CN115459948A - Ciphertext strategy attribute-based encryption method supporting cloud audit and strategy hiding - Google Patents

Ciphertext strategy attribute-based encryption method supporting cloud audit and strategy hiding Download PDF

Info

Publication number
CN115459948A
CN115459948A CN202210927558.9A CN202210927558A CN115459948A CN 115459948 A CN115459948 A CN 115459948A CN 202210927558 A CN202210927558 A CN 202210927558A CN 115459948 A CN115459948 A CN 115459948A
Authority
CN
China
Prior art keywords
attribute
ciphertext
user
data
policy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210927558.9A
Other languages
Chinese (zh)
Inventor
王会勇
梁佳玲
丁勇
唐士杰
王继奎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guilin University of Electronic Technology
Original Assignee
Guilin University of Electronic Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guilin University of Electronic Technology filed Critical Guilin University of Electronic Technology
Priority to CN202210927558.9A priority Critical patent/CN115459948A/en
Publication of CN115459948A publication Critical patent/CN115459948A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing

Abstract

The invention relates to the technical field of encryption, in particular to a ciphertext policy attribute based encryption method supporting cloud audit and policy hiding.

Description

Ciphertext strategy attribute-based encryption method supporting cloud audit and strategy hiding
Technical Field
The invention relates to the technical field of encryption, in particular to a ciphertext strategy attribute-based encryption method supporting cloud audit and strategy hiding.
Background
In 2005, sahai and Waters presented the concept of obfuscating identities, which can be said to be the original form of attribute encryption. In 2007, bethenconort et al put forward a ciphertext policy attribute based encryption scheme for the first time on the basis. In the scheme, a private key of a user is generated according to an attribute set of the user, and a ciphertext policy is expressed as an access tree and is deployed in a ciphertext. And if and only if the attribute set of the user meets the ciphertext strategy in the ciphertext, the user can decrypt the ciphertext, so that the confidentiality of the data is ensured. In 2009, nishide et al proposed a strategy-hidden CP-ABE scheme for the first time, but the scheme only supports an AND gate access structure, the expression capability is weak, the key length increases linearly with the number of attributes, and the overhead is large. And then, song dynasty et al apply the idea of linear secret sharing to the CP-ABE scheme, and hide attribute values to realize strategy hiding. In 2015, hur et al proposed a CP-ABE supporting any monotone access structure by using one-way anonymous key agreement, which only achieved security under general group mode. In 2017, yangital et al implemented policy hiding using bloom filtering technology based on Waters' scheme, which did not propose formal security certification. In 2021, zeng et al proposed an attribute-based encryption scheme supporting large attribute and access policy hiding in conjunction with an application scenario of the medical cloud. However, in the existing ciphertext policy attribute-based encryption method, a ciphertext policy attribute-based encryption method which simultaneously supports cloud audit and policy hiding does not exist.
The ciphertext strategy attribute-based encryption has flexible fine-grained access control characteristics, so that the ciphertext strategy attribute-based encryption has a good application prospect in the field of data sharing. Based on the ciphertext policy's attribute-based encryption scheme (CP-ABE), a data owner may specify that only data users possessing a particular attribute may access their personal data by specifying an access policy. However, in the conventional (CP-ABE) scheme, the access policy is hidden in the ciphertext data in the form of plaintext, and if some sensitive information is contained in the ciphertext data, for example, in a medical scene, the access policy may bring a safety hazard to a patient. Assuming a patient has data that is only accessible to oncologists, it can be inferred that the patient may have a neoplastic disease. Therefore, in order to avoid a malicious user to deduce important messages through a policy, an attribute-based encryption mechanism of a hidden ciphertext policy needs to be researched. Secondly, after the data is encrypted, the data is outsourced to the cloud, and the user loses direct control over the data. If the cloud service provider intentionally deletes some unused data in order to save storage space, the integrity of the data may be destroyed.
Disclosure of Invention
The invention aims to provide a ciphertext strategy attribute-based encryption method supporting cloud audit and strategy hiding, and the ciphertext strategy attribute-based encryption method has ciphertext strategy attribute encryption attributes of strategy hiding outsourcing decryption and public audit, and solves the technical problem that the existing ciphertext strategy attribute-based encryption scheme does not support cloud audit.
In order to achieve the aim, the invention provides a ciphertext strategy attribute-based encryption method supporting cloud audit and strategy hiding, which comprises the following steps of:
the attribute authority CA generates public parameters of the system;
the data owner Do and the user Du are registered, and the attribute authority CA distributes a user private key;
the data owner Do encrypts data;
the cloud service provider CSP executes outsourcing decryption and outputs a part of decrypted ciphertext;
the user Du decrypts according to the partial decryption ciphertext;
and carrying out cloud audit by an auditor.
The system architecture of the ciphertext strategy attribute-based encryption method supporting cloud audit and strategy hiding comprises an attribute authorization center CA, a data owner Do, a cloud service provider CSP, a user Du and an auditor, wherein the attribute authorization center CA is responsible for generating a public key, a main key and a public parameter of the system and distributing an attribute key for the attribute of the user, the data owner Do is responsible for customizing an access strategy to encrypt a shared file and uploading a ciphertext to the cloud service provider CSP, the cloud service provider CSP is responsible for cloud storage and partial decryption, the user Du is responsible for decryption, and the auditor is responsible for verifying the integrity of data.
Wherein, belong toIn the process of generating public parameters of a system by a CA (certificate authority), firstly, a security parameter lambda is input, and a bilinear mapping e: GXG → G is defined T Wherein G, G T Is of two orders N = p 1 p 2 p 3 p 4 The attribute authority CA selects random parameters
Figure BDA0003780203950000021
Figure BDA0003780203950000022
Computing
Figure BDA0003780203950000023
H = hZ, the attribute authority CA defines an anti-collision hash function: h 1 :{0,1} * →Z N Finally, the common parameters of the system Par = (N, g) are calculated a ,Y,H,X 4 ) And a master private key
Figure BDA0003780203950000024
Wherein, the data owner Do and the user Du are registered, the process of distributing the user private key by the attribute authority CA, specifically, the data owner Do or the user Du sends the own identity id i And attribute set
Figure BDA0003780203950000025
Figure BDA0003780203950000031
To an attribute authority CA, wherein
Figure BDA0003780203950000032
The attribute authority CA then generates the user private key.
In the process of encrypting data by the data owner Do, the data is encrypted by the data owner Do, a ciphertext is divided into data blocks, and each data block is generated with verifiable metadata.
In the process of executing outsourcing decryption by the cloud service provider CSP, a conversion key and a retrieval key are generated by the data owner Do, the conversion key is sent to the cloud service provider CSP, and most of decryption work is executed by the cloud service provider CSP.
The user Du decrypts the ciphertext according to the partial decrypted ciphertext, specifically, after receiving the partial decrypted ciphertext, the user Du performs decryption operation, and if plaintext data M is output, the decryption is successful; otherwise, decryption fails.
The method comprises the steps that in the cloud auditing process of an auditor, an auditing request is sent to the auditor by a data owner Do, the auditor firstly verifies the identity of the data owner Do and then sends an auditing challenge to a Cloud Service Provider (CSP), the Cloud Service Provider (CSP) sends an evidence to the auditor, and the auditor verifies the evidence and adds an auditing result to send the evidence to the data owner Do.
The invention provides a ciphertext strategy attribute-based encryption method supporting cloud audit and strategy hiding, which constructs a scheme supporting access strategy hiding, outsourcing decryption and cloud audit on a bilinear group based on a CP-ABE ciphertext strategy attribute encryption technology, prevents data from being damaged and data privacy from leaking in the storage and sharing processes, realizes fine-grained access control of the data and reduces the calculation overhead, and introduces a third party auditor, and judges the integrity of the data by verifying aggregation metadata corresponding to ciphertext data blocks in CSP.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic flowchart of a ciphertext policy attribute-based encryption method supporting cloud audit and policy hiding according to the present invention.
Fig. 2 is a schematic system structure diagram of a ciphertext policy attribute-based encryption method supporting cloud audit and policy hiding according to the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
Some of the nouns or term explanations for the design of the examples of the present invention are detailed in the following table:
Figure BDA0003780203950000041
referring to fig. 1, the present invention provides a ciphertext policy attribute based encryption method supporting cloud audit and policy hiding, including the following steps:
s1: the attribute authority CA generates public parameters of the system;
s2: the data owner Do and the user Du are registered, and the attribute authority CA distributes a user private key;
s3: the data owner Do encrypts data;
s4: the cloud service provider CSP executes outsourcing decryption and outputs a part of decrypted ciphertext;
s5: the user Du decrypts according to the partial decryption ciphertext;
s6: and carrying out cloud audit by an auditor.
The specific system architecture is shown in fig. 2:
(1) The attribute authority CA is a fully trusted entity responsible for generating the public key, the master key and the public parameters of the system. In addition, it is responsible for distributing attribute keys for attributes of users.
(2) The data owner Do can encrypt the shared file by a user-defined access strategy and upload the ciphertext to the cloud server.
(3) The user Du has a private key associated with its attributes. When the attribute satisfies the access policy embedded in the ciphertext, the user Du can successfully decrypt.
(4) The cloud service provider CSP, which is responsible for storing the ciphertext data of the data owner Do and performing part of the decryption work, has a large amount of computing and storage resources.
(5) The auditor is a completely trusted third party and is mainly responsible for verifying the integrity of data in the CSP of the cloud service provider and returning an audit result to execution.
The following is further described in conjunction with specific implementation steps:
s1: the attribute authority CA generates public parameters of the system;
firstly, a security parameter lambda is input, and a bilinear mapping e: GXG → G is defined T Wherein G, G T Is of two orders N = p 1 p 2 p 3 p 4 The attribute authority CA selects random parameters
Figure BDA0003780203950000051
Figure BDA0003780203950000052
Computing
Figure BDA0003780203950000053
H = hZ, the attribute authority CA defines an anti-collision hash function: h 1 :{0,1} * →Z N Finally, the common parameters of the system Par = (N, g) are calculated a ,Y,H,X 4 ) And a master private key
Figure BDA0003780203950000054
S2: the data owner Do and the user Du are registered, and the attribute authority CA distributes a user private key;
first, the data owner Do or the user Du sends its own identity id i And attribute set
Figure BDA0003780203950000055
To CA in which
Figure BDA0003780203950000056
The CA then generates the user's private key by the following two steps.
Step 2.1: CA random selection
Figure BDA0003780203950000057
The private key of the user is calculated as follows:
Figure BDA0003780203950000058
wherein
Figure BDA0003780203950000059
Step 2.2: CA randomly selects alpha epsilon Z N Signature private key ssk of calculation data block F i =g α Public key
Figure BDA00037802039500000510
And F is more than or equal to 1 and less than or equal to M, and then the signature private key is sent to the corresponding user through the secure channel.
S3: the data owner Do encrypts data;
at this stage, data owner Do encrypts data, divides ciphertext into data blocks, and generates a verifiable metadata for each data block, mainly through the following two steps:
step 3.1: the data owner Do first defines an access structure T = (a, ρ, τ), where a is an m × n matrix and the mapping function ρ is to map each row a of a x Mapping to an attribute name, attribute value
Figure BDA0003780203950000061
Figure BDA0003780203950000062
Data owner Do selects random vectors
Figure BDA0003780203950000063
For x ≦ l of 1 ≦ x, do randomly selects parameters
Figure BDA0003780203950000064
Finally, the ciphertext is computed as follows:
CT=((A,ρ),C 0 ,C 1 ,{C 0,x ,D 0,x } 1≤x≤l )
wherein C is 0 =MY s ,C 1 =g s
Figure BDA0003780203950000065
Step 3.2: the data owner Do divides the ciphertext CT into n blocks, such that each block contains c data CTs j,l I.e. CT = { CT = { CT j,l : j is more than or equal to 1 and less than or equal to n, and l is more than or equal to 1 and less than or equal to c }. Do selects a random identifier fid to define a data file r 0 If CT | | fid | | c | |, the signature algorithm S = < Kgen, sig, vrf >, and the generated data label r = r | 0 ||S.Sig(r 0 ,ssk i ) For each data block CT j Calculating the metadata r j =(H 1 (fid||j)·g c
Finally, the data owner Do will process the ciphertext CT' = { CT } j ,r j : j is more than or equal to 1 and less than or equal to n, and the data is sent to a cloud service provider CSP.
S4: the cloud service provider CSP executes outsourcing decryption and outputs a part of decrypted ciphertext;
the user Du selects a random value Z ∈ Z N Calculating a conversion key of
Figure BDA0003780203950000066
Figure BDA0003780203950000067
The retrieval key is TK = { z }. Du sends the conversion key to CSP, CSP calculates
Figure BDA0003780203950000068
Wherein μ = H 1 (K 1 ,K 2 ) When the user's attributes satisfy the set access structure, i.e. sigma x∈I ω x A x =(1,0,...,0),
Figure BDA0003780203950000069
When there is
Figure BDA00037802039500000610
Finally, the cloud service provider CSP outputs a partial decrypted ciphertext CT = { E ″ 0 =C 0 ,E=Y sz }。
S5: the user Du decrypts according to the partial decryption ciphertext;
after receiving the partially decrypted ciphertext CT', the user Du calculates
Figure BDA00037802039500000611
If the plaintext data M is output, the decryption is successful; otherwise, decryption fails.
S6: and carrying out cloud audit by an auditor.
(1) After receiving an audit request of a data owner Do, the auditor verifies whether the signature r is correct or not a priori. If the verification fails, the algorithm terminates execution. Otherwise, the auditor randomly selects a set phi epsilon [1,n ]]For each i e phi, a random value lambda is selected i ∈Z N . Finally, challenge PV = { (i, λ) i ) And i ∈ Φ } is sent to the cloud service provider CSP.
(2) After receiving the challenge, the CSP calculates according to the stored ciphertext CT
Figure BDA0003780203950000071
And finally outputting evidence BV = { delta, phi }.
(3) Upon receipt of evidence, the auditor verifies the equation
Figure BDA0003780203950000072
If yes, outputting 1, which means that the data is complete; otherwise, 0 is output.
In summary, the ciphertext policy attribute-based encryption method supporting cloud audit and policy hiding provided by the invention has the following advantages:
(1) And constructing an access strategy by adopting a linear secret sharing (LSSS) matrix by using an attribute-based encryption technology based on a ciphertext strategy. Meanwhile, the attribute is divided into an attribute name and an attribute value, the attribute value is hidden, and any valuable attribute information in the access strategy can not be disclosed to an unauthorized receiver.
(2) In the aspect of reducing the calculation overhead, the method adopts an outsourcing decryption technology to deliver part of decryption calculation to the cloud server, so that data users meeting the access strategy can decrypt the decryption calculation only by performing constant level operation, and the decryption calculation is efficient and rapid.
(3) Considering that the cloud server is "hidden", data on the cloud server may be lost or damaged due to software and hardware errors of the cloud server. In addition, the cloud server may forge the ciphertext or directly send the wrong decryption result to the user, so as to save the computing overhead. Therefore, a third party auditor is introduced in the method, and the auditor judges the integrity of the data by verifying the aggregation metadata corresponding to the ciphertext data block in the CSP.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (8)

1. A ciphertext strategy attribute-based encryption method supporting cloud audit and strategy hiding is characterized by comprising the following steps of:
the attribute authority CA generates public parameters of the system;
the data owner Do and the user Du are registered, and the attribute authority CA distributes a user private key;
the data owner Do encrypts the data;
the cloud service provider CSP executes outsourcing decryption and outputs a part of decrypted ciphertext;
the user Du decrypts according to the partial decryption ciphertext;
and carrying out cloud audit by an auditor.
2. The ciphertext policy attribute-based encryption method supporting cloud auditing and policy hiding according to claim 1,
the system architecture of the ciphertext strategy attribute-based encryption method supporting cloud audit and strategy hiding comprises an attribute authorization center CA, a data owner Do, a cloud service provider CSP, a user Du and an auditor, wherein the attribute authorization center CA is responsible for generating a public key, a main key and a public parameter of the system and distributing an attribute key for the attribute of the user, the data owner Do is responsible for customizing an access strategy to encrypt a shared file and upload a ciphertext to the cloud service provider CSP, the cloud service provider CSP is responsible for cloud storage and partial decryption, the user Du is responsible for decryption, and the auditor is responsible for verifying the integrity of data.
3. The ciphertext policy attribute-based encryption method supporting cloud auditing and policy hiding according to claim 1,
in the process of generating public parameters of a system by an attribute authority (CA), firstly, a security parameter lambda is input, and a bilinear mapping e: GXG → G is defined T Wherein G, G T Is of two orders N = p 1 p 2 p 3 p 4 The attribute authority CA selects random parameters
Figure FDA0003780203940000013
Calculating parameters
Figure FDA0003780203940000014
H = hZ, the attribute authority CA defines an anti-collision hash function: h 1 :{0,1} * →Z N Finally, the common parameters of the system Par = (N, g) are calculated a ,Y,H,X 4 ) And a master private key
Figure FDA0003780203940000011
4. The ciphertext policy attribute-based encryption method supporting cloud auditing and policy hiding according to claim 1,
the data owner Do and the user Du are registered, the process of distributing the private key of the user by the attribute authorization center CA is specifically to send the identity id of the data owner Do or the user Du i And attribute set
Figure FDA0003780203940000012
Giving the attribute authority CA in which the attribute name
Figure FDA0003780203940000022
Attribute value
Figure FDA0003780203940000021
The attribute authority CA then generates the user private key.
5. The ciphertext policy attribute-based encryption method supporting cloud auditing and policy hiding according to claim 1,
and in the process of encrypting the data by the data owner Do, dividing the ciphertext into data blocks, and generating verifiable metadata for each data block.
6. The ciphertext policy attribute-based encryption method supporting cloud auditing and policy hiding according to claim 1,
in the process of carrying out outsourcing decryption by the cloud service provider CSP, a conversion key and a retrieval key are generated by the data owner Do, the conversion key is sent to the cloud service provider CSP, and most of decryption work is carried out by the cloud service provider CSP.
7. The ciphertext policy attribute-based encryption method supporting cloud auditing and policy hiding according to claim 1,
the user Du decrypts the ciphertext according to the partial decrypted ciphertext, specifically, after receiving the partial decrypted ciphertext, the user Du performs decryption operation, and if plaintext data M is output, the decryption is successful; otherwise, decryption fails.
8. The ciphertext policy attribute-based encryption method supporting cloud auditing and policy hiding according to claim 1,
in the cloud auditing process of the auditor, initiating an auditing request to the auditor by the data owner Do, firstly, verifying the identity of the data owner Do by the auditor, then, initiating an auditing challenge to the cloud service provider CSP, sending the evidence to the auditor by the cloud service provider CSP, verifying the evidence by the auditor, and sending the auditing result to the data owner Do.
CN202210927558.9A 2022-08-03 2022-08-03 Ciphertext strategy attribute-based encryption method supporting cloud audit and strategy hiding Pending CN115459948A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210927558.9A CN115459948A (en) 2022-08-03 2022-08-03 Ciphertext strategy attribute-based encryption method supporting cloud audit and strategy hiding

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210927558.9A CN115459948A (en) 2022-08-03 2022-08-03 Ciphertext strategy attribute-based encryption method supporting cloud audit and strategy hiding

Publications (1)

Publication Number Publication Date
CN115459948A true CN115459948A (en) 2022-12-09

Family

ID=84296945

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210927558.9A Pending CN115459948A (en) 2022-08-03 2022-08-03 Ciphertext strategy attribute-based encryption method supporting cloud audit and strategy hiding

Country Status (1)

Country Link
CN (1) CN115459948A (en)

Similar Documents

Publication Publication Date Title
CN108881314B (en) Privacy protection method and system based on CP-ABE ciphertext under fog computing environment
CN112019591B (en) Cloud data sharing method based on block chain
CN109040045B (en) Cloud storage access control method based on ciphertext policy attribute-based encryption
Das et al. Multiauthority CP-ABE-based access control model for IoT-enabled healthcare infrastructure
Zuo et al. Fine-grained two-factor protection mechanism for data sharing in cloud storage
CN111130757A (en) Multi-cloud CP-ABE access control method based on block chain
CN108600171B (en) Cloud data deterministic deletion method supporting fine-grained access
Liu et al. Verifiable attribute-based keyword search over encrypted cloud data supporting data deduplication
CN114039790B (en) Fine-grained cloud storage security access control method based on blockchain
Ying et al. Adaptively secure ciphertext-policy attribute-based encryption with dynamic policy updating
US11212082B2 (en) Ciphertext based quorum cryptosystem
CN113411323B (en) Medical record data access control system and method based on attribute encryption
Ming et al. Efficient revocable multi-authority attribute-based encryption for cloud storage
Wang et al. Ciphertext-policy attribute-based encryption supporting policy-hiding and cloud auditing in smart health
Kaaniche et al. Cloudasec: A novel public-key based framework to handle data sharing security in clouds
CN112260829A (en) Multi-authorization-based CP-ABE method for supporting mobile equipment under hybrid cloud
CN114650137A (en) Decryption outsourcing method and system supporting strategy hiding based on block chain
Chaudhary et al. RMA-CPABE: A multi-authority CPABE scheme with reduced ciphertext size for IoT devices
Lv et al. Efficiently attribute-based access control for mobile cloud storage system
CN113792315B (en) Cloud data access control method and control system supporting block-level encryption deduplication
CN115361126A (en) Encryption method and system capable of verifying partial strategy hiding attribute of outsourcing
Malarvizhi et al. Secure file sharing using cryptographic techniques in cloud
Wu et al. A trusted and efficient cloud computing service with personal health record
CN115459948A (en) Ciphertext strategy attribute-based encryption method supporting cloud audit and strategy hiding
CN113965320A (en) Ciphertext strategy attribute encryption method supporting quick revocation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination