CN115277171A - Data circulation control method based on purchasable attribute encryption in cloud environment - Google Patents

Data circulation control method based on purchasable attribute encryption in cloud environment Download PDF

Info

Publication number
CN115277171A
CN115277171A CN202210877395.8A CN202210877395A CN115277171A CN 115277171 A CN115277171 A CN 115277171A CN 202210877395 A CN202210877395 A CN 202210877395A CN 115277171 A CN115277171 A CN 115277171A
Authority
CN
China
Prior art keywords
ciphertext
attribute
key
sender
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210877395.8A
Other languages
Chinese (zh)
Other versions
CN115277171B (en
Inventor
黄勤龙
王超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN202210877395.8A priority Critical patent/CN115277171B/en
Publication of CN115277171A publication Critical patent/CN115277171A/en
Application granted granted Critical
Publication of CN115277171B publication Critical patent/CN115277171B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • H04L9/3221Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs

Abstract

The invention discloses a data circulation control method based on purchasable attribute encryption in a cloud environment, belonging to the technical field of data security; the method specifically comprises the following steps: firstly, a data circulation control platform comprising a trusted authority, a sender, a purifier, a cloud server and a receiver is built; the trusted authority generates an encryption key to the sender and a matched decryption key to the receiver; then, the sender processes each data to be sent by using a random message key, and then packages the data into an encrypted ciphertext by using the encrypted key and sends the encrypted ciphertext to the purifier; the clarifier purifies the ciphertext by using a random message key, and uploads the ciphertext to the cloud server to be sent to any receiver; and the receiver obtains a corresponding decryption key according to the access control strategy P, and when the attribute set in the plaintext meets the access control strategy, the plaintext is recovered. The invention can realize the read and write control of data at the same time, and effectively resist the attack caused by the leakage of the message key by a malicious sender in the KP-ABE scheme.

Description

Data circulation control method based on purchasable attribute encryption in cloud environment
Technical Field
The invention relates to the field of data security, in particular to a data circulation control method based on purifyable attribute encryption in a cloud environment.
Background
The appearance of cloud computing provides abundant storage and computing resources for personal and enterprise users, and greatly improves the use efficiency and the operation efficiency of data. Personal and enterprise data can be quickly and reliably sent, stored, and distributed between senders and recipients through cloud computing services. The sender can send data of any size to a group of receivers through the cloud server, and the cloud server stores the data in a data center of the cloud server so as to transmit the data when the receivers are not on line. In addition, the recipient may subscribe to data from the sender through the cloud service, and this publisher-subscriber relationship will control the flow of messages between the sender and the recipient. Thus, the recipient can create multiple subscriptions to the topic and receive messages from the recipient, ultimately forming a many-to-many messaging.
Due to the semi-trusted characteristic of the cloud platform, a proper encryption mechanism is required to store sensitive data in the cloud in a ciphertext form and perform fine-grained circulation control on the data, such as an attribute-based encryption (ABE) technology. The ABE introduces an access strategy in the idea of a public key encryption algorithm, can realize fine-grained access control, generates a key or a ciphertext according to the access strategy, enables users meeting a specified access strategy to decrypt, and controls sensitive data to flow to a user set meeting access conditions.
The key strategy-based attribute-based encryption (KP-ABE) technology can realize the encrypted access control of data in cloud computing, and related entities comprise a trusted authority, a cloud server, a sender and a receiver. As shown in FIG. 1, the implementation process of KP-ABE comprises the following steps:
1) And (5) initializing the system. A trusted authority generates a system public key PK and a system master key MK.
2) And generating a key. The trusted authority generates a private key SK according to the system master key MK and the access policy and distributes the private key SK to the receiving party safely.
3) And (5) encrypting data. The sender inputs a system public key PK, a plaintext m and an attribute set S, and encrypts the plaintext m by using a random message key K to obtain a ciphertext cmThen, the message key K is encrypted to obtain a ciphertext cKTo obtain the final ciphertext ct = (c)m,cK) And uploading to the cloud server.
4) And (6) decrypting the data. The user acquires ciphertext ct = (c) from the cloud serverm,cK) Then, the private key SK is used firstly from cKRecovers the message key K and then decrypts c with KmTo obtainAnd (5) plaintext m.
Under the cloud computing environment, the adoption of the KP-ABE technology to realize the safe circulation control of data has the following problems:
1) The KP-ABE cannot resist the attack of message key leakage, namely a sender may leak a message key K of data, and any receiver can download a ciphertext ct from a cloud server and directly decrypt a plaintext m after acquiring the message key K from the sender, so that the circulation control of the data is invalid.
2) KP-ABE can only realize the read control of data, namely only authorized receivers can access the data through a decryption key, but can not realize the write control of the data, namely, any sender can execute an encryption algorithm to upload a ciphertext to a cloud server, so that a malicious sender encrypts sensitive data and leaks the sensitive data to some receivers.
Disclosure of Invention
Aiming at the problems, the invention provides a data circulation control method based on decontaminable attribute encryption in a cloud environment, which generates a group of encryption keys associated with attributes for each sender by keeping a structural signature and a zero-knowledge proof mechanism, and simultaneously inputs the encryption keys and an access control strategy when generating the ciphertext, thereby ensuring that only the sender with the correct encryption key can upload the corresponding ciphertext to a cloud server, and realizing fine-grained data reading control of a receiver. In addition, the original ciphertext is subjected to the key-free purification operation at the purifier end, so that the message key can be prevented from being leaked to an unauthorized receiver by a sender, and the key leakage attack can be effectively resisted.
The data circulation control method based on the purifyable attribute encryption in the cloud environment comprises the following specific steps:
step one, building a data circulation control platform comprising a trusted authority, a sender, a purifier, a cloud server and a receiver;
and step two, the trusted authority generates an encryption key to each sender and generates a matched decryption key to each receiver.
For each sender, the trusted authority runs the EKGen algorithm to obtain encryptionSecret key ekS= (S, M, σ), returning the encryption key to the sender over the secure channel;
S={A1,A2,...,Akis the set of attributes of the input,
Figure BDA0003763044280000024
is the set of all attribute hash values in the attribute set S; σ is the signature on the set of attribute hash values M;
for each recipient, a recipient policy is given
Figure BDA0003763044280000021
Wherein
Figure BDA0003763044280000022
Is a matrix of l rows and n columns, p is a mapping function, and the matrix is
Figure BDA0003763044280000023
Each line in (a) is mapped to an attribute;
the trusted authority runs DKGEN algorithm to generate a decryption key according to the access control strategy P, and the decryption key dk is transmitted through the secure channelP={Dτ,0,Dτ,1,Dτ,2}τ∈[l]Sending the data to a receiver;
step three, the sender processes each data to be sent by using a random message key, then uses an encryption key to package the message key, and finally sends an encrypted ciphertext to the purifier;
the encrypted ciphertext is c = (ct, pi); the knowledge that pi is zero proves; ct = (C, C)0,{Cτ,1,Cτ,2}τ∈[k]) Is a cipher text for attribute encryption of message, including symmetric encrypted cipher text C of message and access control cipher text (C) generated by attribute set S0,{Cτ,1,Cτ,2}τ∈[k]) K is the number of attributes in the attribute set S;
step four, the purifier checks the encrypted ciphertext, purifies the ciphertext by using a random message key, and uploads the purified ciphertext c' to the cloud server;
for each uploaded ciphertext c, firstly, the purifier runs the Sanitize algorithm to verify a zero knowledge proof pi in the ciphertext to verify that the sender has the encryption key corresponding to the attribute set S, and if the verification fails, the ciphertext is discarded;
after the verification is successful, continuously detecting whether the ciphertext ct is consistent with the attribute set S declared in the received ciphertext; if not, the verification fails and the ciphertext is discarded;
when the detection is consistent, the hash value element is used for each attribute of the attribute set S
Figure BDA0003763044280000031
Continue to check if equation is satisfied:
Figure BDA0003763044280000032
if the cipher text fails, the clarifier discards the cipher text;
g1and w are both public system parameters;
after success, the purifier selects a random value s ' to randomize the original ciphertext ct to obtain a purified ciphertext C ' = (C ', C ') with the same form as the original ciphertext ct '0,{C′τ,1,C′τ,2}τ∈[k]);
Step five, the cloud server receives and stores the purified ciphertext c' for sending to any subscribed receiver;
step six, the receiver obtains a corresponding decryption key from the trusted authority according to the access control strategy P; and after the purified ciphertext is received from the cloud server, when the attribute set in the ciphertext meets the access control strategy, the plaintext is recovered.
For the clean ciphertext c', the receiver uses the decryption key dkPAnd (5) operating a Decrypt algorithm to Decrypt the plain text:
m=C′/B
Figure BDA0003763044280000033
specifically, let I be a matrix
Figure BDA0003763044280000034
Corresponding to the row set of the attribute set S. When the attribute set S satisfies the access control strategy P, the constant omega is calculatediSatisfy the requirement of
Figure BDA0003763044280000035
Is a matrix
Figure BDA0003763044280000036
Row i of (2).
(Di,0,Di,1,Di,2) Is a decryption key;
the invention has the advantages that:
1) A data circulation control method based on cleanable attribute encryption in a cloud environment is characterized in that a ciphertext generated by a sender is cleaned through a cleaner, the cleaned ciphertext can be correctly decrypted only by an authorized receiver, and an unauthorized receiver cannot decrypt even if acquiring a message key leaked by the sender, so that the attack caused by the fact that a malicious sender leaks the message key in a KP-ABE scheme can be effectively resisted.
2) A data circulation control method based on purchasable attribute encryption in a cloud environment can not only realize data reading control, but also realize data writing control, and ensure that only an authorized sender can use an encryption key to generate an effective ciphertext, and the ciphertext generated by an unauthorized sender can be discarded by a purifier, so that a malicious sender is prevented from leaking sensitive information to an unauthorized receiver.
Drawings
FIG. 1 is a KP-ABE based data flow control chart used in the prior art.
FIG. 2 is a flow chart of a data flow control method based on purchasable property encryption in a cloud environment according to the present invention;
fig. 3 is a structural diagram of a data flow control platform constructed according to the invention.
Detailed Description
The implementation process of the overall technical scheme is described by combining the figures
In order to meet the requirement of safe data circulation control in a cloud environment, the invention provides a data circulation control method based on purifyable attribute encryption in the cloud environment, which specifically comprises the following steps: 1) A purchasable attribute-based encryption algorithm is designed, an attribute ciphertext generated by a sender is purified by using a purifier, and the purified ciphertext is uploaded to a cloud server. 2) And generating a group of encryption keys described by attributes for each sender by adopting a mechanism of maintaining structural signatures and zero-knowledge proof, and generating corresponding proof when generating attribute ciphertext in an encryption stage. The purifier ensures that only the sender authorized to the set S can generate the encrypted ciphertext of the set S through verification, so that the write control of data is realized, and the fine-grained read control of the purified ciphertext is still effective.
The data circulation control method based on the purchasable property encryption in the cloud environment comprises the following specific steps as shown in fig. 2:
step one, building a data circulation control platform comprising a trusted authority, a sender, a purifier, a cloud server and a receiver;
in the invention, all network communication between a sender and a cloud server is controlled by a purifier, and the reading control of data is determined by an access control strategy of a receiver; the involved entities include: trusted authority, sender, purifier, cloud server, and recipient, as shown in fig. 3.
1) A trusted authority establishes a system public key and a system master key and maintains the whole system; at the same time, the trusted authority generates an encryption key to each sender and a decryption key to each receiver.
2) The sender obtains an encryption key corresponding to the attribute set of the sender from a trusted authority; for each datum, the sender first processes it with a random message key, then encapsulates it with an encryption key, and finally sends the result of the encryption to the purifier.
3) The cleaner examines the original ciphertext and converts it to a cleaned ciphertext; first, the clarifier verifies whether the sender is authorized to the set of declared properties, and then verifies whether the ciphertext was generated based on the set of declared properties. And if the verification is correct, the purifier purifies the ciphertext by using a random message key and uploads the purified ciphertext to the cloud server.
4) The cloud server is a semi-trusted third party that receives the cleansed ciphertext from the cleansers and provides storage services for the ciphertext. The cryptogram stored in the cloud server may be sent to any subscribed recipient.
5) The receiver defines an access control policy and obtains a corresponding decryption key from a trusted authority. And after the receiver receives the purified ciphertext from the cloud server, if the attribute set in the ciphertext meets the access control strategy, the plaintext is recovered.
And step two, the trusted authority generates an encryption key to each sender and generates a matched decryption key to each receiver.
For each sender, a trusted authority runs an EKGen algorithm to obtain an encryption key ekS= (S, M, σ), the encryption key is returned to the sender over the secure channel;
S={A1,A2,...,Akthe set of attributes entered for the sender describes the data write target for which each sender is authorized.
Figure BDA0003763044280000041
Is the set of all attribute hash values in the attribute set S; σ is the signature on the set of attribute hash values M;
for each recipient, a given recipient access control policy
Figure BDA0003763044280000042
Consisting of and or gates of any possible nature. Wherein
Figure BDA0003763044280000043
Is a matrix of l rows and n columns, p is a mapping function, and the matrix is
Figure BDA0003763044280000044
Each line in (a) is mapped to an attribute;
the trusted authority according to the visitThe inquiry control strategy P runs the DKGgen algorithm to generate a decryption key, and the decryption key dk is transmitted through the secure channelP={Dτ,0,Dτ,1,Dτ,2}τ∈[l]Sending the data to a receiver;
step three, the sender processes each data to be sent by using a random message key, then uses an encryption key to encapsulate the message key, and finally sends an encrypted result to the purifier;
the encrypted ciphertext is c = (ct, pi); the knowledge that pi is zero proves; ct = (C, C)0,{Cτ,1,Cτ,2}τ∈[k]) The message is encrypted by attribute encryption; wherein C is a symmetric encrypted ciphertext of the message; c = m · e (g)0,g1)αs(ii) a m is the plaintext of the message, α is the system master key, i.e., a secret value selected by the trusted authority, g0,g1Initializing parameters for the system; s is a random number;
(C0,{Cτ,1,Cτ,2}τ∈[k]) Is the access control ciphertext generated by the attribute set S, and k is the number of attributes in the attribute set S;
wherein, the first and the second end of the pipe are connected with each other,
Figure BDA0003763044280000051
for each tau e k],
Figure BDA0003763044280000052
And
Figure BDA0003763044280000053
w is a public system parameter;
Figure BDA0003763044280000054
is a random number;
step four, the purifier checks the original encrypted ciphertext, purifies the ciphertext by using a random message key, and uploads the purified ciphertext c' to the cloud server;
and for each uploaded ciphertext c, the purifier runs the Sanitize algorithm to verify a zero knowledge proof pi in the ciphertext so as to verify that the sender has the encryption key corresponding to the attribute set S, and if the verification fails, the ciphertext is discarded.
After the verification is successful, continuously detecting whether the ciphertext ct is consistent with the attribute set S declared in the received ciphertext; if not, the verification fails and the ciphertext is discarded;
when the detection is consistent, the hash value element is used for each attribute
Figure BDA0003763044280000055
Checking equation
Figure BDA0003763044280000056
If not, the parser discards the ciphertext if it fails.
When all checks pass, the cleaner selects a random value s 'to randomize ct in the original ciphertext to obtain a cleaned ciphertext C' = (C ', C'0,{C′τ,1,C′τ,2}τ∈[k]);
The method specifically comprises the following steps:
the purifier first selects a random number
Figure BDA0003763044280000057
Then, the purge ciphertext C ' = (C ', C '0,{C′τ,1,C′τ,2}τ∈[k]);
Figure BDA0003763044280000058
Figure BDA0003763044280000059
Figure BDA00037630442800000510
For each tau epsilon [ k],
Figure BDA00037630442800000511
Step five, the cloud server receives and stores the purified ciphertext c' for sending to any subscribed receiver;
step six, the receiver obtains a corresponding decryption key from a trusted authority according to the access control strategy P; and after the purified ciphertext is received from the cloud server, if the attribute set in the ciphertext meets the access control strategy, recovering the plaintext.
For the clean ciphertext c', the receiver uses the decryption key dkPAnd executing a Decrypt algorithm to Decrypt the plain text m = C'/B.
Specifically, let I = { I: ρ (I) ∈ S } be a matrix
Figure BDA00037630442800000512
The row set of the middle corresponding attribute set S; constant if the attribute set S satisfies its access control policy P
Figure BDA00037630442800000513
Satisfy the requirement of
Figure BDA00037630442800000514
Figure BDA00037630442800000515
Is a matrix
Figure BDA00037630442800000516
Row i of (2).
Then, calculating:
Figure BDA00037630442800000517
where τ is the index of the property ρ (i) in S.
(Di,0,Di,1,Di,2) For decrypting the key dkPThe value of the middle corresponding row set I; decryption key dkP={Dτ,0,Dτ,1,Dτ,2}τ∈[l]Corresponding to the entire matrix
Figure BDA00037630442800000621
All the lines need only one of the satisfied sets S for decryption.
The embodiment of the invention has a flow chart, and the specific process is as follows:
1) System initialization algorithm Setup (1)γ,tmax)
First, a security parameter γ and a maximum number of attributes t are selectedmaxThe trusted authority runs the Setup algorithm;
constructing bilinear groups of order prime p
Figure BDA0003763044280000061
And
Figure BDA0003763044280000062
corresponding bilinear mapping as
Figure BDA0003763044280000063
Selecting random numbers
Figure BDA0003763044280000064
And
Figure BDA0003763044280000065
defining a hash function
Figure BDA0003763044280000066
Generate msk = a sum
Figure BDA0003763044280000067
Selecting random numbers
Figure BDA0003763044280000068
Generating a signing key
Figure BDA0003763044280000069
And authentication key
Figure BDA00037630442800000610
And generates a public reference string crs based on the Schnorr non-interactive zero knowledge proof scheme.
Finally, the trusted authority stores the master key mk = (msk, sk), the public system parameter pp = (mpk, vk, crs); all other algorithms implicitly specify pp as input.
2) Encryption key generation
For each sender, an encryption key generation algorithm EKGen (mk, S), an input master key mk and an attribute set S, and an output encryption key ekS
The method specifically comprises the following steps:
first of all, the first step is to, the trusted authority authorizes one attribute set S = { A) thereof1,A2,...,AkAnd running an EKGen algorithm to obtain an encryption key.
In particular, define
Figure BDA00037630442800000611
Selecting random numbers
Figure BDA00037630442800000612
Generating signatures
Figure BDA00037630442800000613
The trusted authority encrypts the key ek through a secure channelSAnd = (= (S, M, σ)) is returned to the sender.
3) Decryption key generation
For each receiver, the trusted authority allows it to flexibly specify an access control policy P for controlling the data flow, inputs a master key mk and the access control policy P, and runs a DKGen (mk, P) algorithm to generate a decryption key.
In particular, given a recipient policy
Figure BDA00037630442800000614
Wherein
Figure BDA00037630442800000615
Is a matrix of l rows and n columns, and random numbers are selected
Figure BDA00037630442800000616
Is provided with
Figure BDA00037630442800000617
Computing
Figure BDA00037630442800000618
Then, a random number is selected
Figure BDA00037630442800000619
For each τ e [ l]And calculating:
Figure BDA00037630442800000620
finally, the trusted authority decrypts the secret key dk through the secure channelP={Dτ,0,Dτ,1,Dτ,2}τ∈[l]And sending the data to a receiving party.
4) Data encryption algorithm Encrypt (ek)SM) input encryption key ekSAnd a message m, outputting the encrypted ciphertext c.
Given plaintext data m, the sender uses an encryption key ekS= (S, M, σ) run Encrypt algorithm to Encrypt data.
First, a random number is selected
Figure BDA0003763044280000071
Calculate C = m · e (g)0,g1)αsAnd
Figure BDA0003763044280000072
for each tau e k]Calculating
Figure BDA0003763044280000073
And
Figure BDA0003763044280000074
to obtain ct = (C, C)0,{Cτ,1,Cτ,2}τ∈[k])。
Secondly, the sender runs the proof algorithm of the Schnorr scheme to calculate the zero knowledge proof pi to prove to the purifier that the sender has the right knowledge
Figure BDA0003763044280000075
Specifically, the sender obtains π through the following four equation proofs.
Figure BDA0003763044280000076
Finally, the sender securely sends the ciphertext c = (ct, π) to the purifier.
5) Ciphertext cleansing
For each ciphertext c = (ct, pi) uploaded, the purifier runs the algorithm saitize (c) to purify. And inputting a ciphertext c associated with the attribute set S, and outputting a purified ciphertext c' if the sender is authorized to write to S, or outputting ^ T.
First, the purifier verifies the zero knowledge proof pi to verify that the sender has the encryption key corresponding to S, and if the verification fails, the ciphertext is discarded.
Then, detecting whether the ciphertext ct is consistent with the attribute set S declared in the received ciphertext; first, it is checked whether | S | = k. Then, for each element
Figure BDA0003763044280000077
Check equation
Figure BDA0003763044280000078
If not, the clarifier discards the ciphertext if it fails.
If all checks pass, the purge ciphertext is calculated as follows:
selecting random numbers
Figure BDA0003763044280000079
Calculating out
Figure BDA00037630442800000710
And for each tau e k]Computing
Figure BDA00037630442800000711
The calculation is as follows:
Figure BDA00037630442800000712
Figure BDA00037630442800000713
finally, the cleaner will clean up the ciphertext C ' = (C ', C '0,{C′τ,1,C′τ,2}τ∈[k]) And uploading to a cloud server.
6) Data decryption
And the receiver receives data from the cloud server in a subscription mode. For the clean ciphertext c', the receiver uses the decryption key dkPRun Decrypt (c', dk)P) Decrypting the plaintext m by the algorithm; inputting the purge ciphertext c' and decryption key dk associated with the attribute set SPIf S meets the strategy P, outputting a plaintext m, otherwise outputting T;
specifically, let I = { I: ρ (I) ∈ S } be LSSS matrix
Figure BDA00037630442800000714
Corresponding to the row set of the attribute set S. If S ∈ P, calculate the constant
Figure BDA00037630442800000715
Satisfy the requirement of
Figure BDA00037630442800000716
Here, the
Figure BDA00037630442800000717
Is a matrix
Figure BDA00037630442800000719
Row i of (2). Then calculate
Figure BDA00037630442800000718
Where τ is the index of the property ρ (i) in S. Finally, the receiver can recover the plaintext m = C'/B.

Claims (5)

1. A data circulation control method based on purifyable attribute encryption in a cloud environment is characterized by comprising the following specific steps:
firstly, building a data circulation control platform comprising a trusted authority, a sender, a purifier, a cloud server and a receiver; the trusted authority generates an encryption key to each sender and generates a matched decryption key to each receiver;
then, the sender processes each data to be sent by using a random message key, then uses an encryption key to package the message key, and finally sends an encrypted ciphertext to the purifier; the purifier checks the encrypted ciphertext, purifies the ciphertext by using a random message key, and uploads the purified ciphertext c' to the cloud server; the cloud server receives and stores the purified ciphertext c' for sending to any subscribed receiver;
finally, the receiver obtains a corresponding decryption key from the trusted authority according to the access control strategy P; and after the purified ciphertext is received from the cloud server, when the attribute set in the ciphertext meets the access control strategy, the plaintext is recovered.
2. The data circulation control method based on decontaminable attribute encryption in the cloud environment of claim 1, wherein the trusted authority generates an encryption key for each sender and a matching decryption key for each receiver; the method specifically comprises the following steps:
for each sender, a trusted authority runs an EKGen algorithm to obtain an encryption key ekS= (S, M, σ), by security passReturning the encryption key to the sender;
S={A1,A2,...,Akis the set of attributes of the input,
Figure FDA0003763044270000011
is the set of all attribute hash values in the attribute set S; σ is the signature on the set of attribute hash values M;
for each recipient, a recipient policy is given
Figure FDA0003763044270000012
Wherein
Figure FDA0003763044270000013
Is a matrix of l rows and n columns, p is a mapping function, and the matrix is
Figure FDA0003763044270000014
Each line in (a) is mapped to an attribute;
the trusted authority runs DKGEN algorithm according to the access control strategy P to generate a decryption key, and the decryption key dk is obtained through the secure channelP={Dτ,0,Dτ,1,Dτ,2}τ∈[l]And sending the data to a receiving party.
3. The data flow control method based on the decontaminable property encryption in the cloud environment according to claim 1, wherein the encrypted ciphertext is c = (ct, pi); the knowledge that pi is zero proves; ct = (C, C)0,{Cτ,1,Cτ,2}τ∈[k]) Is a cipher text for attribute encryption of message, including symmetric encrypted cipher text C of message and access control cipher text (C) generated by attribute set S0,{Cτ,1,Cτ,2}τ∈[k]) And k is the number of attributes in the attribute set S.
4. The data flow control method based on decontaminable attribute encryption in the cloud environment according to claim 1, wherein the process of checking the encrypted ciphertext and purifying the ciphertext by the purifier is as follows:
for each uploaded ciphertext c, firstly, the purifier runs the Sanitize algorithm to verify a zero knowledge proof pi in the ciphertext to verify that the sender has the encryption key corresponding to the attribute set S, and if the verification fails, the ciphertext is discarded;
after the verification is successful, continuously detecting whether the ciphertext ct is consistent with the attribute set S declared in the received ciphertext; if not, the verification fails and the ciphertext is discarded;
when the detection is consistent, the hash value element is used for each attribute of the attribute set S
Figure FDA0003763044270000015
Continue checking if the equation is satisfied:
Figure FDA0003763044270000016
if the cipher text fails, the clarifier discards the cipher text;
g1and w are both open system parameters;
after success, the purifier selects a random value s ' to randomize the original ciphertext ct to obtain a purified ciphertext C ' = (C ', C ') with the same form as the original ciphertext ct '0,{C′τ,1,C′τ,2}τ∈[k])。
5. The data circulation control method based on the decontaminable attribute encryption in the cloud environment according to claim 1, wherein the process of recovering the plaintext by the receiver according to the access control policy P is as follows:
for the clean ciphertext c', the receiver uses the decryption key dkPAnd (5) operating a Decrypt algorithm to Decrypt the plain text:
m=C′/B
Figure FDA0003763044270000021
specifically, let I be a matrix
Figure FDA0003763044270000022
The row set of the middle corresponding attribute set S; when the attribute set S satisfies the access control strategy P, the constant omega is calculatediSatisfy the requirement of
Figure FDA0003763044270000023
Figure FDA0003763044270000024
Is a matrix
Figure FDA0003763044270000025
Row i of (1);
(Di,0,Di,1,Di,2) Is the decryption key.
CN202210877395.8A 2022-07-25 2022-07-25 Data circulation control method based on cleanable attribute encryption in cloud environment Active CN115277171B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210877395.8A CN115277171B (en) 2022-07-25 2022-07-25 Data circulation control method based on cleanable attribute encryption in cloud environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210877395.8A CN115277171B (en) 2022-07-25 2022-07-25 Data circulation control method based on cleanable attribute encryption in cloud environment

Publications (2)

Publication Number Publication Date
CN115277171A true CN115277171A (en) 2022-11-01
CN115277171B CN115277171B (en) 2023-09-29

Family

ID=83770441

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210877395.8A Active CN115277171B (en) 2022-07-25 2022-07-25 Data circulation control method based on cleanable attribute encryption in cloud environment

Country Status (1)

Country Link
CN (1) CN115277171B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015200196A1 (en) * 2014-06-25 2015-12-30 Sypris Electronics, Llc System and device binding metadata with hardware intrinsic properties
CN108880796A (en) * 2018-06-25 2018-11-23 电子科技大学 It is a kind of for server efficiently based on the outsourcing decryption method of encryption attribute algorithm
CN109768858A (en) * 2018-12-26 2019-05-17 西安电子科技大学 Based on the encryption attribute access control system more authorized and design method under cloud environment
CN109831430A (en) * 2019-01-30 2019-05-31 中国科学院信息工程研究所 Safely controllable efficient data sharing method and system under a kind of cloud computing environment
US20200007318A1 (en) * 2018-06-29 2020-01-02 International Business Machines Corporation Leakage-deterring encryption for message communication
CN112637278A (en) * 2020-12-09 2021-04-09 云南财经大学 Data sharing method and system based on block chain and attribute-based encryption and computer readable storage medium
WO2021190450A1 (en) * 2020-03-23 2021-09-30 齐鲁工业大学 Multi-attribute mechanism attribute-based encryption method with tracking for cloud-assisted internet of things
US20210374265A1 (en) * 2020-06-02 2021-12-02 Nikolay GIGOV Methods and systems for secure data sharing with granular access control
CN113810410A (en) * 2021-09-16 2021-12-17 东莞职业技术学院 Unmisuse key decentralized attribute-based encryption method, system and storage medium

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015200196A1 (en) * 2014-06-25 2015-12-30 Sypris Electronics, Llc System and device binding metadata with hardware intrinsic properties
CN108880796A (en) * 2018-06-25 2018-11-23 电子科技大学 It is a kind of for server efficiently based on the outsourcing decryption method of encryption attribute algorithm
US20200007318A1 (en) * 2018-06-29 2020-01-02 International Business Machines Corporation Leakage-deterring encryption for message communication
CN109768858A (en) * 2018-12-26 2019-05-17 西安电子科技大学 Based on the encryption attribute access control system more authorized and design method under cloud environment
CN109831430A (en) * 2019-01-30 2019-05-31 中国科学院信息工程研究所 Safely controllable efficient data sharing method and system under a kind of cloud computing environment
WO2021190450A1 (en) * 2020-03-23 2021-09-30 齐鲁工业大学 Multi-attribute mechanism attribute-based encryption method with tracking for cloud-assisted internet of things
US20210374265A1 (en) * 2020-06-02 2021-12-02 Nikolay GIGOV Methods and systems for secure data sharing with granular access control
CN112637278A (en) * 2020-12-09 2021-04-09 云南财经大学 Data sharing method and system based on block chain and attribute-based encryption and computer readable storage medium
CN113810410A (en) * 2021-09-16 2021-12-17 东莞职业技术学院 Unmisuse key decentralized attribute-based encryption method, system and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
傅镜艺: "基于Android 的移动终端安全管理系统", 计算机工程 *
霍成义;: "云计算中属性基加密机制研究", 信息安全研究, no. 08 *

Also Published As

Publication number Publication date
CN115277171B (en) 2023-09-29

Similar Documents

Publication Publication Date Title
WO2021042685A1 (en) Transaction method, device, and system employing blockchain
US7634085B1 (en) Identity-based-encryption system with partial attribute matching
Li et al. Oblivious signature-based envelope
CN114157427B (en) SM2 digital signature-based threshold signature method
CN104767612B (en) It is a kind of from the label decryption method without certificate environment to PKIX environment
US20100098253A1 (en) Broadcast Identity-Based Encryption
US11870891B2 (en) Certificateless public key encryption using pairings
GB2490407A (en) Joint encryption using base groups, bilinear maps and consistency components
CN104767611B (en) It is a kind of from PKIX environment to the label decryption method without certificate environment
CN106713349B (en) Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text
Watanabe et al. Efficient asymmetric public-key traitor tracing without trusted agents
CA2819211A1 (en) Data encryption
CN117201132A (en) Multi-committee attribute base encryption method capable of achieving complete decentralization and application of multi-committee attribute base encryption method
Wang et al. Identity-based matchmaking encryption with stronger security and instantiation on lattices
Mu et al. Delegated decryption
CN116743358A (en) Repudiation multi-receiver authentication method and system
CN115277171B (en) Data circulation control method based on cleanable attribute encryption in cloud environment
Basu et al. Secured hierarchical secret sharing using ECC based signcryption
Safavi-Naini et al. Broadcast authentication for group communication
Chander The state-of-the-art cryptography techniques for secure data transmission
Yuen et al. Towards a cryptographic treatment of publish/subscribe systems
CN114070549A (en) Key generation method, device, equipment and storage medium
Yap et al. On the security of a lightweight authentication and encryption scheme for mobile ad hoc network
JPH06112935A (en) Ciphering communication method
Tseng et al. An efficient anonymous key agreement protocol based on chaotic maps

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant