation, further reducing the possibility of a single point of performance bottleneck.
CSP: the CSP has a huge storage space and a strong computing power, and can provide data storage and information retrieval services for the DU and the DO, respectively.
DO: the DO formulates an access policy for its data and encrypts the file according to the defined policy. And sends the encrypted whole data and the encrypted symmetric key to the CSP. So as to share its data with multiple DUs and can significantly reduce the local storage and computational burden.
DU: the DU gets a unique identity from the CA and has itself a set of attributes related to the information. The DU will select any one of the AAs for authentication of the identity information, and after authentication of the AA, the CA generates a final key associated with its set of attributes. The DU can obtain the encrypted data of interest from the CSP. The user can decrypt the encrypted data if and only if the set of properties of the DU satisfies the access policy embedded in the encrypted data.
Preferably, the S1 includes the following contents:
the central authority selects two multiplication cyclic groups G and G with the same prime orderpWherein the parameter G is the generator of G, and a binary mapping e is defined on G, G → GpThen the central authorization center randomly selects a, b, alpha, beta epsilon Zp *As master key, also for each attribute Atti(i ═ 1, 2.., V) randomly generates a public key Q1,Q2,...,QV
Is provided with H (0,1)*→ G is a hash function, mapping any binary string to the random element of G;
the published public key is as follows:
PK=Gp,G,H,g,gα,h=gβ,e(g,g)α,Q1,Q2,...,QV
the master key is as follows:
MSK=a,b,α,β,gα
the master key will be hidden inside the system.
Preferably, the S1 further includes the following contents:
the central authorization center is also responsible for registering each attribute authorization center and the user;
first, the central authority generates a pair of keys (sk)CA,vkCA) For signing and verifying, wherein vkCAIs open, and may be made known to every entity in the system;
during registration, each attribute authority sends a registration request to the central authority, and for each legal attribute authority, the central authority assigns a unique identifier Aid ∈ Zp *Then randomly selecting a private key kAid∈Zp *And calculates its corresponding public key PKAid=gkAid
The central authority will then generate a certificate containing the public key PKAidCertificate of (Cert)AidAnd compares it with the corresponding private key kAidSending the data together to an attribute authorization center with an identity Aid;
in addition, each user needs to obtain own Uid and private key k from a central authorization centerUidAnd certificate CertUid。
Preferably, the S2 includes the following steps:
s21, encrypting the data;
and S22, constructing a strategy tree T.
Preferably, the S21 includes the following contents:
the data owner completes the encryption of the data by himself;
to improve system performance, the data owner selects a random number K ∈ GpAs symmetric key, s is from Zp *Encrypting the plaintext data M by using a symmetric encryption algorithm;
the encrypted data is recorded as
Figure BDA0003101815840000041
C=hs
Figure BDA0003101815840000042
Preferably, the S22 includes the following contents:
all nodes of the policy tree T are assigned a secret number from the root R to the leaf nodes, with the following rules:
the root R is given a secret s corresponding to C generated in the previous step;
for being assigned a secret spP with a threshold of kpThe algorithm randomly generates a polynomial qpIt contains the following three characters:
polynomial qpThe number of times of (d) must be satisfiedp=kp-1;
The values of this polynomial are: q. q.sp(0)=sp(ii) a This property associates the polynomial with the secret of the corresponding node x;
each having a value q of different index zp(z) each child node assigned to p;
for leaf node P, it has been assigned a secret spAnd represents an attribute AttiCalculating CAtti'=gsp
CAtti"=H(y)sp,y∈X1
The ciphertext is as follows:
Figure BDA0003101815840000043
preferably, the S3 includes the following steps:
S31、Uj→AAi: when having the unique identifier UidjUser U ofjWhen sending out an application for obtaining the secret key, the user selects a legal attribute authorization center with a unique identifier Aid through a certain scheduling algorithm, and sends a certificate CertUidjAnd some can display UjA proof of the owned property set;
S32、AAi→ CA: the user authentication process may be designed to be manual or AAiAn authentication protocol executed;
after the user identity authentication is successful, the AAiObtaining the current time point as a threshold TS, and calculating t1=H1(UidjTS 0) and t2=H1(UidjTS 1) and generates an intermediate key
Figure BDA0003101815840000054
The method comprises the following specific steps:
Figure BDA0003101815840000051
will be provided with
Figure BDA0003101815840000055
The generated intermediate secret key is sent to a central authorization center;
S33、CA→AAi→Uj: central authority receiving AAiAfter the intermediate key according to AAiAid ofiTo obtain the corresponding storage public key
Figure BDA0003101815840000056
Then the central authority checks whether the time interval Tt of the transmission delay is within the allowed time interval range;
assuming that the current time is T ', if T' -TS > Tt, the central authority will stop executing and send a request-denied message to the AAi
If T' -TS < Tt, the central authority recalculates T1=H1(UidjTS 0) and t2=H1(UidjTS 1), ensure t1And t2Are not reused by the same user;
this step can prevent collusion attack of the attribute authority; then the central authorization center generates a final secret key for the user and returns the final secret key to the user through the attribute authorization center;
the final key (FUSK) is specified as follows:
Figure BDA0003101815840000052
wherein
Figure BDA0003101815840000057
x belongs to Att; mu and r are two types of security parameters, not known to the user, ryRepresenting different r-class parameters.
Preferably, the S4 includes the following steps:
s41, obtaining a secret S corresponding to the root of the access policy tree T;
the access decision tree is processed as follows:
for any X2One of the attributes is matched with the attribute represented by the leaf node in the access decision tree, the corresponding attribute is set as y, and the secret value is set as sx(ii) a The algorithm is as follows:
Figure BDA0003101815840000053
for a non-leaf node p, if there is no less than k in its children nodespPasses the decryption algorithm, the set of decrypted child nodes is denoted SpThe following algorithm continues to be executed:
Figure BDA0003101815840000061
in the above formula
Figure BDA0003101815840000062
Sx,zDenotes an S without z elementpSet, this equation will return TRUE because the nodes are in the same polynomial and sxIs the secret value of this polynomial;
when the root node returns a true value, we get S ═ e (g, g)μ·sAs input parameters for the second step;
s42, decrypting the data content by using the reconstructed S;
the algorithm is as follows:
Figure BDA0003101815840000063
extended attribute set X only when user2When the access policy tree T is matched with the user, the user can decrypt the data by using the security key; otherwise, the user cannot decrypt the ciphertext even if downloading all the ciphertexts from the cloud server.
Preferably, the S5 includes the following contents:
after the attribute authorization center successfully verifies the identity of the user, an intermediate secret key is generated and sent to the central authorization center, and after the central authorization center receives the intermediate secret key, the identity of the user is not verified secondarily, but a final secret key is directly issued;
the system also comprises a tracking mechanism which is executed periodically so as to supervise the attribute authorization center; the tracking mechanism is specifically as follows:
when the central authority starts to track, in order to confirm the key ownership of the user, the central authority enforces that the suspicious user U is requiredjSubmitting L, K', TS in the final secret key, randomly selecting x from the attributes of suspicious users, and calculating t by the central authorization center1=H1(Uidj||TS||0)、t2=H1(UidjTS 1) and Kx'=Qx αt2·g-b(t1+t2)Then, it is verified whether the following equation holds:
e(Qx,L)=e(g,K'Kx')
if the equation is established, continuing to execute the next step; what is next to be confirmed is which AA replaces the suspect UjGenerating an intermediate key;
the CA uses the master key MSK to recover the public key corresponding to a particular AA as follows:
PK'=(L·g-αt2)1/βt1=gkAidiβt1/βt1=gkAidi
CA searches for AA using PK' as an index;
if a unique identifier is AidiAA of (A)iHaving a public key equal to PK', it means that AAiMaliciously or erroneously verifying the UjThe validity of (2); the discovered malicious property rights issuer should be penalized.
Since the attribute authority is an incompletely trusted authority and user validity verification is performed manually, the attribute authority may maliciously or erroneously generate intermediate keys for unverified attribute sets. Furthermore, a malicious user will attempt any possible method to obtain the key associated with a particular set of attributes to obtain data access rights. Under this assumption, the user often has some abnormal behavior. In order to prevent the above situation, it is necessary to add a tracking mechanism, which is periodically executed to supervise the attribute authority.
Therefore, the invention has the following beneficial effects:
1. an efficient method of 0 coding and 1 coding is proposed, so that comparable attributes can be used for arbitrary comparison, and the method is suitable for ABE system;
2. a lightweight and efficient CABE structure is provided; compared with other related schemes, the structure reduces the expanded storage cost by half on average, and greatly reduces the cost calculation amount of encryption and decryption;
3. in the scheme, a central authorization center and an attribute authorization center are adopted, so that the burden of the central authorization center is reduced, the authentication of a user and the generation of a secret key are accelerated, and the single-point performance bottleneck is avoided;
4. a tracking mechanism is added to supervise the attribute authority.
Drawings
Fig. 1 is a system model diagram of the present embodiment.
Fig. 2 is an access policy model of embodiment 2.
Detailed Description
The invention is further described with reference to the following detailed description and accompanying drawings.
Example 1:
the embodiment provides a traceable comparison attribute encryption method based on multiple authorization centers, as shown in fig. 1, the following system model is adopted, and the method mainly involves five entities: a Central Authority (CA), an Attribute Authority (AAs), a user (data user, DU), a Data Owner (DO), and a Cloud Service Provider (CSP).
CA: the CA is a key generation management center of the system. Unique identifications are generated for AAs and DUs, as well as their certificates. And generates a final key for the DU after receiving the intermediate key from the AA authentication DU. In addition, the CA may track malicious AAs of intermediate keys generated for suspect DUs.
AA: each AA has sufficient storage and computing power to authenticate any user independently. The AA will perform its certificate validation based on the properties submitted by the DU and generate the corresponding intermediate key on behalf of the CA. It is worth mentioning that: the purpose of introducing multiple AAs is to alleviate the burdensome task of CA certificate validation and key generation, further reducing the possibility of a single point of performance bottleneck.
CSP: the CSP has a huge storage space and a strong computing power, and can provide data storage and information retrieval services for the DU and the DO, respectively.
DO: the DO formulates an access policy for its data and encrypts the file according to the defined policy. And sends the encrypted whole data and the encrypted symmetric key to the CSP. So as to share its data with multiple DUs and can significantly reduce the local storage and computational burden.
DU: the DU gets a unique identity from the CA and has itself a set of attributes related to the information. The DU will select any one of the AAs for authentication of the identity information, and after authentication of the AA, the CA generates a final key associated with its set of attributes. The DU can obtain the encrypted data of interest from the CSP. The user can decrypt the encrypted data if and only if the set of properties of the DU satisfies the access policy embedded in the encrypted data.
The embodiment comprises the following steps:
s1, initializing the system;
CA selects two multiplication cycle groups G and G with the same prime orderp(the parameter G is the generator of G) and defines a binary mapping e on G: G → GpThen CA randomly selects a, b, alpha, beta epsilon Zp *As master key, also for each attribute Atti(i=1,2, V) randomly generating a public key Q1,Q2,...,QV. Then, let H (0,1)*→ G is a hash function that maps an arbitrary binary string to a random element of G. The published public key is as follows:
PK=Gp,G,H,g,gα,h=gβ,e(g,g)α,Q1,Q2,...,QV
the master key is as follows:
MSK=a,b,α,β,gα
the master key will be hidden inside the system and not available to other entities.
The CA also has to do the registration responsible for AAs and users. First, the CA generates a pair of keys (sk)CA,vkCA) For signing and verifying, wherein vkCAIs disclosed and may be made known to each entity in the system. During registration, each AA sends a registration request to the CA. For each legal AA, the CA will assign a uniquely identified Aid ∈ Zp *Then randomly selecting a private key kAid∈Zp *And calculates its corresponding public key PKAid=gkAid. The CA will then generate a key PK containing the public keyAidCertificate of (Cert)AidAnd compares it with the corresponding private key kAidSent together to the AA with the identity Aid. In addition, each user needs to obtain own Uid and private key k from CAUidAnd certificate CertUid
S2, encrypting the data;
in order to implement data sharing of the DO under the access policy T, the following two steps must be done: 1. encrypting the data; 2. and constructing a strategy tree T.
In the first step, the DO itself completes the encryption of the data. To improve system performance, DO chooses a random number K ∈ GpAs symmetric key, s is from Zp *The plaintext data M is encrypted using a symmetric encryption algorithm. The encrypted data is recorded as
Figure BDA0003101815840000091
C=hs
Figure BDA0003101815840000092
In the second step, all nodes of T are allocated with a secret number from the root R to the leaf node, and the rule is as follows:
the root R is given a secret s corresponding to C generated in the previous step. For being assigned a secret spIs a non-leaf node p (including R) with a threshold value kpThe algorithm randomly generates a polynomial qpIt contains the following three characters:
polynomial qpThe number of times of (d) must be satisfiedp=kp-1
The values of this polynomial are: q. q.sp(0)=sp. This property associates the polynomial with the secret of the corresponding node x.
Each having a value q of different index zp(z) is assigned to each child node of p.
For leaf node P, it has been assigned a secret spAnd represents an attribute AttiCalculating CAtti'=gsp,CAtti"=H(y)sp,y∈X1
The ciphertext is as follows:
Figure BDA0003101815840000093
s3, user verification and final data generation;
this process involves the designated user, the selected AA and CA. The method comprises the following 3 steps:
Uj→AAi: when having the unique identifier UidjUser U ofjWhen sending out an application for obtaining a secret key, a user selects a legal AA with a unique identifier Aid through a certain scheduling algorithm and sends a certificate CertUidjAnd some can display UjProof of the owned property set.
(2)AAi→ CA: the user authentication process may be designed to be manual orIs AAiThe authentication protocol executed. After the user identity authentication is successful, the AAiObtaining the current time point as a threshold TS, and calculating t1=H1(UidjTS 0) and t2=H1(UidjTS 1) and generates an intermediate key
Figure BDA0003101815840000095
The method comprises the following specific steps:
Figure BDA0003101815840000094
will be provided with
Figure BDA0003101815840000096
The generated intermediate key is issued to the CA.
CA→AAi→Uj: CA receiving AAiAfter the intermediate key according to AAiAid ofiTo obtain the corresponding storage public key PKAidi. The CA then checks whether the time interval Tt of the transmission delay is within the allowed time interval. Assuming that the current time is T ', if T' -TS > Tt, the CA will stop executing and send a reject request message to the AAi. If T' -TS < Tt, CA recalculates T1=H1(UidjTS 0) and t2=H1(UidjTS 1), ensure t1And t2Not reused by the same user. This step can prevent collusion attack by AA. The CA then generates a final key for the user and returns it to the user via the AA. The final key (FUSK) is specified as follows:
Figure BDA0003101815840000101
wherein
Figure BDA0003101815840000106
x belongs to Att; mu and r are two types of security parameters, not known to the user, ryRepresenting different r-class parameters.
S4, decrypting the data;
the decryption operation is also divided into two steps, the first step being aimed at obtaining the secret s corresponding to the secret hidden in the root of the access decision tree T; and secondly, decrypting the data content by using the reconstructed s.
In the first step, the access decision tree is processed as follows:
for any X2One of the attributes is matched with the attribute represented by the leaf node in the access decision tree, the corresponding attribute is set as y, and the secret value is set as sx. The algorithm is as follows:
Figure BDA0003101815840000102
for a non-leaf node p, if there is no less than k in its children nodespPasses the decryption algorithm, the set of decrypted child nodes is denoted SpThe following algorithm continues to be executed:
Figure BDA0003101815840000103
in the above formula
Figure BDA0003101815840000104
Sx,zDenotes an S without z elementpSet, this equation will return TRUE because the nodes are in the same polynomial and sxIs the secret value of this polynomial.
When the root node returns a true value, we get S ═ e (g, g)μ·sAs input parameters for the second step. In the second step, the algorithm is as follows:
Figure BDA0003101815840000105
extended attribute set X only when user2When matching with the access policy tree T, the user can decrypt the number using the security keyAccordingly. Otherwise, the user cannot decrypt the ciphertext even if downloading all the ciphertexts from the cloud server.
S5, tracking;
after the AA successfully verifies the identity of the user, an intermediate key is generated and sent to the CA. After receiving the intermediate key, the CA does not perform secondary authentication of the user's identity, but directly issues the final key to the CA. Since the AA is an incompletely trusted authority and user validation is performed manually, the AAs may maliciously or erroneously generate intermediate keys for an unverified set of attributes. Furthermore, a malicious user will attempt any possible method to obtain the key associated with a particular set of attributes to obtain data access rights. Under this assumption, the user often has some abnormal behavior. To prevent this, it is necessary to add a tracking mechanism, which is periodically executed to supervise the AA. The tracking mechanism is specifically as follows:
when the CA starts to track, in order to confirm the key ownership of the user, the CA compels the suspicious user UjSubmitting L, K', TS in the final secret key, randomly selecting x ∈ Att in the attribute of the suspicious user, and then, calculating t by CA1=H1(Uidj||TS||0)、t2=H1(UidjTS 1) and Kx'=Qx αt2·g-b(t1+t2)Then, it is verified whether the following equation holds: e (Q)x,L)=e(g,K'Kx')
If the equation is true, the next step is continued. What is next to be confirmed is which AA replaces the suspect UjAn intermediate key is generated. The CA uses the master key MSK to recover the public key corresponding to a particular AA as follows:
PK'=(L·g-αt2)1/βt1=gkAidiβt1/βt1=gkAidi
the CA uses PK' as an index to search for AA. If a unique identifier is AidiAA of (A)iHaving a public key equal to PK', it means that AAiMaliciously or erroneously verifying the UjThe validity of (2). Malicious AA discovered should be punished.
Example 2:
as shown in fig. 2, the structure of the access policy model of this embodiment is an access policy tree.
In the access policy of CP-ABE/KP-ABE there are always some attributes represented as a range of values, for example: "{ age >18 }". Like the range values of such attributes, it is not comparable using the boolean function. Since the results of comparisons between "{ age ═ 20 }" and "{ age >18 }" with boolean functions are not in agreement. Unless the range values are changed to a union, such as: "V" { age ═ 19} "V" { age ═ 20} "V. But this approach increases linearly with increasing data overhead.
Our scheme uses 0-coding and 1-coding for such range value attributes. We assume an n-bit binary number x.
x=x1x2...xn∈{0,1}n
And (3) coding: convert x into a set if xi(i.ltoreq.n) is equal to 0, xiConvert to 1 and take the number of the first i bits as one element.
Xx 0={x1x2...xi-11|xi=0,1≤i≤n}
1, encoding: convert x into a set if xi(i.ltoreq.n) is equal to 1, the number of the first i bits being taken as one element.
Xx 1={x1x2...xi|xi=1,1≤i≤n}
For comparison of sizes, assuming two n-bit binary numbers y and z, y is coded with 1 to convert to Xy 1Conversion of z to X by 0 codingz 0. If X isy 1And Xz 0The intersection set of y is not an empty set, so that y can be judged>z. In turn, Xy 0And Xz1The intersection of (A) is an empty set, and y can be judged out in the same way>z. The formula is as follows:
Figure BDA0003101815840000121
Figure BDA0003101815840000122
as a specific example, assume that there are two 4-bit binary numbers y equal to 11 (1011)2) And z is 6 (0110)2) Their 0 code and 1 code are as follows.
Xy 0={11} Xy 1={1,101,1011}
Xz 0={1,0111} Xz 1={01,011}
Because of the fact that
Figure BDA0003101815840000123
So y>z, true result is met.
Let attribute set Att ═ Att1,Att2,...,AttvWhen ati(i 1, 2.., V.) indicates a range value, if Atti> e, extend this attribute to Setie0(Atti,e)={(Atti||">e"||c)|c∈Xei 0}; if it is Atti< e, extend this attribute to Setie1(Atti,e)={(Atti||"<e"||c)|c∈Xei 1}; these two combinations are called extended set X1. If it is AttiExtend this attribute into two sets Setie0(Atti,e)={(Atti||">e"||c)|c∈Xei 0And Setie1(Atti,e)={(Atti||"<e"||c)|c∈Xei 1This is called an extended set X2
In general, the scoped attribute of an access policy will be extended to X1The user's attribute will be extended to X2. The attribute values herein all refer to comparable numerical types, not including character types.
In FIG. 2, the nodes of the tree are represented by "circles", and the circle with "A" represents an attribute; the circle with "OR" represents an exclusive OR gate. Each triangle represents someA subtree consisting of nodes, a 'threshold gate' consists of a plurality of non-leaf nodes; the "0 coding sub-tree" and the "1 coding sub-tree" are respectively single-layer sub-trees composed of an exclusive-or gate and leaf nodes, and the leaf nodes respectively represent Setie0(AttiE) or Setie1(AttiAnd e) elements of (a).
Each non-leaf node of the access policy tree T actually represents a threshold based on its number of child nodes and the threshold of the sharing policy. Such as: for a non-sub-leaf node x, if its sharing policy is (t, n), its number of sub-nodes is n, and t represents its threshold. If t is 1, the threshold is an "OR" gate, AND if t is n, the threshold is an "AND" gate.
The above embodiments are described in detail for the purpose of further illustrating the present invention and should not be construed as limiting the scope of the present invention, and the skilled engineer can make insubstantial modifications and variations of the present invention based on the above disclosure.

Claims (9)

1. A traceable comparison attribute encryption method based on multiple authorization centers is characterized by comprising the following steps:
s1, initializing the system;
s2, encrypting the data;
s3, user verification and final data generation;
s4, decrypting the data;
and S5, tracking.
2. The method of claim 1, wherein said S1 comprises the following contents:
the central authority selects two multiplication cyclic groups G and G with the same prime orderpWherein the parameter G is the generator of G, and a binary mapping e is defined on G, G → GpThen the central authority randomly selects
Figure FDA0003101815830000011
As master key, also for each attribute Atti(i ═ 1, 2.., V) randomly generates a public key Q1,Q2,...,QV
Is provided with H (0,1)*→ G is a hash function, mapping any binary string to the random element of G;
the published public key is as follows:
PK=Gp,G,H,g,gα,h=gβ,e(g,g)α,Q1,Q2,...,QV
the master key is as follows:
MSK=a,b,α,β,gα
the master key will be hidden inside the system.
3. The method of claim 2, wherein said S1 further comprises the following steps:
the central authorization center is also responsible for registering each attribute authorization center and the user;
first, the central authority generates a pair of keys (sk)CA,vkCA) For signing and verifying, wherein vkCAIs open, and may be made known to every entity in the system;
during registration, each attribute authority sends a registration request to the central authority, and for each legal attribute authority, the central authority assigns a unique identifier Aid ∈ Zp *Then randomly selecting a private key kAid∈Zp *And calculates its corresponding public key PKAid=gkAid
The central authority will then generate a certificate containing the public key PKAidCertificate of (Cert)AidAnd compares it with the corresponding private key kAidSending the data together to an attribute authorization center with an identity Aid;
in addition, each user needs to obtain own Uid and private key k from a central authorization centerUidAnd certificate CertUid
4. The method of claim 1, wherein said S2 comprises the following steps:
s21, encrypting the data;
and S22, constructing a strategy tree T.
5. The method of claim 4, wherein said S21 comprises the following contents:
the data owner completes the encryption of the data by himself;
to improve system performance, the data owner selects a random number K ∈ GpAs symmetric key, s is from Zp *Encrypting the plaintext data M by using a symmetric encryption algorithm;
the encrypted data is recorded as
Figure FDA0003101815830000021
C=hs
Figure FDA0003101815830000024
6. The method of claim 4, wherein said S22 comprises the following contents:
all nodes of the policy tree T are assigned a secret number from the root R to the leaf nodes, with the following rules:
the root R is given a secret s corresponding to C generated in the previous step;
for being assigned a secret spP with a threshold of kpThe algorithm randomly generates a polynomial qp that contains the following three characters:
polynomial qpThe number of times of (d) must be satisfiedp=kp-1;
The values of this polynomial are: q. q.sp(0)=sp(ii) a This property associates the polynomial with the secret of the corresponding node x;
each having a value q of different index zp(z) each child node assigned to p;
for leaf node P, it has been assigned a secret spAnd represents an attribute AttiCalculating CAtti'=gsp,CAtti"=H(y)sp,y∈X1
The ciphertext is as follows:
Figure FDA0003101815830000023
7. the method of claim 1, wherein said S3 comprises the following steps:
S31、Uj→AAi: when having the unique identifier UidjUser U ofjWhen sending out an application for obtaining the secret key, the user selects a legal attribute authorization center with a unique identifier Aid through a certain scheduling algorithm, and sends a certificate CertUidjAnd some can display UjA proof of the owned property set;
S32、AAi→ CA: the user authentication process may be designed to be manual or AAiAn authentication protocol executed;
after the user identity authentication is successful, the AAiObtaining the current time point as a threshold TS, and calculating t1=H1(UidjTS 0) and t2=H1(UidjTS 1) and generates an intermediate key ICAidi,UidjThe method comprises the following steps:
Figure FDA0003101815830000031
will { Uidj,Aidi,Att,ICAidi,UidjTS, sending the generated intermediate secret key to a central authorization center;
S33、CA→AAi→Uj: central authority receiving AAiAfter the intermediate key according to AAiAid ofiTo obtain the corresponding storage public key PKAidi
Then the central authority checks whether the time interval Tt of the transmission delay is within the allowed time interval range;
assuming that the current time is T ', if T' -TS > Tt, the central authority will stop executing and send a request-denied message to the AAi
If T' -TS < Tt, the central authority recalculates T1=H1(UidjTS 0) and t2=H1(UidjTS 1), ensure t1And t2Are not reused by the same user;
this step can prevent collusion attack of the attribute authority; then the central authorization center generates a final secret key for the user and returns the final secret key to the user through the attribute authorization center;
the final key (FUSK) is specified as follows:
Figure FDA0003101815830000032
wherein L ═ P (PK)Aidi)βt1gαt2=(gkAidi)βt1gαt2,K'=Qx kAidiβt1·gb(t1+t2)X ∈ Att; mu and r are two types of security parameters, not known to the user, ryRepresenting different r-class parameters.
8. The method of claim 1, wherein said S4 comprises the following steps:
s41, obtaining a secret S corresponding to the root of the access policy tree T;
the access decision tree is processed as follows:
for any X2One of the attributes is matched with the attribute represented by the leaf node in the access decision tree, the corresponding attribute is set as y, and the secret value is set as sx(ii) a The algorithm is as follows:
Figure FDA0003101815830000041
for a non-leaf node p, if there is no less than k in its children nodespPasses the decryption algorithm, the set of decrypted child nodes is denoted SpThe following algorithm continues to be executed:
Figure FDA0003101815830000042
in the above formula
Figure FDA0003101815830000043
Sx,zDenotes an S without z elementpSet, this equation will return TRUE because the nodes are in the same polynomial and sxIs the secret value of this polynomial;
when the root node returns a true value, we get S ═ e (g, g)μ·sAs input parameters for the second step;
s42, decrypting the data content by using the reconstructed S;
the algorithm is as follows:
Figure FDA0003101815830000044
extended attribute set X only when user2When the access policy tree T is matched with the user, the user can decrypt the data by using the security key; otherwise, the user cannot decrypt the ciphertext even if downloading all the ciphertexts from the cloud server.
9. The method of claim 1, wherein said S5 comprises the following contents:
after the attribute authorization center successfully verifies the identity of the user, an intermediate secret key is generated and sent to the central authorization center, and after the central authorization center receives the intermediate secret key, the identity of the user is not verified secondarily, but a final secret key is directly issued;
the system also comprises a tracking mechanism which is executed periodically so as to supervise the attribute authorization center; the tracking mechanism is specifically as follows:
when the central authority starts to track, in order to confirm the key ownership of the user, the central authority enforces that the suspicious user U is requiredjSubmitting L, K', TS in the final secret key, randomly selecting x from the attributes of suspicious users, and calculating t by the central authorization center1=H1(Uidj||TS||0)、t2=H1(UidjTS 1) and Kx'=Qx αt2·g-b(t1+t2)Then, it is verified whether the following equation holds:
e(Qx,L)=e(g,K'Kx')
if the equation is established, continuing to execute the next step; what is next to be confirmed is which AA replaces the suspect UjGenerating an intermediate key;
the CA uses the master key MSK to recover the public key corresponding to a particular AA as follows:
PK'=(L·g-αt2)1/βt1=gkAidiβt1/βt1=gkAidi
CA searches for AA using PK' as an index;
if a unique identifier is AidiAA of (A)iHaving a public key equal to PK', it means that AAiMaliciously or erroneously verifying the UjThe validity of (2); the discovered malicious property rights issuer should be penalized.
CN202110624902.2A 2021-06-04 2021-06-04 Traceable comparison attribute encryption method based on multiple authorization centers Active CN113489591B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110624902.2A CN113489591B (en) 2021-06-04 2021-06-04 Traceable comparison attribute encryption method based on multiple authorization centers

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110624902.2A CN113489591B (en) 2021-06-04 2021-06-04 Traceable comparison attribute encryption method based on multiple authorization centers

Publications (2)

Publication Number Publication Date
CN113489591A true CN113489591A (en) 2021-10-08
CN113489591B CN113489591B (en) 2023-09-12

Family

ID=77934717

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110624902.2A Active CN113489591B (en) 2021-06-04 2021-06-04 Traceable comparison attribute encryption method based on multiple authorization centers

Country Status (1)

Country Link
CN (1) CN113489591B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114430321A (en) * 2022-04-07 2022-05-03 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) DFA self-adaptive security-based black box traceable key attribute encryption method and device
CN114629640A (en) * 2022-03-10 2022-06-14 东南大学 White-box accountable attribute-based encryption system and method for solving key escrow problem
CN115001730A (en) * 2022-03-02 2022-09-02 上海交通大学 Role attribute-based access control system and method in distributed scene

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012039244A (en) * 2010-08-04 2012-02-23 Nippon Hoso Kyokai <Nhk> Content server, content receiver, attribute key issue server, user key issue server, access control system, content distribution program, and content reception program
CN103401839A (en) * 2013-07-02 2013-11-20 河海大学 Attribute protection based multiple authorization center encryption method
CN106549758A (en) * 2016-12-09 2017-03-29 四川师范大学 Support the encryption method based on attribute of non-monotonic access structure
CN110830473A (en) * 2019-11-08 2020-02-21 浙江工业大学 Multi-authorization access control system and method based on attribute encryption

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012039244A (en) * 2010-08-04 2012-02-23 Nippon Hoso Kyokai <Nhk> Content server, content receiver, attribute key issue server, user key issue server, access control system, content distribution program, and content reception program
CN103401839A (en) * 2013-07-02 2013-11-20 河海大学 Attribute protection based multiple authorization center encryption method
CN106549758A (en) * 2016-12-09 2017-03-29 四川师范大学 Support the encryption method based on attribute of non-monotonic access structure
CN110830473A (en) * 2019-11-08 2020-02-21 浙江工业大学 Multi-authorization access control system and method based on attribute encryption

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
徐洁如;陈克非;沈忠华;徐晓栋;刘艳;: "改进的基于证书条件代理重加密方案", 密码学报, no. 04 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115001730A (en) * 2022-03-02 2022-09-02 上海交通大学 Role attribute-based access control system and method in distributed scene
CN115001730B (en) * 2022-03-02 2023-09-05 上海交通大学 Access control system and method based on role attribute in distributed scene
CN114629640A (en) * 2022-03-10 2022-06-14 东南大学 White-box accountable attribute-based encryption system and method for solving key escrow problem
CN114629640B (en) * 2022-03-10 2024-01-09 东南大学 White box disciplinable attribute-based encryption system and method for solving key escrow problem
CN114430321A (en) * 2022-04-07 2022-05-03 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) DFA self-adaptive security-based black box traceable key attribute encryption method and device

Also Published As

Publication number Publication date
CN113489591B (en) 2023-09-12

Similar Documents

Publication Publication Date Title
CN112019591B (en) Cloud data sharing method based on block chain
Xu et al. Secure fine-grained access control and data sharing for dynamic groups in the cloud
CN109257184B (en) Linkable ring signature method based on anonymous broadcast encryption
JP5130318B2 (en) Certificate-based encryption and public key structure infrastructure
CN113489591B (en) Traceable comparison attribute encryption method based on multiple authorization centers
CN114039790B (en) Fine-grained cloud storage security access control method based on blockchain
WO2021022246A1 (en) Systems and methods for generating signatures
CN111130757A (en) Multi-cloud CP-ABE access control method based on block chain
Tian et al. Policy-based chameleon hash for blockchain rewriting with black-box accountability
CN110933033B (en) Cross-domain access control method for multiple Internet of things domains in smart city environment
Xu et al. Multi-authority proxy re-encryption based on CPABE for cloud storage systems
CN113111373A (en) Random number generation method of VBFT (visual basic FT) consensus mechanism and consensus mechanism system
CN111147460A (en) Block chain-based cooperative fine-grained access control method
Lai et al. Identity-based encryption secure against selective opening chosen-ciphertext attack
CN114362940B (en) Server-free asynchronous federation learning method for protecting data privacy
CN110035067B (en) Attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage
CN113905047A (en) Space crowdsourcing task allocation privacy protection method and system
CN109819323B (en) Video content access method in mixed cloud system
CN115426136B (en) Cross-domain access control method and system based on block chain
Zhao et al. A verifiable hidden policy CP‐ABE with decryption testing scheme and its application in VANET
Tiwari et al. SecCloudSharing: Secure data sharing in public cloud using ciphertext‐policy attribute‐based proxy re‐encryption with revocation
CN114978533A (en) Verifiable security aggregation method based on weighted layered asynchronous federated learning
Tian et al. Accountable fine-grained blockchain rewriting in the permissionless setting
CN116599659B (en) Certificate-free identity authentication and key negotiation method and system
CN111245613B (en) Identity-based three-level key negotiation method for in-vehicle and out-vehicle networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant