CN113918981A - Attribute-based encryption method and system - Google Patents

Abstract

The invention discloses an attribute-based encryption method and system, wherein a shared file is encrypted before file sharing, and the encryption mode relates to an attribute set corresponding to a user allowed to access the shared file, so that the aim of successfully decrypting a ciphertext only by the user allowed to access the shared file is realized, and the risk of information leakage is greatly reduced.

Description

Attribute-based encryption method and system

Technical Field

The invention relates to the field of information encryption, in particular to an encryption method and system based on attributes.

Background

With the rapid development and the constant popularization of the internet, more and more sensitive information is stored and shared on third-party sites (such as cloud storage) of the internet. At present, the sensitive information is not stored on the cloud storage in an encrypted form, so that the risk of sensitive information leakage is faced, and the security threat caused by the information leakage is increased continuously.

Therefore, how to provide a scheme for encrypting sensitive information before sharing is a problem that needs to be solved by those skilled in the art.

Disclosure of Invention

The invention aims to provide an attribute-based encryption method and system, wherein a shared file is encrypted before file sharing, and the encryption mode relates to an attribute set corresponding to a user allowed to access the shared file, so that only the user allowed to access the shared file can successfully decrypt a ciphertext, and the risk of information leakage is greatly reduced.

In order to solve the above technical problem, the present invention provides an attribute-based encryption method, including:

registering identity information of a user and a corresponding attribute set thereof by using an identity providing module in advance;

acquiring an attribute set corresponding to a user allowed to access the shared file from the identity providing module, combining the acquired attribute sets to obtain an authorized attribute set, and establishing an access control matrix matched with the authorized attribute set;

requesting a symmetric key and asymmetric keys which are in one-to-one correspondence with the attributes in the authorization attribute set from a key management module based on the file identification of the shared file and the authorization attribute set;

receiving the public key set of the symmetric key and the asymmetric key returned by the key management module, encrypting the shared file by using the symmetric key to obtain a file ciphertext, and performing attribute-based encryption on the symmetric key based on the access control matrix and the public key set to obtain an attribute ciphertext;

and combining the access control matrix, the file ciphertext and the attribute ciphertext to obtain an attribute encrypted ciphertext, and uploading the attribute encrypted ciphertext to a cloud storage module, so that the cloud storage module only allows a user matched with the access control matrix to read and decrypt the attribute encrypted ciphertext to obtain the shared file.

Optionally, the generating, by the key management module, a symmetric key and an asymmetric key corresponding to each attribute in the authorization attribute set one to one based on the file identifier of the shared file and the authorization attribute set includes:

according to global parametersSetting Global parameter setting by a setting function Global Setup (lambda) → GP, and obtaining a Global parameter GP = { g = { (g)₁,G,G_T,Z_pQ, p, H }; wherein, the global parameter GP is provided for all users; λ is a safety parameter; h denotes a hash function with the mapping function H: {0,1}^*→ G; g is a bilinear group with an order of q; g₁∈G；G_TA multiplication loop group with an order of q; z_pIs an integer cyclic group with the order of p;

according to the key generation function GkeyGen (ID, S, GP, pk)_u) → PK, SK, SK generates a symmetric key SK and an asymmetric key (PK, SK) corresponding to each attribute in the authorization attribute set one by one, so as to make the public key set of the symmetric key and the asymmetric key pass through the public key PK of the owner of the shared file_uReturning after encryption; wherein, ID is the file identification; s is the set of authorization attributes; PK is the public key of the asymmetric key,

(ii) a e is a bilinear map: g → G_T(ii) a SK is private key of the asymmetric key, SK = &

,y_i}；

,y_iIs a random number, and is a random number,

,y_i∈Z_p(ii) a And i is the ith attribute corresponding to the access control matrix, and has K attributes, i belongs to {1,2,3, …, K }.

Optionally, receiving the public key set of the symmetric key and the asymmetric key returned by the key management module, encrypting the shared file by using the symmetric key to obtain a file ciphertext, and performing attribute-based encryption on the symmetric key based on the access control matrix and the public key set to obtain an attribute ciphertext, where the method includes:

decrypting a ciphertext returned by the key management module based on a private key of an owner of the shared file to obtain the symmetric key sk and a public key set { PK } of the asymmetric key;

encrypting the shared file by using the symmetric key sk to obtain a file ciphertext C₁；

Performing attribute-based encryption on the symmetric key sk based on the access control matrix A and the public key set { PK } to obtain an attribute ciphertext CT = { C =₂,C₃,C₄,C₅}; a is a K multiplied by L matrix, K is the row number of the matrix A, and L is the column number of the matrix A;

；

all of C_3,iComposition C₃；

All of C_4,iComposition C₄；

All of C_5,iComposition C₅；s₁Is a random number, s₁∈Z_p；λ_i=A_i×v；A_iRow i of A; v is a random vector, v is belonged to Z_P ^L(ii) a The first element of v is s₁And the other elements are random numbers; r is_iIs a random number, r_i∈Z_p(ii) a P is an attribute mapping function for associating attributes with rows of the matrix a.

Optionally, combining the access control matrix, the file ciphertext, and the attribute ciphertext to obtain an attribute encrypted ciphertext, includes:

based on the access control matrix A and the file ciphertext C₁And obtaining an attribute encrypted ciphertext C = { ID, A, rho, C by using the attribute ciphertext CT₁CT, sign }; wherein sign is a digital signature.

Optionally, reading the attribute encryption ciphertext from the cloud storage module, including:

when a data user accesses the cloud storage module, obtaining a target attribute set corresponding to the data user from the identity providing module based on identity information of the data user;

acquiring an access control matrix in the attribute encryption ciphertext, and judging whether the target attribute set is matched with the access control matrix;

if so, allowing the cloud storage module to send the attribute encryption ciphertext to the data user;

and if not, the cloud storage module is not allowed to send the attribute encryption ciphertext to the data user.

Optionally, the decryption process of the attribute encrypted ciphertext includes:

when the data user accesses the key management module by using the attribute ciphertext, obtaining a target attribute set corresponding to the data user from the identity providing module by using the key management module, and determining a target private key set corresponding to the target attribute set according to the target attribute set and the file identifier;

and decrypting the symmetric key based on the target private key set and the attribute ciphertext, encrypting the decrypted symmetric key by the public key of the data user, and sending the encrypted symmetric key to the data user, so that the data user decrypts by using the private key of the data user to obtain the symmetric key, and decrypts the file ciphertext by using the symmetric key to obtain the shared file.

Optionally, decrypting the symmetric key based on the target private key set and the attribute ciphertext includes:

evaluating a function from a derived private key

Deriving a derived private key set K_id(ii) a Wherein, K_x,idA derived private key corresponding to the xth attribute of the target attribute set; what is needed isThe target attribute set has a total of K₁An attribute, x ∈ {1,2,3, …, K₁}; id is the user id of the data user;

evaluating a function from data

Computing

(ii) a Wherein ρ (x) denotes mapping the attribute x to the ρ (x) th row of the access control matrix A;

in that

Lower calculation constant c_xAccording to

Computing

(ii) a Wherein the content of the first and second substances,

，

is a positive integer;

according to a decryption function

And decrypting the symmetric key to obtain the symmetric key sk.

Optionally, the attribute-based encryption method further includes:

determining whether a user allowed to access the shared file has changed;

and if so, re-entering the steps of acquiring the attribute set corresponding to the user allowed to access the shared file from the identity providing module, combining the acquired attribute sets to obtain an authorized attribute set, and establishing an access control matrix matched with the authorized attribute set.

Optionally, the attribute-based encryption method further includes:

and when the target user loses the access right of the shared file, setting the asymmetric key corresponding to the attribute set of the target user in the key management module to be invalid so that the target user does not have the right to access the attribute encryption ciphertext.

In order to solve the above technical problem, the present invention further provides an attribute-based encryption system, including:

the identity providing module is used for registering identity information of the user and a corresponding attribute set;

the data owner is used for acquiring the attribute set corresponding to the user allowed to access the shared file from the identity providing module, combining the acquired attribute sets to obtain an authorized attribute set and establishing an access control matrix matched with the authorized attribute set; requesting a symmetric key and asymmetric keys which are in one-to-one correspondence with the attributes in the authorization attribute set from a key management module based on the file identification of the shared file and the authorization attribute set; receiving the public key set of the symmetric key and the asymmetric key returned by the key management module, encrypting the shared file by using the symmetric key to obtain a file ciphertext, and performing attribute-based encryption on the symmetric key based on the access control matrix and the public key set to obtain an attribute ciphertext; combining the access control matrix, the file ciphertext and the attribute ciphertext to obtain an attribute encrypted ciphertext, and uploading the attribute encrypted ciphertext to a cloud storage module, so that the cloud storage module only allows a user matched with the access control matrix to read and decrypt the attribute encrypted ciphertext to obtain the shared file;

the key management module is used for generating a symmetric key and asymmetric keys corresponding to the attributes in the authorization attribute set one by one based on the file identifier of the shared file and the authorization attribute set, and returning the symmetric key and the public key set of the asymmetric keys to the data owner;

and the cloud storage module is used for storing the attribute encryption ciphertext.

Optionally, the identity providing module comprises:

an identity authentication module;

the LDAP module is used for registering the identity information of the user and the corresponding attribute set thereof through the identity authentication module;

the key management module includes:

the attribute discrimination point is used for executing a key management process of the key generated by the key management module;

the key storage module is used for storing the key generated by the key management module;

the cloud storage module includes:

the access decision point is used for executing the access control process of the attribute encryption ciphertext;

and the storage center is used for storing the attribute encryption ciphertext.

The invention provides an encryption method based on attributes, which is characterized in that identity information of a user and a corresponding attribute set are registered by an identity providing module in advance; acquiring an attribute set corresponding to a user allowed to access the shared file from an identity providing module, combining the acquired attribute sets to obtain an authorization attribute set, and establishing an access control matrix matched with the authorization attribute set; requesting a symmetric key and asymmetric keys which are in one-to-one correspondence with all attributes in the authorization attribute set from a key management module based on the file identification and the authorization attribute set of the shared file; receiving a public key set of a symmetric key and an asymmetric key returned by the key management module, encrypting the shared file by using the symmetric key to obtain a file ciphertext, and performing attribute-based encryption on the symmetric key based on the access control matrix and the public key set to obtain an attribute ciphertext; and combining the access control matrix, the file ciphertext and the attribute ciphertext to obtain an attribute encrypted ciphertext, and uploading the attribute encrypted ciphertext to the cloud storage module, so that the cloud storage module only allows a user matched with the access control matrix to read and decrypt the attribute encrypted ciphertext to obtain the shared file. Therefore, the shared file is encrypted before file sharing, the encryption mode relates to the attribute set corresponding to the user allowed to access the shared file, and the purpose is to realize that only the user allowed to access the shared file can successfully decrypt the ciphertext, so that the risk of information leakage is greatly reduced.

The invention also provides an encryption system based on the attribute, which has the same beneficial effect as the encryption method.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed in the prior art and the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.

Fig. 1 is a flowchart of an attribute-based encryption method according to an embodiment of the present invention;

fig. 2 is a schematic structural diagram of an attribute-based encryption system according to an embodiment of the present invention;

fig. 3 is an encryption diagram of an attribute-based encryption system according to an embodiment of the present invention.

Detailed Description

The core of the invention is to provide an attribute-based encryption method and system, wherein a shared file is encrypted before file sharing, and the encryption mode relates to an attribute set corresponding to a user allowed to access the shared file, so that the aim of successfully decrypting a ciphertext only by the user allowed to access the shared file is realized, and the risk of information leakage is greatly reduced.

In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Referring to fig. 1, fig. 1 is a flowchart illustrating an attribute-based encryption method according to an embodiment of the present invention.

The attribute-based encryption method comprises the following steps:

step S1: and registering the identity information of the user and the corresponding attribute set thereof by using an identity providing module in advance.

Specifically, whether the data owner or the data user, the identity information (including a user name and a password) of the user is registered in advance by using the identity providing module, and meanwhile, the attribute set corresponding to the user is registered, so that the validity of the user attribute is verified by the identity providing module.

Step S2: and acquiring an attribute set corresponding to a user allowed to access the shared file from the identity providing module, combining the acquired attribute sets to obtain an authorized attribute set, and establishing an access control matrix matched with the authorized attribute set.

Specifically, each user has a respective corresponding attribute set, the data owner (the client where the data owner of the shared file is located) combines the attribute sets corresponding to the users allowed to access the shared file to obtain an authorized attribute set S, that is, the attribute set corresponding to one user allowed to access the shared file is a subset of the authorized attribute set S, and then an access control matrix a (the access control matrix a is used for controlling the access users of the shared file) matching the authorized attribute set S is established.

Step S3: and requesting a symmetric key and asymmetric keys which correspond to the attributes in the authorization attribute set one by one from a key management module based on the file identifier and the authorization attribute set of the shared file.

Specifically, the data owner requests a symmetric key SK (the encryption key and the decryption key are the same) and asymmetric keys corresponding to the attributes in the authorization attribute set S one by one (the asymmetric keys include a public key PK for encryption and a private key SK for decryption, and the public key and the private key are different) from the key management module based on the file identification ID (the Identity Document, the unique code) of the shared file M pre-shared to the cloud storage module and the authorization attribute set S. After receiving a request of a data owner, the key management module generates a symmetric key sk and asymmetric keys corresponding to the attributes in the authorization attribute set S one by one based on the file identification ID of the shared file and the authorization attribute set S, and then returns the generated symmetric key sk and a public key set { PK } of all the asymmetric keys to the data owner.

Step S4: and receiving a public key set of the symmetric key and the asymmetric key returned by the key management module, encrypting the shared file by using the symmetric key to obtain a file ciphertext, and performing attribute-based encryption on the symmetric key based on the access control matrix and the public key set to obtain an attribute ciphertext.

Specifically, the data owner receives a symmetric key sk and a public key set { PK } of all asymmetric keys returned by the key management module, and then encrypts the shared file M by using the symmetric key sk to obtain a file ciphertext C₁And, based on the access control matrix A and the public key set { PK } established, the symmetric key sk is encrypted based on the attribute to obtain an attribute ciphertext CT.

Step S5: and combining the access control matrix, the file ciphertext and the attribute ciphertext to obtain an attribute encrypted ciphertext, and uploading the attribute encrypted ciphertext to the cloud storage module, so that the cloud storage module only allows a user matched with the access control matrix to read and decrypt the attribute encrypted ciphertext to obtain the shared file.

Specifically, the data owner will access the control matrix A and the file cipher text C₁And combining the attribute ciphertext CT to obtain a ciphertext C (called as an attribute encrypted ciphertext and may contain other contents) based on attribute encryption, and uploading the attribute encrypted ciphertext C to a cloud storage module, so that the cloud storage module only allows a user matched with the access control matrix A to read and decrypt the attribute encrypted ciphertext C to obtain the shared file M.

Therefore, the shared file is encrypted before file sharing, the encryption mode relates to the attribute set corresponding to the user allowed to access the shared file, and the purpose is to realize that only the user allowed to access the shared file can successfully decrypt the ciphertext, so that the risk of information leakage is greatly reduced.

On the basis of the above-described embodiment:

as an optional embodiment, generating, by using a key management module, a symmetric key and an asymmetric key corresponding to each attribute in an authorization attribute set one to one based on a file identifier and an authorization attribute set of a shared file includes:

setting Global parameters according to a Global parameter setting function Global Setup (lambda) → GP, and obtaining a Global parameter GP = { g = { (g) }₁,G,G_T,Z_pQ, p, H }; wherein, the global parameter GP is provided for all users; λ is a safety parameter; h denotes a hash function with the mapping function H: {0,1}^*→ G; g is a bilinear group with an order of q; g₁∈G；G_TA multiplication loop group with an order of q; z_pIs an integer cyclic group with the order of p;

according to the key generation function GkeyGen (ID, S, GP, pk)_u) → PK, SK, SK generates a symmetric key SK and an asymmetric key (PK, SK) corresponding to each attribute in the authorization attribute set one by one, so that the symmetric key and the public key set of the asymmetric key are shared by the owner public key PK of the file_uReturning after encryption; wherein, the ID is a file identifier; s is an authorization attribute set; PK is the public key of the asymmetric key,

(ii) a e is a bilinear map: g → G_T(ii) a SK is private key of asymmetric key, SK = &

,y_i}；

,y_iIs a random number, and is a random number,

,y_i∈Z_p(ii) a And i is the ith attribute corresponding to the access control matrix, and K attributes are shared, wherein i belongs to {1,2,3, …, K }.

Specifically, the process of the data owner generating the key by means of the key management module comprises the following steps: 1) data ownerBased on the file identifier ID of the shared file M and the authorization attribute set S, a symmetric key sk and asymmetric keys corresponding to the attributes in the authorization attribute set S one by one are requested from the key management module, and this operation is performed in a trusted execution environment. 2) After receiving a request of a data owner, a key management module performs Global parameter setting according to a Global parameter setting function Global Setup (lambda) → GP to obtain a Global parameter GP = { g =₁,G,G_T,Z_pQ, p, H, and returning the global parameter GP to the data owner, and providing it to other users (it should be noted that the global parameter may be the global parameter that is currently disclosed by the key management module, and it is not necessary to regenerate the global parameter, so as to reduce the load of the key management module in generating the global parameter). 3) The key management module generates a function GkeyGen (ID, S, GP, pk) according to the key_u) → PK, SK, SK generates a symmetric key SK and asymmetric keys (PK, SK) corresponding to the attributes in the authorized attribute set S one by one, so that the symmetric key SK and the public key set { PK } of the asymmetric keys are transmitted to the public key PK of the data owner_uAfter being encrypted, the encrypted data is returned to the data owner through a secure channel; wherein the content of the first and second substances,

；SK={

,y_i}; e is a bilinear map: g → G_TSuch as

；

,y_iIs a random number, and is a random number,

,y_i∈Z_p；

,y_ithe lower subscript i of (a) is the ith attribute corresponding to the access control matrixAnd the access control matrix corresponds to K attributes, i belongs to {1,2,3, …, K }.

In addition, in the key management module, each asymmetric key record is composed of a file identifier ID, a global parameter GP, an attribute, and a key, each asymmetric key record is stored in the key management module in an encrypted manner to ensure the security of the key, and the key storage of the key management module is as shown in table 1:

TABLE 1

It should be noted that, when the data owner encrypts another shared file again, the data owner may re-request a symmetric key and an asymmetric key corresponding to each attribute in the authorized attribute set from the key management module based on the file identifier and the authorized attribute set of the other shared file. Even if the two shared files correspond to the same authorization attribute set, the two shared files do not have the same key set, the system security is ensured, the fine-grained encryption capability based on attribute encryption is realized, and the security of the encrypted files is fully ensured.

As an optional embodiment, the receiving a public key set of a symmetric key and an asymmetric key returned by the key management module, encrypting the shared file by using the symmetric key to obtain a file ciphertext, and performing attribute-based encryption on the symmetric key based on the access control matrix and the public key set to obtain an attribute ciphertext includes:

decrypting a ciphertext returned by the key management module based on a private key of an owner of the shared file to obtain a symmetric key sk and a public key set { PK } of the asymmetric key;

encrypting the shared file by using the symmetric key sk to obtain a file ciphertext C₁；

Performing attribute-based encryption on the symmetric key sk based on the access control matrix A and the public key set { PK } to obtain an attribute ciphertext CT = { C =₂,C₃,C₄,C₅}; a is a K multiplied by L matrix, K is the row number of the matrix A, and L is the column number of the matrix A;

；

all of C_3,iComposition C₃；

All of C_4,iComposition C₄；

All of C_5,iComposition C₅；s₁Is a random number, s₁∈Z_p；λ_i=A_i×v；A_iRow i of A; v is a random vector, v is belonged to Z_P ^L(ii) a The first element of v is s₁And the other elements are random numbers; r is_iIs a random number, r_i∈Z_p(ii) a P is an attribute mapping function for associating attributes with rows of the matrix a.

Specifically, the encryption process of the data owner includes: 1) and receiving the ciphertext (the symmetric key sk and the public key set { PK } of the asymmetric key) returned by the key management module, and then decrypting the ciphertext returned by the key management module based on the private key of the data owner to obtain the symmetric key sk and the public key set { PK } of the asymmetric key. 2) Encrypting the shared file M by using the symmetric key sk to obtain a file ciphertext C₁=Enc_sk(M); wherein Enc_skThe encryption key is sk as an encryption function; then, attribute-based encryption is carried out on the symmetric key sk based on the access control matrix A and the public key set { PK } to obtain an attribute ciphertext CT = { C =₂,C₃,C₄,C₅}; the access control matrix A is a K multiplied by L matrix, K is the row number of the matrix A, and L is the column number of the matrix A;

，

；

，

，

；

；

；s₁is a random number, s₁∈Z_p；λ_i=A_i×v，A_iFor the ith row of the access control matrix A, v is a random vector, v ∈ Z_P ^LThe first element of the random vector v is s₁And the other elements are random numbers;

、

is an attribute mapping function for relating the attributes to the rows of the access control matrix a, p (i) denoting the mapping of the attribute i to the p (i) th row of the access control matrix a, r_iFor A from access control matrix A_iA random number selected from_i∈Z_p；λ_i、r_i、A_iThe subscript i of (1) is the ith attribute, i belongs to {1,2,3, …, K }; all C_3,i(i ∈ {1,2,3, …, K }) constitutes C₃(ii) a All C_4,i(i ∈ {1,2,3, …, K }) constitutes C₄(ii) a All C_5,i(i ∈ {1,2,3, …, K }) constitutes C₅. The attribute-based cryptographic function is summarized as: encrypt (M, a, ρ, GP, { PK }, sk) → C.

As an optional embodiment, combining the access control matrix, the file ciphertext, and the attribute ciphertext to obtain the attribute encrypted ciphertext includes:

based on access control matrix A and file ciphertext C₁And attribute ciphertext CT to obtain attribute encrypted ciphertext C = { ID, A, rho, C₁CT, sign }; wherein sign is a digital signature.

Specifically, the data owner is based on an access control matrix A and a file ciphertext C₁And an attribute ciphertext CT, wherein the finally obtained attribute encryption ciphertext can be: c = { ID, a, ρ, C₁CT, sign }, where sign is a digital signature, and the digital signature is a section of digital string that cannot be forged by others and can be generated only by the sender of the information, and the section of digital string is also a valid proof of the authenticity of the information sent by the sender of the information.

As an alternative embodiment, reading the attribute encryption ciphertext from the cloud storage module includes:

when a data user accesses the cloud storage module, acquiring a target attribute set corresponding to the data user from the identity providing module based on the identity information of the data user;

acquiring an access control matrix in the attribute encryption text, and judging whether a target attribute set is matched with the access control matrix;

if so, allowing the cloud storage module to send the attribute encrypted ciphertext to a data user;

and if not, the cloud storage module is not allowed to send the attribute encryption ciphertext to the data user.

Specifically, when a data user accesses the cloud storage module, the access decision point of the cloud storage module is used to realize that: 1) and acquiring the attribute set (called a target attribute set) corresponding to the data user from the identity providing module based on the identity information of the data user. 2) Acquiring an access control matrix A in the attribute encrypted ciphertext C, and judging whether the target attribute set is matched with the access control matrix A or not; if the attribute encryption ciphertext C is matched with the attribute encryption ciphertext C, the cloud storage module sends the attribute encryption ciphertext C to a data user; and if not, the cloud storage module does not send the attribute encryption ciphertext C to the data user.

As an alternative embodiment, the decryption process of the attribute-encrypted ciphertext includes:

when a data user accesses the key management module by using the attribute ciphertext, the key management module is used for obtaining a target attribute set corresponding to the data user from the identity providing module, and a target private key set corresponding to the target attribute set is determined according to the target attribute set and the file identification;

and decrypting the symmetric key based on the target private key set and the attribute ciphertext, encrypting the decrypted symmetric key by the public key of the data user, and sending the encrypted symmetric key to the data user, so that the data user decrypts by using the private key of the data user to obtain the symmetric key, and decrypts the file ciphertext by using the symmetric key to obtain the shared file.

Specifically, after the data user receives the attribute encrypted ciphertext C, the data user accesses the key management module by using the attribute ciphertext CT, and the attribute determination point of the key management module is used to implement: 1) obtaining a target attribute set corresponding to a data user from an identity providing module based on identity information of the data user, determining a target private key set corresponding to the target attribute set according to the target attribute set and a file Identification (ID), decrypting a symmetric key (in a trusted execution environment of a key management module) based on the target private key set and an attribute Ciphertext (CT), encrypting the decrypted symmetric key by a public key of the data user, and sending the encrypted symmetric key to the data user, so that the data user decrypts the symmetric key by using the private key of the data user to obtain a symmetric key sk, and decrypts a file ciphertext C by using the symmetric key sk₁And obtaining the shared file M.

As an alternative embodiment, decrypting the symmetric key based on the target private key set and the attribute ciphertext includes:

evaluating a function from a derived private key

Deriving a derived private key set K_id(ii) a Wherein, K_x,idA derived private key corresponding to the xth attribute of the target attribute set; target attribute set common K₁An attribute, x ∈ {1,2,3, …, K₁}; id is the user id of the data user;

evaluating a function from data

Computing

(ii) a Where ρ (x) denotes mapping the attribute x to the ρ (x) th row of the access control matrix a;

in that

Lower calculation constant c_xAccording to

Computing

(ii) a Wherein the content of the first and second substances,

，

is a positive integer;

according to a decryption function

And decrypting the symmetric key to obtain the symmetric key sk.

Specifically, the process of decrypting the symmetric key using the key management module includes: 1) evaluating a function from a derived private key

Deriving a derived private key set K_id(ii) a Wherein the content of the first and second substances,

,y_xis a random number, and is a random number,

,y_x∈Z_p；

,y_xthe subscript x of (1) is the x-th attribute of the target attribute set corresponding to the data user, and the target attribute set has K in total₁An attribute, x ∈ {1,2,3, …, K₁}；K_x,idA derived private key corresponding to the xth attribute of the target attribute set; all K_x,id(x∈{1,2,3,…, K₁}) to form a derived private key set K_id(ii) a id is the user id of the data user; h denotes a hash function. 2) Evaluating a function from data

Computing

(ii) a Where ρ (x) denotes mapping the attribute x to the ρ (x) th row of the access control matrix a;

，

，

is the ρ (x) th row of the access control matrix a. 3) In that

Lower calculation constant c_xAccording to

Computing

(ii) a Wherein, c_xIs a positive integer. 4) According to a decryption function

Decrypting the symmetric key to obtain the symmetric key sk, and decrypting the file ciphertext by using the symmetric key skC₁Get shared file M = Dec_sk(C₁) (ii) a Wherein, Dec_skFor the decryption function, the decryption key is sk.

As an alternative embodiment, the attribute-based encryption method further includes:

judging whether a user allowed to access the shared file is changed;

if yes, re-entering the steps of obtaining the attribute set corresponding to the user allowed to access the shared file from the identity providing module, combining the obtained attribute sets to obtain an authorized attribute set, and establishing an access control matrix matched with the authorized attribute set.

Further, the first way to revoke the corresponding attribute: judging whether a user allowed to access the shared file is changed; if the access control matrix is changed, re-entering the steps of obtaining the attribute set corresponding to the user allowed to access the shared file from the identity providing module, combining the obtained attribute sets to obtain an authorized attribute set, and establishing the access control matrix matched with the authorized attribute set; if the attribute set is not changed, the steps of obtaining the attribute set corresponding to the user allowed to access the shared file from the identity providing module, combining the obtained attribute sets to obtain an authorized attribute set, and establishing an access control matrix matched with the authorized attribute set are not entered again, so that the user not allowed to access the shared file can not continuously access the attribute encrypted ciphertext.

As an alternative embodiment, the attribute-based encryption method further includes:

when the target user loses the access right of the shared file, the asymmetric key corresponding to the attribute set of the target user in the key management module is set to be invalid, so that the target user does not have the right to access the attribute encrypted ciphertext.

Further, the second way to revoke the corresponding attribute: when the target user loses the access right of the shared file, the asymmetric key corresponding to the attribute set of the target user in the key management module is set to be invalid, so that the target user does not have the right to access the attribute encrypted ciphertext.

It should be noted that, the two ways of revoking the corresponding attribute may be selected alternatively, and the application is not particularly limited herein.

The method based on the attribute encryption is applied to a system based on the attribute encryption as shown in FIG. 2, wherein the system based on the attribute encryption comprises a plurality of organizations and a cloud computing platform; each organization comprises a plurality of data users, a plurality of data owners and an identity providing module; the cloud computing platform comprises a uniform cloud storage module and a plurality of key management modules; wherein each key management module corresponds to an organization. Specifically, as shown in fig. 3, the identity providing module includes an identity authentication module and an LDAP (Light Directory Access Protocol) module, and all users perform identity registration to the LDAP module through the identity authentication module and register corresponding attribute sets at the same time. The key management module comprises an attribute discrimination point and a key storage module; the key storage module is used for storing the key generated by the key management module; the attribute discrimination point is used for executing a key management process (including a symmetric key decryption process) of the key generated by the key management module. The cloud storage module comprises an access decision point and a storage center; the storage center is used for storing the attribute encrypted ciphertext; the access decision point is used to perform an access control flow of the attribute encrypted ciphertext (decide to allow the user no access to the attribute encrypted ciphertext).

To sum up, the application has the following beneficial effects: 1) according to the method and the system, an LDAP identity authentication system of an organization and a key management system in a cloud computing platform are fully utilized, an encryption system based on the attribute is realized, a credible authority is not needed, and the existing organization framework of the cloud computing platform is fully utilized. 2) The method and the system make full use of the LDAP identity authentication system of the organization, so that the organizations do not interfere with each other and operate independently. LDAP is both a verifier of a user logging into the system and a trusted provider of user attributes. 3) In the attribute-based encryption method, the access control structure is embedded into a ciphertext, and the key is bound into a group of attributes, so that the access control is effectively realized. Since different users may have partially identical attributes, the attribute-based encryption method may enable one-to-many secure file access. 4) The attribute is used for carrying out fine-grained division on the user, the data is encrypted by using a specific access strategy, and the ciphertext can be successfully decrypted only if the user attribute meets the access strategy, so that the attribute-based encryption method is particularly suitable for carrying out confidentiality protection on the data on the premise of ensuring the privacy of the cloud platform user.

The present application further provides an attribute-based encryption system, comprising:

the identity providing module is used for registering identity information of the user and a corresponding attribute set;

the data owner is used for acquiring the attribute set corresponding to the user allowed to access the shared file from the identity providing module, combining the acquired attribute sets to obtain an authorized attribute set and establishing an access control matrix matched with the authorized attribute set; requesting a symmetric key and asymmetric keys which are in one-to-one correspondence with all attributes in the authorization attribute set from a key management module based on the file identification and the authorization attribute set of the shared file; receiving a public key set of a symmetric key and an asymmetric key returned by the key management module, encrypting the shared file by using the symmetric key to obtain a file ciphertext, and performing attribute-based encryption on the symmetric key based on the access control matrix and the public key set to obtain an attribute ciphertext; combining the access control matrix, the file ciphertext and the attribute ciphertext to obtain an attribute encrypted ciphertext, and uploading the attribute encrypted ciphertext to a cloud storage module, so that the cloud storage module only allows a user matched with the access control matrix to read and decrypt the attribute encrypted ciphertext to obtain a shared file;

the key management module is used for generating a symmetric key and asymmetric keys which are in one-to-one correspondence with the attributes in the authorization attribute set based on the file identification of the shared file and the authorization attribute set, and returning the public key set of the symmetric key and the asymmetric keys to the data owner;

and the cloud storage module is used for storing the attribute encryption ciphertext.

As an alternative embodiment, the identity providing module comprises:

an identity authentication module;

the LDAP module is used for registering the identity information of the user and the corresponding attribute set thereof through the identity authentication module;

the key management module includes:

the attribute discrimination point is used for executing a key management process of the key generated by the key management module;

the key storage module is used for storing the key generated by the key management module;

the cloud storage module includes:

the access decision point is used for executing an access control process of the attribute encrypted ciphertext;

and the storage center is used for storing the attribute encrypted ciphertext.

For introduction of the attribute-based encryption system provided in the present application, reference is made to the above-mentioned embodiment of the attribute-based encryption method, and details of the present application are not repeated herein.

It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (11)

1. An attribute-based encryption method, comprising:

registering identity information of a user and a corresponding attribute set thereof by using an identity providing module in advance;

acquiring an attribute set corresponding to a user allowed to access the shared file from the identity providing module, combining the acquired attribute sets to obtain an authorized attribute set, and establishing an access control matrix matched with the authorized attribute set;

requesting a symmetric key and asymmetric keys which are in one-to-one correspondence with the attributes in the authorization attribute set from a key management module based on the file identification of the shared file and the authorization attribute set;

receiving the public key set of the symmetric key and the asymmetric key returned by the key management module, encrypting the shared file by using the symmetric key to obtain a file ciphertext, and performing attribute-based encryption on the symmetric key based on the access control matrix and the public key set to obtain an attribute ciphertext;

and combining the access control matrix, the file ciphertext and the attribute ciphertext to obtain an attribute encrypted ciphertext, and uploading the attribute encrypted ciphertext to a cloud storage module, so that the cloud storage module only allows a user matched with the access control matrix to read and decrypt the attribute encrypted ciphertext to obtain the shared file.

2. The attribute-based encryption method of claim 1, wherein generating a symmetric key and an asymmetric key corresponding to each attribute in the set of authorized attributes one-to-one based on the file identifier of the shared file and the set of authorized attributes by using the key management module comprises:

setting Global parameters according to a Global parameter setting function Global Setup (lambda) → GP, and obtaining a Global parameter GP = { g = { (g) }₁,G,G_T,Z_pQ, p, H }; wherein, the global parameter GP is provided for all users; λ is a safety parameter; h denotes a hash function with the mapping function H: {0,1}^*→ G; g is a bilinear group with an order of q; g₁∈G；G_TA multiplication loop group with an order of q; z_pIs an integer cyclic group with the order of p;

according to the key generation function GkeyGen (ID, S, GP, pk)_u) → PK, SK, SK generates a symmetric key SK and an asymmetric key (PK, SK) corresponding to each attribute in the authorization attribute set one by one, so as to make the public key set of the symmetric key and the asymmetric key pass through the public key PK of the owner of the shared file_uReturning after encryption; wherein, ID is the file identification; s is the set of authorization attributes; PK is the public key of the asymmetric key,

(ii) a e is a bilinear map: g → G_T(ii) a SK is private key of the asymmetric key, SK = &

,y_i}；

,y_iIs a random number, and is a random number,

,y_i∈Z_p(ii) a And i is the ith attribute corresponding to the access control matrix, and has K attributes, i belongs to {1,2,3, …, K }.

3. The attribute-based encryption method according to claim 2, wherein receiving the public key set of the symmetric key and the asymmetric key returned by the key management module, encrypting the shared file by using the symmetric key to obtain a file ciphertext, and performing attribute-based encryption on the symmetric key based on the access control matrix and the public key set to obtain an attribute ciphertext comprises:

decrypting a ciphertext returned by the key management module based on a private key of an owner of the shared file to obtain the symmetric key sk and a public key set { PK } of the asymmetric key;

encrypting the shared file by using the symmetric key sk to obtain a file ciphertext C₁；

Performing attribute-based encryption on the symmetric key sk based on the access control matrix A and the public key set { PK } to obtain an attribute ciphertext CT = { C =₂,C₃,C₄,C₅}; a is a K multiplied by L matrix, K is the row number of the matrix A, and L is the column number of the matrix A;

；

all of C_3,iComposition C₃；

All of C_4,iComposition C₄；

All of C_5,iComposition C₅；s₁Is a random number, s₁∈Z_p；λ_i=A_i×v；A_iRow i of A; v is a random vector, v is belonged to Z_P ^L(ii) a The first element of v is s₁And the other elements are random numbers; r is_iIs a random number, r_i∈Z_p(ii) a P is an attribute mapping function for associating attributes with rows of the matrix a.

4. The attribute-based encryption method of claim 3, wherein combining the access control matrix, the file ciphertext, and the attribute ciphertext to obtain an attribute encryption ciphertext comprises:

based on the access control matrix A and the file ciphertext C₁And obtaining an attribute encrypted ciphertext C = { ID, A, rho, C by using the attribute ciphertext CT₁CT, sign }; wherein sign is a digital signature.

5. The attribute-based encryption method of claim 4, wherein reading the attribute encryption ciphertext from the cloud storage module comprises:

when a data user accesses the cloud storage module, obtaining a target attribute set corresponding to the data user from the identity providing module based on identity information of the data user;

acquiring an access control matrix in the attribute encryption ciphertext, and judging whether the target attribute set is matched with the access control matrix;

if so, allowing the cloud storage module to send the attribute encryption ciphertext to the data user;

and if not, the cloud storage module is not allowed to send the attribute encryption ciphertext to the data user.

6. The attribute-based encryption method of claim 5, wherein the decryption process of the attribute-encrypted ciphertext comprises:

when the data user accesses the key management module by using the attribute ciphertext, obtaining a target attribute set corresponding to the data user from the identity providing module by using the key management module, and determining a target private key set corresponding to the target attribute set according to the target attribute set and the file identifier;

and decrypting the symmetric key based on the target private key set and the attribute ciphertext, encrypting the decrypted symmetric key by the public key of the data user, and sending the encrypted symmetric key to the data user, so that the data user decrypts by using the private key of the data user to obtain the symmetric key, and decrypts the file ciphertext by using the symmetric key to obtain the shared file.

7. The attribute-based encryption method of claim 6, wherein decrypting the symmetric key based on the target set of private keys and the attribute ciphertext comprises:

evaluating a function from a derived private key

Deriving a derived private key set K_id(ii) a Wherein, K_x,idA derived private key corresponding to the xth attribute of the target attribute set; the target attribute set has a total of K₁An attribute, x ∈ {1,2,3, …, K₁}; id is the user id of the data user;

evaluating a function from data

Computing

(ii) a Wherein ρ (x) denotes mapping the attribute x to the ρ (x) th row of the access control matrix A;

in that

Lower calculation constant c_xAccording to

Computing

(ii) a Wherein the content of the first and second substances,

，

is a positive integer;

according to a decryption function

And decrypting the symmetric key to obtain the symmetric key sk.

8. The attribute-based encryption method of any one of claims 1-7, wherein the attribute-based encryption method further comprises:

determining whether a user allowed to access the shared file has changed;

and if so, re-entering the steps of acquiring the attribute set corresponding to the user allowed to access the shared file from the identity providing module, combining the acquired attribute sets to obtain an authorized attribute set, and establishing an access control matrix matched with the authorized attribute set.

9. The attribute-based encryption method of any one of claims 1-7, wherein the attribute-based encryption method further comprises:

and when the target user loses the access right of the shared file, setting the asymmetric key corresponding to the attribute set of the target user in the key management module to be invalid so that the target user does not have the right to access the attribute encryption ciphertext.

10. An attribute-based encryption system, comprising:

the identity providing module is used for registering identity information of the user and a corresponding attribute set;

the data owner is used for acquiring the attribute set corresponding to the user allowed to access the shared file from the identity providing module, combining the acquired attribute sets to obtain an authorized attribute set and establishing an access control matrix matched with the authorized attribute set; requesting a symmetric key and asymmetric keys which are in one-to-one correspondence with the attributes in the authorization attribute set from a key management module based on the file identification of the shared file and the authorization attribute set; receiving the public key set of the symmetric key and the asymmetric key returned by the key management module, encrypting the shared file by using the symmetric key to obtain a file ciphertext, and performing attribute-based encryption on the symmetric key based on the access control matrix and the public key set to obtain an attribute ciphertext; combining the access control matrix, the file ciphertext and the attribute ciphertext to obtain an attribute encrypted ciphertext, and uploading the attribute encrypted ciphertext to a cloud storage module, so that the cloud storage module only allows a user matched with the access control matrix to read and decrypt the attribute encrypted ciphertext to obtain the shared file;

the key management module is used for generating a symmetric key and asymmetric keys corresponding to the attributes in the authorization attribute set one by one based on the file identifier of the shared file and the authorization attribute set, and returning the symmetric key and the public key set of the asymmetric keys to the data owner;

and the cloud storage module is used for storing the attribute encryption ciphertext.

11. The attribute-based encryption system of claim 10, wherein the identity provisioning module comprises:

an identity authentication module;

the LDAP module is used for registering the identity information of the user and the corresponding attribute set thereof through the identity authentication module;

the key management module includes:

the attribute discrimination point is used for executing a key management process of the key generated by the key management module;

the key storage module is used for storing the key generated by the key management module;

the cloud storage module includes:

the access decision point is used for executing the access control process of the attribute encryption ciphertext;

and the storage center is used for storing the attribute encryption ciphertext.

Images