CN116366320A - Distributed attribute base encryption method based on block chain revocation - Google Patents

Distributed attribute base encryption method based on block chain revocation Download PDF

Info

Publication number
CN116366320A
CN116366320A CN202310289399.9A CN202310289399A CN116366320A CN 116366320 A CN116366320 A CN 116366320A CN 202310289399 A CN202310289399 A CN 202310289399A CN 116366320 A CN116366320 A CN 116366320A
Authority
CN
China
Prior art keywords
attribute
key
data
ciphertext
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310289399.9A
Other languages
Chinese (zh)
Inventor
马海英
杨及坤
李金舟
杨天玲
沈金宇
黄双龙
曹东杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nantong University
Original Assignee
Nantong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nantong University filed Critical Nantong University
Priority to CN202310289399.9A priority Critical patent/CN116366320A/en
Publication of CN116366320A publication Critical patent/CN116366320A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a distributed attribute-based encryption method based on a block chain revocation, and belongs to the technical fields of block chains, the Internet of things, data sharing and attribute-based encryption (ABE). The technical problem of privacy disclosure in the data sharing scene of the Internet of things is solved. The technical proposal is as follows: the method comprises the following steps: s10, establishing a system; s20, initializing an authority mechanism; s30, registering a user; s40, generating a user attribute private key; s50, encrypting data; s60, data access; s70, user attribute revocation. The beneficial effects of the invention are as follows: and 3, fine granularity safe sharing of the data of the Internet of things is realized by using the block chain and the distributed multi-authority ABE, forward and backward safety of the shared data during attribute revocation is realized, and the attribute revocation efficiency is improved.

Description

Distributed attribute base encryption method based on block chain revocation
Technical Field
The invention relates to the technical fields of blockchain, internet of things, data sharing and attribute-based encryption, in particular to a distributed attribute-based encryption method based on blockchain revocation.
Background
With the rapid development of access and 5G technology of mass terminal devices, internet of things (IoT) has become an indispensable part of people's daily life, complements and supplements technologies such as edge computing and artificial intelligence, and plays an important role in typical applications such as industrial automation, transportation, energy systems and medical care in academia and industry. The world wide internet of things device count by Statista predicted to reach 750 billion by 2025, which produced IoT data of approximately 79.4ZB. While these IoT data often have a certain value, such as patient data collected by medical wearable devices, the accuracy of medical services can be improved. Most of the bottom layers of the existing internet of things application programs are deployed based on data sharing, the internet of things application programs collect internet of things (IoT) data through intelligent sensors and upload the internet of things data to a cloud server, and the cloud server stores and shares the IoT data. At present, ioT data sharing has penetrated into various fields of smart home, smart medical treatment, smart education and the like, and is gradually changing the industrial structure and the economic growth mode, so that the IoT data sharing has important strategic significance and social and economic values. However, ioT data often contains private information of users, which once compromised can pose a serious threat to the security of an individual's property or country. Therefore, how to construct a safe data sharing platform in the environment of the Internet of things has important practical significance.
The advent of attribute-based encryption (ABE) provides a viable solution for secure sharing of IoT data. ABE makes ciphertext and secret key associated with attribute set and access structure, and decryption can be successful only when attribute set satisfies access structure, so as to ensure confidentiality of data. The ABE scheme has the following 4 features: firstly, the data provider only needs to encrypt data according to the attribute, does not need to pay attention to the identity of the user, reduces encryption calculation overhead and protects user privacy; secondly, the user meeting the access control strategy can correctly decrypt the ciphertext, so that the confidentiality of the data is ensured; thirdly, the user key is related to the embedded random number, and keys of different users cannot be combined, so that collusion attack among malicious users is prevented; and fourthly, the ABE mechanism supports a flexible access control strategy and can realize AND, OR, NOT and threshold operation of the attribute. The flexibility, high efficiency and collusion resistance of the ABE enable the ABE to have good application prospects in the fields of fine-grained access control, privacy protection and the like.
The ABE scheme originally proposed can only support a threshold access control policy. To more flexibly represent access control policies, scholars of Bethencourt et al have proposed ciphertext policy attribute-based encryption (CP-ABE). In the CP-ABE scheme, a private key is associated with a set of attributes, and ciphertext is associated with an access control policy. The data provider, in order to share IoT data to people with certain attributes, needs to formulate a corresponding access control policy and embed the policy into the ciphertext. Other users want to acquire the shared data, and then the access control strategy of the ciphertext is satisfied by the attribute of the users, so that the ciphertext can be decrypted. Therefore, the CP-ABE is more suitable for fine-grained secure sharing of data in the environment of the Internet of things. However, the conventional CP-ABE scheme requires a trusted key generation center to manage keys, and generation, distribution and revocation of user attribute private keys are excessively dependent on the key generation center, and when security problems occur in the key generation center, security of the system is seriously threatened.
To improve the security issues of key generation centers, researchers have proposed some blockchain-based data sharing schemes. The blockchain is a distributed account book with a chained structure, integrates the technologies of distributed data storage, a cryptographic algorithm, a peer-to-peer network, a consensus mechanism and the like, and brings hopes for solving the trust problem of a key distribution center and the transparent data sharing process. By means of a consensus mechanism and a distributed data storage technology, the blockchain can provide traceable basis for the generation, distribution and revocation processes of the private key of the user attribute, and absolute trust of a key generation center is reduced. The blockchain can also solve the policy matching problem in the sharing process by utilizing the intelligent contract, and the data provider writes the logic of the policy matching into the intelligent contract so as to automatically execute the policy matching under a specific scene, thereby improving the sharing efficiency and simplifying the sharing process. In addition, the blockchain plays an important role in the transparent sharing process, and compared with the traditional sharing platform, the sharing process recorded in the blockchain is more authentic and reliable. The blockchain ensures the non-falsification of the data by utilizing the cryptography principle, the time stamp and other technologies, and helps each entity in the system establish trust. Therefore, the blockchain is used for storing data in the data sharing scene of the Internet of things, so that fairness, fairness and disclosure of the data sharing process can be ensured.
However, data access is not static and the rights of the user to access the data need to be continually adjusted as the user's attributes change dynamically. Thus, it would be a basic need to support user attribute revocation by which revoked users are prevented from decrypting data ciphertext. Considering that the revoked user may retain the old decryption key, the ciphertext and the key may still need to be updated when the attribute revocation is performed, so that the forward and backward security of the data sharing can be ensured. Therefore, how to realize fine-grained secure sharing of data by using technologies such as blockchain and distributed CP-ABE while guaranteeing IoT data sharing security has important practical significance.
Disclosure of Invention
The invention aims to provide a distributed attribute-based encryption method based on the revocation of a blockchain, which ensures the disclosure, transparency and traceability of a data sharing process in an Internet of things environment by utilizing the blockchain and an attribute-based encryption algorithm, effectively prevents unauthorized users from accessing data, maintains the safety of the shared data, wraps part of decryption computation of the users to a cloud server, greatly reduces the computation cost of the users and improves the operation efficiency of a system.
The invention is characterized in that: the invention provides a distributed attribute-based encryption method based on a block chain revocation, which comprises the steps of firstly, globally initializing a system, constructing the block chain by a system administrator, and generating global public parameters; each authority calculates a corresponding attribute public-private key pair according to the range of the jurisdiction attribute of the authority; a system administrator generates an identity public-private key pair and a digital certificate for a legal user; the authority calculates a corresponding attribute private key for a legal user according to the attribute set governed by the authority; the data provider formulates and encrypts the data of the Internet of things to be shared by utilizing an access control strategy, and uploads the ciphertexts to a cloud server; the data applicant downloads ciphertext of the internet of things data from the cloud server, and can decrypt and obtain shared data only when the attribute set of the user meets the access control strategy of the ciphertext; when one or more attributes of the user are revoked, the data provider needs to update the ciphertext and the data applicant needs to update the attribute private key.
In order to achieve the aim of the invention, the invention adopts the technical scheme that: a distributed attribute-based encryption method based on block chain revocation includes the following steps:
S10, establishing a system, constructing a blockchain by a platform supervisor PS, generating a public parameter CP, and obtaining a corresponding wallet address and public-private key pair (sk) 0 ,pk 0 ). PS will CP and public Key pk 0 Recorded on an created block of the blockchain.
S20, initializing authority mechanisms, and designating a jurisdictional attribute set for each legal authority mechanism AM by the platform supervisor PS. The AM randomly selects two numbers as own private key and version private key of self-managed attribute respectively, and then reads public key pk of public parameters CP and PS from block chain 0 And calculating and obtaining an attribute public key of the administered attribute and an own authorized public key. The AM records the set of attribute public keys, the attribute hash value, and the authorized public key into the blockchain.
S30, registering the user, wherein the user applies for registration to a platform supervisor PS, the PS calculates a public and private key pair and a verification certificate for a legal user, and the public key of the user is used as a transaction record to the blockchain.
S40, generating a user attribute private key, and countingAccording to the application of the attribute private key from the user DU to the authority mechanism AM, the AM verifies the identity of the DU and calculates the attribute private key ask for the legal DU k,j,i . The AM encrypts the attribute private key set by utilizing the public key of the DU and the RSA encryption algorithm, and uploads the list recorded with the attribute private key ciphertext to the blockchain. The DU may obtain the ciphertext of the attribute private key from the blockchain according to the index of the transaction record, and then obtain the attribute private key by decrypting the ciphertext.
S50, data encryption, namely, randomly selecting a session key kappa by a data provider DP, encrypting the internet of things data M to be shared by using an AES symmetric encryption algorithm to obtain a data ciphertext DCT, and then formulating a corresponding access control strategy according to the application range of M
Figure SMS_1
The DP reads a public key set related to the access control strategy from the blockchain, encrypts a session key kappa, calculates a key ciphertext KCT, and then the DP uploads the KCT to the cloud server.
S60, data access, namely, a data user DU calls a strategy matching function to obtain a key ciphertext KCT from a cloud server, and the ciphertext can be decrypted only when the attribute of the DU meets the access control strategy of the ciphertext. First, DU calculates decryption factor df by ciphertext component in KCT j The method comprises the steps of carrying out a first treatment on the surface of the The cloud server then utilizes df j The method comprises the steps of collecting a public key and an attribute private key of a DU, and calculating to obtain a conversion ciphertext CTc; and finally, the DU uses the private key of the DU to decrypt the CTc, recovers the session key kappa, and uses kappa to decrypt the data ciphertext DCT to obtain the shared data M.
S70, user attribute withdrawal, when the authority AM withdraws one or more attributes of the data user DU, the AM invokes a strategy matching algorithm to screen out a session key secret corpus { KCT (key agreement) which needs to be updated x Related data provider DP and data consumer DU. The AM running algorithm calculates to obtain the new attribute public key, ciphertext update key CUK, and key update key KUK. The AM sends the CUK to the DP, which needs to update the ciphertext, over the secure channel, recording KUK into the blockchain. DP updates the corresponding key ciphertext using CUK and the non-revoked user updates its own attribute private key using KUK.
The block chain-based data fine granularity secure sharing method for the Internet of things mainly comprises the following steps: system administrators, data providers, data applicants, authorities, blockchains, cloud servers.
Further, the step S10 includes:
s101, platform supervisor PS builds block chain
Figure SMS_2
For which a unique identity id is selected PS Generate public-private key pair { sk } 0 ,pk 0 };
S102, inputting a safety parameter lambda by a platform supervisor PS, and selecting an order of N=p 1 p 2 p 3 Bilinear group G of (1), where p 1 ,p 2 ,p 3 Is three different large primes, a hash function H {0,1} → G is selected, and the function can map the attribute to the elements in the group G;
s103, order G 1 Representing the order p in group G 1 Randomly selecting a generator G e G 1 The platform supervisor PS gets the common parameter cp= { N, G e G 1 ,H(·)};
S104, the platform supervisor PS secretly stores the private key sk thereof 0 And the public key pk 0 And common parameters CP are recorded into an created block of the blockchain, so that users and authorities can conveniently acquire CPs and pk from the blockchain 0
Further, the step S20 includes:
s201, a platform supervisor PS designates a governed attribute set for each authority AM, and the attribute managed by each AM is required to be not repeated;
S202, presume the kth authority AM k The jurisdictional attribute set is S k The platform supervisor PS is a legitimate AM k Wallet address aid is selected as its identity and AM is granted k Corresponding attribute set management authorities;
s203, authority AM k Reading public parameter CP and platform supervisor public key pk from an creative block 0 。AM k Selecting a random number beta k ∈Z N As AM k For any attribute i e S k Further selecting a random number v k,i Version private key VK as attribute i k,i =v k,i ,AM k By beta k And v k,i Calculating to obtain the ith attribute public key
Figure SMS_3
S204, for authority mechanism AM k All the attributes in jurisdiction are used for obtaining the version private key of each attribute by using the method of the step S203 to obtain an attribute version private key set { VK } k,i =v k,i ,v k,i ∈Z N Sum attribute public key set
Figure SMS_4
S205, authority AM k Using its private key beta k Calculation of
Figure SMS_5
As its own authorized public key;
s206, authority AM k Requiring secret preservation of its private key beta k And version private key VK k,i ,AM k Public key { PK of each attribute corresponding to each attribute i k,i |i∈S k A set of hash values { H (i) |i ε S } k Public key PK k Record to authority list L AM-att The list is recorded into the blockchain.
Further, the step S30 includes:
s301, when the data provider DP and the data user DU join the system, the data provider DP and the data user DU need to apply for registration to the platform supervisor PS first and submit the identity description information Info DU (e.g., name, mailbox, etc.), after passing the PS authentication, selecting a wallet address uid as its identity for the legitimate user;
s302, according to wallet address uid of user, PS selects two random numbers u uid ,z uid ∈Z N Calculating a public key of the user
Figure SMS_6
And private key sk uid =z uid
S303, the platform supervisor PS verifies the identity of the user for the convenience of the authority and uses the private key sk thereof 0 Computing digital signatures for users
Figure SMS_7
Generating a digital certificate Cert (uid) of the user;
s304, the platform supervisor PS transmits the public and private key pair (pk) through the secret channel uid ,sk uid ) And a digital certificate Cert (uid) is sent to the user, and the pk of the user is sent to the user uid Recorded on the blockchain.
Further, the step S40 includes:
s401, assuming wallet address is j, data user DU j To the kth authority AM k Application attribute private key, U k Is AM k User set in domain, SA is authority set, j E U k ,k∈SA,AM k The managed attribute set is S k ,DU j Attribute i e S of application k 。DU j In order to obtain the attribute private key, the method comprises the following steps of k At the same time of filing the application, sending the own digital certificate Cert (uid) to the AM k ,AM k Reading the public key pk of platform supervisor PS from the blockchain 0 Validating DUs j Obtain the identity of (C) and (D) of (C) j Related components
Figure SMS_8
S402, authority AM k For legitimate data users DU j Generating an attribute private key for DU j Arbitrary attribute i e S in (3) k ,AM k Reading public parameter CP from block chain and using its private key SK k Attribute public Key set { PK k,i |i∈S k Set of attributes S k Calculating to obtain the ith attribute private key
Figure SMS_9
S403, authority AM k By RSAEncryption algorithm Enc (pk j ,{ask k,j,i -computing ciphertext { mask) of the user attribute private key set k,j,i |k∈SA,j∈U k ,i∈S k };
S404, authority AM k Recording the public key, attribute set and attribute private key ciphertext of the user to a user attribute list L DU-Att And records the list as a transaction on the blockchain while recording the index TX of the transaction j,k . Data consumer DU j According to TX j,k Acquiring attribute private key ciphertext from block chain and using private key sk of the attribute private key ciphertext j And decrypting the ciphertext to obtain the corresponding attribute private key. In the same way, DU j Obtaining all attribute private keys from other authorities to obtain an attribute private key set { ask } k′,j′,i′ |k′∈SA,j′∈U k′ ,i′∈S k′ }。
Further, the step S50 includes:
s501, a data provider DP selects a session key kappa, encrypts shared internet of things data M by using an AES symmetric encryption algorithm AES.enc (kappa, M), and calculates a data ciphertext DCT=AES.enc (kappa, M);
s502, the data provider DP formulates a corresponding access control strategy for the shared Internet of things data M according to the attribute of the data provider DP and the object desiring to share the data
Figure SMS_10
Where A is an n×l matrix and the function ρ is a mapping from the set {1,2, …, n } to the set of attributes;
s503, the data provider DP reads the common parameter CP from the generation block and reads the attribute public key set { PK } related to the access control policy from the blockchain k,i |i∈S k Sum of the public key set { PK } and authorization k } k∈SA The DP uses the CP to determine the channel quality of the signal,
Figure SMS_11
{PK k,i |i∈S k },{PK k } k∈SA the session key κ is encrypted to generate a session key ciphertext KCT. The specific process is as follows: DP selects one followerNumber of machines s, v 2 ,v 3 ,…,v l ∈Z N * Construction vector v= < s, v 2 ,v 3 ,…,v l >Lambda is calculated i =A i V, wherein A i Is the ith row of matrix a; selecting l-1 random numbers omega 23 ,…,ω l ∈Z N * Constituting vector ω= < 0, ω 23 ,…,ω l >Calculate ω i =A i Omega. For each row a of the access control matrix a i DP randomly selects r i ∈Z N * The KCT was calculated as:
Figure SMS_12
Figure SMS_13
Figure SMS_14
ρ(i)∈S k ,k∈SA}
wherein A (A, ρ) represents an access control policy, C 0 Representing the result of encrypting the session key, κ represents the session key, β k The private key representing the kth authority, k.epsilon.SA represents the kth authority in the set of authorities SA, e (g, g) represents a bilinear pairing operation, C 1,i ,C 2,i ,C 3,i Represents ciphertext components containing access control policies, ρ (i) represents an attribute corresponding to the ith row of the access control matrix, v k,ρ(i) Represents the kth authority attribute ρ (i) version private key.
S504, the data provider DP uploads the data ciphertext DCT, the access control strategy A (A, ρ) and the session key ciphertext KCT of the shared data M to a cloud server, and the cloud server records the address URL storing the ciphertext and the description information of the shared data M on a blockchain.
Further, the step S60 includes:
s601, data user DU with wallet address j j Searching the description information of the shared data in the blockchain through the key words, calling a strategy matching function after finding the required information, and enabling the intelligent contract in the blockchain to share the data M only when the attribute of the intelligent contract meets the access control strategy set by the data provider DP x Data ciphertext DCT of (a) x And session key ciphertext KCT x Is sent to DU by storage address URL of (E) j ,DU j Ciphertext stored in the cloud server by the DP may be obtained through the address URL. DU (data Unit) j The process of acquiring data is recorded in the shared list L data In (a) and (b);
s602, due to data user DU j Is limited, some complex operations of the decryption process need to be outsourced to the cloud server. First, DU j Ciphertext KCT using session key x Ciphertext component C of (C) 1,i And its own private key sk j Calculating decryption factor df j :
Figure SMS_15
Wherein z is j Data user DU representing wallet address j j Of (a), i.e. z j =sk j
S603, data user DU j Decrypting the factor df over a secure channel j Own public key pk j And attribute private key set { ask } k,j,i |k∈SA,i∈S k Transmitting to a cloud server ESC;
s604, cloud server ESC is in user attribute list L DU-Att Data user DU j Related attribute public key set { PK k,j -computing a common subset P of attributes j,A ={ρ(i):i∈l}∩{PK k,j Where l is a set of row numbers of access control matrix a. For set P j,A The ESC will further check if the subset Ic is present such that Ic is a linear combination of vectors (1, 0, …, 0). If present, the ESC selects a set of constants { c i ∈Z N (where i represents)Access the ith row of the control matrix such that Σ i c i A i = (1, 0, …, 0), ESC calculation yields transformed ciphertext CT c
Figure SMS_16
Wherein omega i =A i ·ω,λ i =A i V, v· (1, 0, …, 0) =s, ω· (1, 0, …, 0) =0. Cloud server ESC transmits CT through secure channel c Transmitting to DU j
S605, data user DU j Obtaining a converted ciphertext CT c Then, the private key sk of the user is utilized j Decrypting CT c Recovering the session key κ:
Figure SMS_17
s606, data user DU j Decrypting data ciphertext DCT with session key kappa x Obtaining the shared data M x I.e. M x =Dec(κ,DCT x )。
Further, the step S70 includes:
s701, suppose data applicant
Figure SMS_18
Attribute μ by authority AM k Revocation, AM k Calling a strategy matching function, and screening out the factor of revocation +.>
Figure SMS_19
The session key cipher text { KCT } required to be updated for μ attribute of (a) x },AM k Retrieving shared list L data Screening and { KCT } x DP and DU, AM related k Notifying the user in the search result to update the ciphertext or the secret key of the user;
S702, authority AM k Reselecting a random value v k,μ ′∈Z N New version private key VK as revocation attribute μ k,μ =v k,μ ' update attribute public key of attribute mu
Figure SMS_20
In order to guarantee the security of attribute revocation, DP needs to update key CUK using ciphertext μ Updating ciphertext associated with revocation attribute μ, an unremoved user having revocation attribute μ needs to update key KUK with the key j,μ The key associated with mu is updated. AM (AM) k With its private key SK k New version key VK k,μ ' old version key VK k,μ And attribute public key set of non-revoked users +.>
Figure SMS_21
Calculation to get->
Figure SMS_22
And
Figure SMS_23
s703, authority AM k Recording the process of attribute revocation to revocation list L R-Att In the list and the key update key KUK j,μ Record onto blockchain, then AM k CUK through secure channel μ Sending the encrypted text to a data provider DP needing to be updated;
s704, DP obtains ciphertext update key CUK through secure channel μ Updating session key ciphertext KCT associated with revocation attribute μ x . DP reselects the session key kappa', calculates the updated data ciphertext DCT using the AES symmetric encryption algorithm ud Aes. Enc (κ', M), this process may be performed in advance when the attribute is revoked;
s705, partial ciphertext component CT μ ={C 0 ,C 3,i Updates of property revocation can be greatly improved by DP updating KCT using κ' computation x C in (C) 0
Figure SMS_24
C 0 The calculation of (a) can also be locally advancedProceeding so that the primary computational overhead of attribute revocation is to update ciphertext C associated with the revoked attribute μ 3,i DP updates the key CUK with ciphertext μ For KCT x C in (C) 3,i Updating:
Figure SMS_25
obtaining updated session key ciphertext KCT ud
Figure SMS_26
Figure SMS_27
Figure SMS_28
Figure SMS_29
Figure SMS_30
Ciphertext KCT after DP will be updated ud Uploading the cloud server. By AM (AM) k The provided ciphertext updating key and the proposal can ensure the forward security of the access control system, namely, if a newly added user has the attribute meeting the access control strategy, the session key ciphertext can be decrypted. And revoke the user
Figure SMS_31
Using old version of the attribute private key set { ask } k,j,i |k∈SA,i∈S k Failure to decrypt session key ciphertext KCT ud Because the cloud server ESC selects a set of constants { c }, when performing outsourcing decryption i ∈Z N Calculation +.>
Figure SMS_32
When the vector (1, 0, …, 0) is not available, decryption will stop. Therefore, the updated session key kappa' cannot be obtained by decrypting the conversion ciphertext, and further the data ciphertext cannot be decrypted;
s706, after the cipher text of the key is updated, the non-revoked users meeting the cipher text access control policy need to update their attribute private keys. Authority AM on list L DU-Att Searching the users needing to update the attribute private key and recording the users as a list { list } DU AM notification { list } DU Each user in the list updates the attribute private key. Each non-revoked user DU having a revoke attribute μ j Wherein DU j Obtaining a corresponding key update key KUK through a smart contract without including a user requiring attribute revocation j,μ ,DU j By KUK j,μ Updating its attribute private key ask k,j,i K in (B) j,μ
Figure SMS_33
Wherein K is j Then represents the attribute private key component after the update. v k,μ A version private key representing the attribute μ owned by the kth authority.
Obtaining an updated attribute private key ask' k,j,μ
Figure SMS_34
Figure SMS_35
Due to DU j Wallet address u of (2) j Is unique, and therefore these KUK j,μ Is different for all non-revoked users, so that revoked users
Figure SMS_36
Failure to use other non-revoked usesKUK of the household j,μ Updating own secret key, and guaranteeing the backward security of data sharing;
s707, after the unremoved user updates the own attribute private key, acquiring the updated key ciphertext KCT from the cloud server ESC ud Sum data ciphertext DCT ud . Repeating the steps of S602, S603, S604, S605, S606, the undegraded user first obtains the decryption factor df j ' the updated key set { ask } ' is then used ' k,j,i |k∈SA,i∈S k And its own public key pk j To the ESC. ESC selects a set of constants { c i ∈Z N } such that Σ i c i A i = (1, 0, …, 0), then for KCT ud Decryption to obtain converted ciphertext CT' c Then the non-revoked user uses its own private key sk j Recovering the session key kappa', and finally decrypting the DCT using kappa ud Obtaining shared internet of things data M x
Compared with the prior art, the invention has the beneficial effects that:
(1) According to the distributed attribute-based encryption method based on the blockchain revocation, the blockchain and the distributed attribute-based encryption scheme are combined, and the trust problem of key distribution is mapped from an authority mechanism to a distributed account book by utilizing a commonly-driven blockchain framework, so that decentralized key management in the Internet of things environment is realized.
(2) According to the distributed attribute-based encryption method based on the block chain revocation, the sharing process of the whole internet traffic (IoT) data is recorded on the block chain, and the fairness, fairness and disclosure of the data sharing process are guaranteed by utilizing the characteristics of non-falsification, traceability and auditability of the block chain.
(3) According to the block chain-based revocable distributed attribute-based encryption method, the distributed attribute-based encryption scheme is applied to data sharing of the Internet of things, fine-grained authorization of user data is achieved while user privacy is protected, unauthorized users are effectively prevented from accessing the data, and safety of data sharing of the Internet of things is guaranteed.
(4) According to the distributed attribute-based encryption method based on the blockchain revocation, provided by the invention, the intelligent contracts in the blockchain are utilized to assist the authority to realize revocation of the user attributes, the data provider updates the ciphertext related to the revoked attributes, and the user does not revoke the attribute private key of the user, so that the forward and backward safety of shared data is ensured, and the attribute revocation efficiency is improved.
(5) According to the invention, technologies such as blockchain and attribute-based encryption are combined, fine-granularity safe sharing of the data of the Internet of things is realized, collusion attack among malicious nodes is effectively resisted, and forward and backward safety of the sharing process is ensured.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate the invention and together with the embodiments of the invention, serve to explain the invention.
FIG. 1 is a flow chart of a blockchain-based revocable distributed attribute-based encryption method provided by the invention.
Fig. 2 is a model diagram of a distributed attribute-based encryption method based on blockchain revocation according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. Of course, the specific embodiments described herein are for purposes of illustration only and are not intended to limit the invention.
Examples
Referring to fig. 1 to 2, the present embodiment provides a blockchain-based revocable distributed attribute-based encryption method, which includes: system administrators, data providers, data applicants, authorities, blockchains, cloud servers.
The method comprises the following steps:
s10, establishing a system, constructing a blockchain by a platform supervisor PS, generating a public parameter CP, and obtaining a corresponding wallet address and public-private key pair (sk) 0 ,pk 0 ). PS will CP and public Key pk 0 Wound recorded in blockchainThe world block.
S20, initializing authority mechanisms, and designating a jurisdictional attribute set for each legal authority mechanism AM by the platform supervisor PS. The AM randomly selects two numbers as own private key and version private key of self-managed attribute respectively, and then reads public key pk of public parameters CP and PS from block chain 0 And calculating and obtaining an attribute public key of the administered attribute and an own authorized public key. The AM records the set of attribute public keys, the attribute hash value, and the authorized public key into the blockchain.
S30, registering the user, wherein the user applies for registration to a platform supervisor PS, the PS calculates a public and private key pair and a verification certificate for a legal user, and the public key of the user is used as a transaction record to the blockchain.
S40, generating a user attribute private key, applying the attribute private key to an authority mechanism AM by a data user DU, verifying the identity of the DU by the AM, and calculating an attribute private key ask for the legal DU k,j,i . The AM encrypts the attribute private key set by utilizing the public key of the DU and the RSA encryption algorithm, and uploads the list recorded with the attribute private key ciphertext to the blockchain. The DU may obtain the ciphertext of the attribute private key from the blockchain according to the index of the transaction record, and then obtain the attribute private key by decrypting the ciphertext.
S50, data encryption, namely, randomly selecting a session key kappa by a data provider DP, encrypting the internet of things data M to be shared by using an AES symmetric encryption algorithm to obtain a data ciphertext DCT, and then formulating a corresponding access control strategy according to the application range of M
Figure SMS_37
The DP reads a public key set related to the access control strategy from the blockchain, encrypts a session key kappa, calculates a key ciphertext KCT, and then the DP uploads the KCT to the cloud server.
S60, data access, namely, a data user DU calls a strategy matching function to obtain a key ciphertext KCT from a cloud server, and the ciphertext can be decrypted only when the attribute of the DU meets the access control strategy of the ciphertext. First, DU calculates decryption factor df by ciphertext component in KCT j The method comprises the steps of carrying out a first treatment on the surface of the The cloud server then utilizes df j Public key and attribute private key set of DU, calculation and acquisition transferCiphertext CTc is converted; and finally, the DU uses the private key of the DU to decrypt the CTc, recovers the session key kappa, and uses kappa to decrypt the data ciphertext DCT to obtain the shared data M.
S70, user attribute withdrawal, when the authority AM withdraws one or more attributes of the data user DU, the AM invokes a strategy matching algorithm to screen out a session key secret corpus { KCT (key agreement) which needs to be updated x Related data provider DP and data consumer DU. The AM running algorithm calculates to obtain the new attribute public key, ciphertext update key CUK, and key update key KUK. The AM sends the CUK to the DP, which needs to update the ciphertext, over the secure channel, recording KUK into the blockchain. DP updates the corresponding key ciphertext using CUK and the non-revoked user updates its own attribute private key using KUK.
The block chain-based revocable distributed attribute-based encryption method mainly comprises the following steps: system administrators, data owners, data applicants, authorities, blockchains, cloud servers.
The step S10 specifically includes the following steps:
s101, platform supervisor PS builds block chain
Figure SMS_38
For which a unique identity id is selected PS Generate public-private key pair { sk } 0 ,pk 0 };
S102, inputting a safety parameter lambda by a platform supervisor PS, and selecting an order of N=p 1 p 2 p 3 Bilinear group G of (1), where p 1 ,p 2 ,p 3 Is three different large primes, a hash function H {0,1} → G is selected, and the function can map the attribute to the elements in the group G;
s103, order G 1 Representing the order p in group G 1 Randomly selecting a generator G e G 1 The platform supervisor PS gets the common parameter cp= { N, G e G 1 ,H(·)};
S104, the platform supervisor PS secretly stores the private key sk thereof 0 And the public key pk 0 And common parameters CP are recorded into an created block of the block chain, so that the user and the authority are facilitated to followAcquiring CP and pk in blockchain 0
Step S20 includes the steps of:
s201, a platform supervisor PS designates a governed attribute set for each authority AM, and the attribute managed by each AM is required to be not repeated;
s202, presume the kth authority AM k The jurisdictional attribute set is S k The platform supervisor PS is a legitimate AM k Wallet address aid is selected as its identity and AM is granted k Corresponding attribute set management authorities;
s203, authority AM k Reading public parameter CP and platform supervisor public key pk from an creative block 0 。AM k Selecting a random number beta k ∈Z N As AM k For any attribute i e S k Further selecting a random number v k,i Version private key VK as attribute i k,i =v k,i ,AM k By beta k And v k,i Calculating to obtain the ith attribute public key
Figure SMS_39
S204, for authority mechanism AM k All the attributes in jurisdiction are used for obtaining the version private key of each attribute by using the method of the step S203 to obtain an attribute version private key set { VK } k,i =v k,i ,v k,i ∈Z N Sum attribute public key set
Figure SMS_40
S205, authority AM k Using its private key beta k Calculation of
Figure SMS_41
As its own authorized public key;
s206, authority AM k Requiring secret preservation of its private key beta k And version private key VK k,i ,AM k Public key { PK of each attribute corresponding to each attribute i k,i |i∈S k A set of hash values { H (i) |i ε S } k Public key PK k Record to authority list L AM-att The list is recorded into the blockchain.
Step S30 includes the steps of:
s301, when the data provider DP and the data user DU join the system, the data provider DP and the data user DU need to apply for registration to the platform supervisor PS first and submit the identity description information Info DU (e.g., name, mailbox, etc.), after passing the PS authentication, selecting a wallet address uid as its identity for the legitimate user;
s302, according to wallet address uid of user, PS selects two random numbers u uid ,z uid ∈Z N Calculating a public key of the user
Figure SMS_42
And private key sk uid =z uid
S303, the platform supervisor PS verifies the identity of the user for the convenience of the authority and uses the private key sk thereof 0 Computing digital signatures for users
Figure SMS_43
Generating a digital certificate Cert (uid) of the user;
s304, the platform supervisor PS transmits the public and private key pair (pk) through the secret channel uid ,sk uid ) And a digital certificate Cert (uid) is sent to the user, and the pk of the user is sent to the user uid Recorded on the blockchain.
Step S40 includes the steps of:
s401, assuming wallet address is j, data user DU j To the kth authority AM k Application attribute private key, U k Is AM k User set in domain, SA is authority set, j E U k ,k∈SA,AM k The managed attribute set is S k ,DU j Attribute i e S of application k 。DU j In order to obtain the attribute private key, the method comprises the following steps of k At the same time of filing the application, sending the own digital certificate Cert (uid) to the AM k ,AM k Reading the public key pk of platform supervisor PS from the blockchain 0 Validating DUs j Is obtained by the identity of (a)Wherein and DU j Related components
Figure SMS_44
S402, authority AM k For legitimate data users DU j Generating an attribute private key for DU j Arbitrary attribute i e S in (3) k ,AM k Reading public parameter CP from block chain and using its private key SK k Attribute public Key set { PK k,i |i∈S k Set of attributes S k Calculating to obtain the ith attribute private key
Figure SMS_45
S403, authority AM k Using RSA encryption algorithm Enc (pk j ,{ask k,j,i -computing ciphertext { mask) of the user attribute private key set k,j,i |k∈SA,j∈U k ,i∈S k };
S404, authority AM k Recording the public key, attribute set and attribute private key ciphertext of the user to a user attribute list L DU-Att And records the list as a transaction on the blockchain while recording the index TX of the transaction j,k . Data consumer DU j According to TX j,k Acquiring attribute private key ciphertext from block chain and using private key sk of the attribute private key ciphertext j And decrypting the ciphertext to obtain the corresponding attribute private key. In the same way, DU j Obtaining all attribute private keys from other authorities to obtain an attribute private key set { ask } k′,j′,i′ |k′∈SA,j′∈U k′ ,i′∈S k′ }。
Step S50 includes the steps of:
s501, a data provider DP selects a session key kappa, encrypts shared internet of things data M by using an AES symmetric encryption algorithm AES.enc (kappa, M), and calculates a data ciphertext DCT=AES.enc (kappa, M);
s502, the data provider DP formulates a corresponding access control strategy for the shared Internet of things data M according to the attribute of the data provider DP and the object desiring to share the data
Figure SMS_46
Where A is an n×l matrix and the function ρ is a mapping from the set {1,2, …, n } to the set of attributes;
s503, the data provider DP reads the common parameter CP from the generation block and reads the attribute public key set { PK } related to the access control policy from the blockchain k,i |i∈S k Sum of the public key set { PK } and authorization k } k∈SA The DP uses the CP to determine the channel quality of the signal,
Figure SMS_47
{PK k,i |i∈S k },{PK k } k∈SA the session key κ is encrypted to generate a session key ciphertext KCT. The specific process is as follows: DP selects one random number s, v 2 ,v 3 ,…,v l ∈Z N * Construction vector v= < s, v 2 ,v 3 ,…,v l >Lambda is calculated i =A i V, wherein A i Is the ith row of matrix a; selecting l-1 random numbers omega 23 ,…,ω l ∈Z N * Constituting vector ω= < 0, ω 23 ,…,ω l >Calculate ω i =A i Omega. For each row a of the access control matrix a i DP randomly selects r i ∈Z N * The KCT was calculated as:
Figure SMS_48
Figure SMS_49
Figure SMS_50
ρ(i)∈S k ,k∈SA}
wherein the method comprises the steps of
Figure SMS_51
Representing access control policy, C 0 Representing the result of encrypting the session key, κ represents the session key, β k The private key representing the kth authority, k.epsilon.SA represents the kth authority in the set of authorities SA, e (g, g) represents a bilinear pairing operation, C 1,i ,C 2,i ,C 3,i Represents ciphertext components containing access control policies, ρ (i) represents an attribute corresponding to the ith row of the access control matrix, v k,ρ(i) Represents the kth authority attribute ρ (i) version private key.
S504, the data provider DP will share the data ciphertext DCT of the data M and access control strategy
Figure SMS_52
And uploading the session key ciphertext KCT to a cloud server, and recording the address URL for storing the ciphertext and the description information of the shared data M on the blockchain by the cloud server.
Step S60 includes the steps of:
s601, data user DU with wallet address j j Searching the description information of the shared data in the blockchain through the key words, calling a strategy matching function after finding the required information, and enabling the intelligent contract in the blockchain to share the data M only when the attribute of the intelligent contract meets the access control strategy set by the data provider DP x Data ciphertext DCT of (a) x And session key ciphertext KCT x Is sent to DU by storage address URL of (E) j ,DU j Ciphertext stored in the cloud server by the DP may be obtained through the address URL. DU (data Unit) j The process of acquiring data is recorded in the shared list L data In (a) and (b);
s602, due to data user DU j Is limited, some complex operations of the decryption process need to be outsourced to the cloud server. First, DU j Ciphertext KCT using session key x Ciphertext component C of (C) 1,i And its own private key sk j Calculating decryption factor df j :
Figure SMS_53
Wherein z is j Data user DU representing wallet address j j Of (a), i.e. z j =sk j
S603, data user DU j Decrypting the factor df over a secure channel j Own public key pk j And attribute private key set { ask } k,j,i |k∈SA,i∈S k Transmitting to a cloud server ESC;
s604, cloud server ESC is in user attribute list L DU-Att Data user DU j Related attribute public key set { PK k,j -computing a common subset P of attributes j,A ={ρ(i):i∈l}∩{PK k,j Where l is a set of row numbers of access control matrix a. For set P j,A The ESC will further check if the subset Ic is present such that Ic is a linear combination of vectors (1, 0, …, 0). If present, the ESC selects a set of constants { c i ∈Z N I represents the ith row of the access control matrix, such that Σ i c i A i = (1, 0, …, 0), ESC calculation yields transformed ciphertext CT c
Figure SMS_54
Wherein omega i =A i ·ω,λ i =A i V, v· (1, 0, …, 0) =s, ω· (1, 0, …, 0) =0. Cloud server ESC transmits CT through secure channel c Transmitting to DU j
S605, data user DU j Obtaining a converted ciphertext CT c Then, the private key sk of the user is utilized j Decrypting CT c Recovering the session key κ:
Figure SMS_55
s606, data user DU j Decrypting data ciphertext DCT with session key kappa x Obtaining the shared data M x I.e. M x =Dec(κ,DCT x )。
Step S70 includes the steps of:
s701, suppose data applicant
Figure SMS_56
Attribute μ by authority AM k Revocation, AM k Calling a strategy matching function, and screening out the factor of revocation +.>
Figure SMS_57
The session key cipher text { KCT } required to be updated for μ attribute of (a) x },AM k Retrieving shared list L data Screening and { KCT } x DP and DU, AM related k Notifying the user in the search result to update the ciphertext or the secret key of the user;
s702, authority AM k Reselecting a random value v k,μ ′∈Z N New version private key VK as revocation attribute μ k,μ =v k,μ ' update attribute public key of attribute mu
Figure SMS_58
In order to guarantee the security of attribute revocation, DP needs to update key CUK using ciphertext μ Updating ciphertext associated with revocation attribute μ, an unremoved user having revocation attribute μ needs to update key KUK with the key j,μ The key associated with mu is updated. AM (AM) k With its private key SK k New version key VK k,μ ' old version key VK k,μ And attribute public key set of non-revoked users +.>
Figure SMS_59
Calculation to get->
Figure SMS_60
And
Figure SMS_61
s703, authority AM k Recording the process of attribute revocation to revocation list L R-Att In the list and the key update key KUK j,μ Recording onto a blockchainThen AM k CUK through secure channel μ Sending the encrypted text to a data provider DP needing to be updated;
s704, DP obtains ciphertext update key CUK through secure channel μ Updating session key ciphertext KCT associated with revocation attribute μ x . DP reselects the session key kappa', calculates the updated data ciphertext DCT using the AES symmetric encryption algorithm ud Aes. Enc (κ', M), this process may be performed in advance when the attribute is revoked;
s705, partial ciphertext component CT μ ={C 0 ,C 3,i Updates of property revocation can be greatly improved by DP updating KCT using κ' computation x C in (C) 0
Figure SMS_62
/>
C 0 The calculation of (2) may also be performed locally in advance, so the main computational overhead of the attribute revocation is to update ciphertext C associated with the revoked attribute μ 3,i DP updates the key CUK with ciphertext μ For KCT x C in (C) 3,i Updating:
Figure SMS_63
obtaining updated session key ciphertext KCT ud
Figure SMS_64
Figure SMS_65
Figure SMS_66
Figure SMS_67
Figure SMS_68
Ciphertext KCT after DP will be updated ud Uploading the cloud server. By AM (AM) k The provided ciphertext updating key and the proposal can ensure the forward security of the access control system, namely, if a newly added user has the attribute meeting the access control strategy, the session key ciphertext can be decrypted. And revoke the user
Figure SMS_69
Using old version of the attribute private key set { ask } k,j,i |k∈SA,i∈S k Failure to decrypt session key ciphertext KCT ud Because the cloud server ESC selects a set of constants { c }, when performing outsourcing decryption i ∈Z N Calculation +.>
Figure SMS_70
When the vector (1, 0, …, 0) is not available, decryption will stop. Therefore, the updated session key kappa' cannot be obtained by decrypting the conversion ciphertext, and further the data ciphertext cannot be decrypted;
s706, after the cipher text of the key is updated, the non-revoked users meeting the cipher text access control policy need to update their attribute private keys. Authority AM on list L DU -searching the Att for the user who needs to update the attribute private key and recording it as a list { list } DU AM notification { list } DU Each user in the list updates the attribute private key. Each non-revoked user DU having a revoke attribute μ j Wherein DU j Obtaining a corresponding key update key KUK through a smart contract without including a user requiring attribute revocation j,μ ,DU j By KUK j,μ Updating its attribute private key ask k,j,i K in (B) j,μ
Figure SMS_71
Wherein K is j Then represents the attribute private key component after the update. v k,μ A version private key representing the attribute μ owned by the kth authority.
Obtaining an updated attribute private key ask' k,j,μ
Figure SMS_72
Figure SMS_73
Due to DU j Wallet address u of (2) j Is unique, and therefore these KUK j,μ Is different for all non-revoked users, so that revoked users
Figure SMS_74
KUK of other non-revoked users cannot be used j,μ Updating own secret key, and guaranteeing the backward security of data sharing; />
S707, after the unremoved user updates the own attribute private key, acquiring the updated key ciphertext KCT from the cloud server ESC ud Sum data ciphertext DCT ud . Repeating the steps of S602, S603, S604, S605, S606, the undegraded user first obtains the decryption factor df j ' the updated key set { ask } ' is then used ' k,j,i |k∈SA,i∈S k And its own public key pk j To the ESC. ESC selects a set of constants { c i ∈Z N } such that Σ i c i A i = (1, 0, …, 0), then for KCT ud Decryption to obtain converted ciphertext CT' c Then the non-revoked user uses its own private key sk j Recovering the session key kappa', and finally decrypting the DCT using kappa ud Obtaining shared internet of things data M x
In this embodiment, the aspects of the function, calculation overhead, storage overhead, and the like of the scheme are compared with the related scheme. The functions of the comparison scheme mainly consider the use of groups, the safety of attribute revocation and the like; meter with a meter bodyThe calculation cost comparison mainly considers the key generation time, the data encryption time, the data decryption time and the attribute revocation time; the storage overhead comparison mainly considers the storage overhead of the user, the storage overhead of the blockchain and the storage overhead of the cloud server. Wherein AM represents authority, ESC represents cloud server, DU represents user, G q Is a group of order prime number q, the bit length of q is 160 bits, E q Is group G q An exponentiation of m q Is group G q A multiplication operation, p q Is group G q A bilinear pair operation. Suppose G i Is of order prime number p i I=1, 2,3, p i Bit length of 517 bits, E i Is group G i An exponentiation of m i Is group G i Last multiplication operation, p i Is group G i And (3) carrying out double pair operation on the attribute, wherein R represents the number of the revoked attributes. NN (N) A Representing the number of all AMs in the cloud storage system, |q| represents group G q Is, |p| represents the group G 1 Size, n uid,i Representation DU uid Attribute number, n aid,i Representation of AM aid The managed attribute quantity, TX, represents the transaction size, and AMM represents the data storage module in the trusted cloud server.
Table 1 functional comparison of the schemes
Figure SMS_75
Table 1 gives a comparison of this embodiment and other schemes in terms of attribute revocation security. Scheme 1 is built based on the complex order group, satisfying the adaptive security, but the scheme cannot revoke the user's attributes. The scheme 2 is constructed based on prime order groups, only meets the selection security, and the scheme 2 realizes the attribute revocation function by using a blockchain, but realizes the access control of data only through an access control list, does not update a secret key and a ciphertext, and does not meet the backward security of user attribute revocation. Scheme 3 does not meet the backward security, and ciphertext is updated by utilizing a cloud server, so that collusion attack cannot be resisted. In scheme 4, there is a completely trusted entity AMM, but in the distributed internet of things scenario, it is difficult to find a completely trusted entity. However, solutions 2,3, and 4 only satisfy the weaker selective security model, i.e., the attribute set of the revoked user is selected before the system is initialized, while in the actual IoT scenario, the attacker can adaptively select the attribute set of the revoked user, so that solutions 2,3, and 4 cannot satisfy the security requirement of the actual IoT application scenario. The embodiment can meet the safety requirement of the adaptive user attribute revocation, does not need any trust center, records the process of the user attribute revocation to the distributed account book of the blockchain, updates the version key component in the ciphertext and the secret key in a chain uplink and downlink combined mode, and achieves the forward and backward safety of the user attribute revocation.
Table 2 comparison of computational overhead
Figure SMS_76
Table 2 shows some improvements of this example: (1) Data decryption is very important for IoT devices with limited computing power, and in this embodiment, only one exponentiation operation and one multiplication operation are needed, and bilinear peer-to-peer complex operations in the decryption process are outsourced to a cloud server for execution, so that a user can obtain IoT raw data only by executing a small amount of simple computation. Therefore, the data decryption algorithm of the present embodiment is faster than that of schemes 1 and 2; (2) The main computational overhead of attribute revocation is ciphertext update and key update. The ciphertext updating in this embodiment is the fastest in all schemes, and the data provider only needs to update the session key ciphertext at p 1 Order group G 1 The more the number of attributes to be revoked, the more obvious our solution is the advantage. The key update phase, our scheme, has a slightly higher computational overhead than schemes 3 and 4, but the differences are within acceptable limits. (3) Compared with the scheme 1 and the scheme 2, the embodiment can ensure the forward and backward safety of data sharing; compared with the schemes 2, 3 and 4, the embodiment has higher security level, allows the system to adaptively revoke the attribute of the user, and satisfies the requirement of the prior attribute revocation of the adaptive user The backward and forward security is more suitable for fine-grained secure sharing of data in an untrusted internet of things scene.
Table 3 store overhead contrast
Figure SMS_77
Table 3 shows the user (DU), blockchain
Figure SMS_78
And storage overhead of a storage module (AMM) in the cloud server. The key design in the scheme 3 is complex, and the user terminal stores the attribute public-private key pair, so that the storage pressure of the IoT terminal device is increased. When the user attribute updating frequency is high, the user frequently acquires the key updating key KUK from the authority, the communication expense of the user and the authority is huge, and if the interaction amount is increased in a short time, the system can be blocked or even down. In addition, the security of the data transmission process cannot be guaranteed, data cannot be traced by malicious theft and tampering, and the security of data sharing is seriously threatened. To solve this problem, scheme 4 introduces a trusted entity AMM, records the attribute public keys managed by all Authorities (AM), and the interactive data between entities is received and broadcast by AMM. Although the storage overhead of the user can be reduced by using the interactive information between the AMM storage entities, the storage overhead of the system is increased. When the user attribute is revoked, the key update key KUK and the updated attribute public key PK' uid,i Recorded into AMM, AMM will KUK and PK' uid,i The overhead of system communication for this procedure is doubled compared to scheme 3, which is sent to the non-revoked users. In addition, in an untrusted internet of things scenario, most entities are semi-trusted, the assumption of scheme 4 is too strong, a trusted centralized server hardly exists in an IoT scenario, and when an AMM has a problem, the security of the system cannot be guaranteed. The invention adopts the blockchain technology to replace an AMM trusted centralized server, does not need any trusted entity, maps the trust of a system depending on an authority mechanism to a distributed account book, records the mapping relation between a data applicant and the attribute thereof, and utilizes an intelligent contract to assist the authority mechanism to realize the user belongingsAnd (3) the revocation of the property, and the process record of the user attribute revocation is uplink. Although the blockchain adds additional storage overhead, it can reduce the storage overhead of users at the system level, guarantee the security of data sharing, play an important role in untrusted IoT scenarios. When a user applies for the attribute private key, the attribute public key and the attribute private key ciphertext record are uplink, so that the storage overhead of the user internet of things (IoT) terminal equipment is reduced, and the absolute trust problem of the user to the authority is solved. When the data provider executes the encryption algorithm, the attribute public key is acquired through the intelligent contract, local storage is not needed, the storage overhead of the data provider is reduced, the acquisition process of the attribute public key is traceable and non-tamperable, and the integrity and verifiability of the shared data are ensured. When the user attribute is revoked, the authority links up KUK records, users which are not revoked call the revoked contracts to obtain KUK, the attribute private key is updated under the links, the updated ciphertext can be correctly decrypted by using the updated attribute private key, the users which are revoked cannot update the attribute private key, and the updated ciphertext cannot be decrypted by using the old version private key, so that the forward and backward safety of shared data is ensured. In a word, compared with scheme 3, we realize the user attribute to cancel, have raised the security that the data shares; compared with scheme 4, we do not depend on any trusted entity, have a higher security level, meet the forward and backward security of adaptive user attribute revocation, and are more suitable for secure sharing of data in untrusted IoT scenarios.
The foregoing description of the preferred embodiments of the invention is not intended to limit the invention to the precise form disclosed, and any such modifications, equivalents, and alternatives falling within the spirit and scope of the invention are intended to be included within the scope of the invention.

Claims (8)

1. A block chain-based revocable distributed attribute-based encryption method is characterized by comprising the following steps:
s10, establishing a system, constructing a blockchain by a platform supervisor PS, generating a public parameter CP, and obtaining a corresponding wallet address and public-private key pair (sk) 0 ,pk 0 ) PS will CP and public Key pk 0 Recording in the world of a blockchainOn the block;
s20, initializing authority mechanisms, enabling a platform supervisor PS to assign an attribute set of jurisdiction for each legal authority mechanism AM, enabling the AM to randomly select two numbers to serve as private keys of the AM and version private keys of the attribute managed by the AM, and then reading public parameters CP and public keys pk of the PS from a blockchain 0 Calculating to obtain an attribute public key and an own authorized public key of the administered attribute, and recording the attribute public key set, the attribute hash value and the authorized public key into a blockchain by an AM;
s30, registering the user, wherein the user applies for registration to a platform supervisor PS, the PS calculates a public and private key pair and a verification certificate for a legal user, and the public key of the user is used as a transaction record to a blockchain;
S40, generating a user attribute private key, applying the attribute private key to an authority mechanism AM by a data user DU, verifying the identity of the DU by the AM, and calculating an attribute private key ask for the legal DU k,j,i The AM encrypts the attribute private key set by utilizing the public key of the DU and an RSA encryption algorithm, uploads a list recorded with the attribute private key ciphertext to a blockchain, the DU acquires the attribute private key ciphertext from the blockchain according to the index of the transaction record, and then acquires the attribute private key by decrypting the ciphertext;
s50, data encryption, namely, randomly selecting a session key kappa by a data provider DP, encrypting the internet of things data M to be shared by using an AES symmetric encryption algorithm to obtain a data ciphertext DCT, and then formulating a corresponding access control strategy according to the application range of M
Figure FDA0004140934800000011
The DP reads a public key set related to the access control strategy from the blockchain, encrypts a session key kappa, calculates a key ciphertext KCT, and then the DP uploads the KCT to the cloud server;
s60, data access, wherein a data user DU calls a strategy matching function to obtain a key ciphertext KCT from a cloud server, and can decrypt the ciphertext only when the attribute of the DU meets the access control strategy of the ciphertext, and firstly, the DU calculates a decryption factor df by utilizing a ciphertext component in the KCT j The method comprises the steps of carrying out a first treatment on the surface of the The cloud server then utilizes df j Public key and attribute private key set of DU, calculationObtaining a conversion ciphertext CTc; finally, the DU uses the private key of the DU to decrypt the CTc, recovers the session key kappa, and uses kappa to decrypt the data ciphertext DCT to obtain the shared data M;
s70, user attribute withdrawal, when the authority AM withdraws one or more attributes of the data user DU, the AM invokes a strategy matching algorithm to screen out a session key secret corpus { KCT (key agreement) which needs to be updated x The related data provider DP and the data user DU are used, the AM operation algorithm calculates and obtains a new attribute public key, a ciphertext update key CUK and a key update key KUK, the AM sends the CUK to the DP needing to update the ciphertext through a secure channel, KUK is recorded in a blockchain, the DP uses the CUK to update the corresponding key ciphertext, and the non-revoked user uses KUK to update the own attribute private key;
the distributed attribute-based encryption method based on the blockchain revocation comprises the following steps: system administrators, data owners, data applicants, authorities, blockchains, cloud servers.
2. The blockchain-based revocable distributed attribute-based encryption method of claim 1, wherein the step S10 includes the steps of:
s101, platform supervisor PS builds block chain
Figure FDA0004140934800000021
For which a unique identity id is selected PS Generate public-private key pair { sk } 0 ,pk 0 };
S102, inputting a safety parameter lambda by a platform supervisor PS, and selecting an order of N=p 1 p 2 p 3 Bilinear group G of (1), where p 1 ,p 2 ,p 3 Is three different large primes, a hash function H {0,1} → G is selected, and the function maps the attribute to the elements in the group G;
s103, order G 1 Representing the order p in group G 1 Randomly selecting a generator G e G 1 The platform supervisor PS gets the common parameter cp= { N, G e G 1 ,H(·)};
S104, platform monitoringThe manager PS keeps its private key sk secret 0 And the public key pk 0 And common parameters CP are recorded into an created block of the blockchain, so that users and authorities can conveniently acquire CPs and pk from the blockchain 0
3. The blockchain-based revocable distributed attribute-based encryption method of claim 1, wherein the step S20 includes the steps of:
s201, a platform supervisor PS designates a governed attribute set for each authority AM, and the attribute managed by each AM is required to be not repeated;
s202, presume the kth authority AM k The jurisdictional attribute set is S k The platform supervisor PS is a legitimate AM k Wallet address aid is selected as its identity and AM is granted k Corresponding attribute set management authorities;
S203, authority AM k Reading public parameter CP and platform supervisor public key pk from an creative block 0 ,AM k Selecting a random number beta k ∈Z N As AM k For any attribute i e S k Further selecting a random number v k,i Version private key VK as attribute i k,i =v k,i ,AM k By beta k And v k,i Calculating to obtain the ith attribute public key
Figure FDA0004140934800000022
S204, for authority mechanism AM k All the attributes in jurisdiction are used for obtaining the version private key of each attribute by using the method of the step S203 to obtain an attribute version private key set { VK } k,i =v k,i ,v k,i ∈Z N Sum attribute public key set
Figure FDA0004140934800000023
S205, authority AM k Using its private key beta k Calculation of
Figure FDA0004140934800000024
As its own authorized public key;
s206, authority AM k Requiring secret preservation of its private key beta k And version private key VK k,i ,AM k Public key { PK of each attribute corresponding to each attribute i k,i |i∈S k A set of hash values { H (i) |i ε S } k Public key PK k Record to authority list L AM-att The list is recorded into the blockchain.
4. The blockchain-based revocable distributed attribute-based encryption method of claim 1, wherein the step S30 includes the steps of:
s301, when the data provider DP and the data user DU join the system, the data provider DP and the data user DU need to apply for registration to the platform supervisor PS first and submit the identity description information Info DU After passing the PS authentication, selecting a wallet address uid as an identity of a legal user;
s302, according to wallet address uid of user, PS selects two random numbers u uid ,z uid ∈Z N Calculating a public key of the user
Figure FDA0004140934800000031
And private key sk uid =z uid
S303, the platform supervisor PS verifies the identity of the user for the convenience of the authority and uses the private key sk thereof 0 Computing digital signatures for users
Figure FDA0004140934800000032
Generating a digital certificate Cert (uid) of the user;
s304, the platform supervisor PS transmits the public and private key pair (pk) through the secret channel uid ,sk uid ) And a digital certificate Cert (uid) is sent to the user, and the pk of the user is sent to the user uid Recorded on the blockchain.
5. The blockchain-based revocable distributed attribute-based encryption method of claim 1, wherein the step S40 includes the steps of:
s401, assuming wallet address is j, data user DU j To the kth authority AM k Application attribute private key, U k Is AM k User set in domain, SA is authority set, j E U k ,k∈SA,AM k The managed attribute set is S k ,DU j Attribute i e S of application k ,DU j In order to obtain the attribute private key, the method comprises the following steps of k At the same time of filing the application, sending the own digital certificate Cert (uid) to the AM k ,AM k Reading the public key pk of platform supervisor PS from the blockchain 0 Validating DUs j Obtain the identity of (C) and (D) of (C) j Related components
Figure FDA0004140934800000033
S402, authority AM k For legitimate data users DU j Generating an attribute private key for DU j Arbitrary attribute i e S in (3) k ,AM k Reading public parameter CP from block chain and using its private key SK k Attribute public Key set { PK k,i |i∈S k Set of attributes S k Calculating to obtain the ith attribute private key
Figure FDA0004140934800000034
S403, authority AM k Using RSA encryption algorithm Enc (pk j ,{ask k,j,i -computing ciphertext { mask) of the user attribute private key set k,j,i |k∈SA,j∈U k ,i∈S k };
S404, authority AM k Recording the public key, attribute set and attribute private key ciphertext of the user to a user attribute list L DU-Att And records the list as a transaction on the blockchain while recording the index TX of the transaction k,j Data consumer DU j According to TX k,j Slave blockchainObtain attribute private key ciphertext and use own private key sk j Decrypting ciphertext to obtain corresponding attribute private key, and in the same way, DU j Obtaining all attribute private keys from other authorities to obtain an attribute private key set { ask } k′,j′,i′ |k′∈SA,j′∈U k′ ,i′∈S k′ }。
6. The blockchain-based revocable distributed attribute-based encryption method of claim 1, wherein the step S50 includes the steps of:
s501, a data provider DP selects a session key kappa, encrypts shared internet of things data M by using an AES symmetric encryption algorithm AES.enc (kappa, M), and calculates a data ciphertext DCT=AES.enc (kappa, M);
S502, a data provider DP formulates a corresponding access control strategy A (A, ρ) for the shared Internet of things data M according to the attribute of the data provider DP and the object which wants to share the data, wherein A is an n×l matrix, and the function ρ is a mapping from the set {1,2, …, n } to the attribute set;
s503, the data provider DP reads the common parameter CP from the generation block and reads the attribute public key set { PK } related to the access control policy from the blockchain k,i |i∈S k Sum of the public key set { PK } and authorization k } k∈SA DP utilizes CP, A (A, ρ), { PK k,i |i∈S k },{PK k } k∈SA Encrypting a session key kappa to generate a session key ciphertext KCT;
the specific process is as follows: DP selects one random number s, v 2 ,v 3 ,…,v l ∈Z N * Construction vector v= < s, v 2 ,v 3 ,…,v l >Lambda is calculated i =A i V, wherein A i Is the ith row of matrix a; selecting l-1 random numbers omega 23 ,…,ω l ∈Z N * Constituting vector ω= < 0, ω 23 ,…,ω l >Calculate ω i =A i Omega for each row A of the access control matrix A i DP randomly selects r i ∈Z N * The KCT was calculated as:
Figure FDA0004140934800000041
Figure FDA0004140934800000042
Figure FDA0004140934800000043
ρ(i)∈S k ,k∈SA}
wherein the method comprises the steps of
Figure FDA0004140934800000046
Representing access control policy, C 0 Representing the result of encrypting the session key, κ represents the session key, β k The private key representing the kth authority, k.epsilon.SA represents the kth authority in the set of authorities SA, e (g, g) represents a bilinear pairing operation, C 1,i ,C 2,i ,C 3,i Represents ciphertext components containing access control policies, ρ (i) represents an attribute corresponding to the ith row of the access control matrix, v k,ρ(i) Representing a kth authority attribute ρ (i) version private key;
s504, the data provider DP will share the data ciphertext DCT of the data M and access control strategy
Figure FDA0004140934800000045
And uploading the session key ciphertext KCT to a cloud server, and recording the address URL for storing the ciphertext and the description information of the shared data M on the blockchain by the cloud server.
7. The blockchain-based revocable distributed attribute-based encryption method of claim 1, wherein the step S60 includes the steps of:
s601, data user DU with wallet address j j Searching the description information of the shared data in the blockchain through the key words, calling a strategy matching function after finding the required information, and enabling the intelligent contract in the blockchain to share the data M only when the attribute of the intelligent contract meets the access control strategy set by the data provider DP x Data ciphertext DCT of (a) x And session key ciphertext KCT x Is sent to DU by storage address URL of (E) j ,DU j Acquiring ciphertext stored in cloud server by DP through address URL, DU j The process of acquiring data is recorded in the shared list L data In (a) and (b);
s602, due to data user DU j To outsource some complex operations of the decryption process to the cloud server, first, DU j Ciphertext KCT using session key x Ciphertext component C of (C) 1,i And its own private key sk j Calculating decryption factor df j :
Figure FDA0004140934800000044
Wherein z is j Data user DU representing wallet address j j Of (a), i.e. z j =sk j
S603, data user DU j Decrypting the factor df over a secure channel j Own public key pk j And attribute private key set { ask } k,j,i |k∈SA,i∈S k Transmitting to a cloud server ESC;
s604, cloud server ESC is in user attribute list L DU-Att Data user DU j Related attribute public key set { PK k,j -computing a common subset P of attributes j,A ={ρ(i):i∈l}∩{PK k,j Where l is a set of row numbers of access control matrix A, for set P j,A The ESC will further check if there is a subset Ic such that Ic is a linear combination of vectors (1, 0, …, 0), if there is, the ESC selects a set of constants { c ] i ∈Z N Where i represents access controlMaking the ith row of the matrix so that Σ i c i A i = (1, 0, …, 0), ESC calculation yields transformed ciphertext CT c
Figure FDA0004140934800000051
Wherein omega i =A i ·ω,λ i =A i V, v· (1, 0, …, 0) =s, ω· (1, 0, …, 0) =0; cloud server ESC transmits CT through secure channel c Transmitting to DU j
S605, data user DU j Obtaining a converted ciphertext CT c Then, the private key sk of the user is utilized j Decrypting CT c Recovering the session key κ:
Figure FDA0004140934800000052
s606, data user DU j Decrypting data ciphertext DCT with session key kappa x Obtaining the shared data M x I.e. M x =Dec(κ,DCT x )。
8. The blockchain-based revocable distributed attribute-based encryption method of claim 1, wherein the step S70 includes the steps of:
s701, suppose data applicant
Figure FDA0004140934800000053
Attribute μ by authority AM k Revocation, AM k Calling a strategy matching function, and screening out the factor of revocation +.>
Figure FDA0004140934800000054
The session key cipher text { KCT } required to be updated for μ attribute of (a) x },AM k Retrieving shared list L data Screening and { KCT } x DP and DU, AM related k Notification checkUpdating the ciphertext or the secret key of the user in the searching result;
s702, authority AM k Reselecting a random value v k,μ ′∈Z N New version private key VK as revocation attribute μ k,μ =v k,μ ' update attribute public key of attribute mu
Figure FDA0004140934800000055
In order to guarantee the security of attribute revocation, DP needs to update key CUK using ciphertext μ Updating ciphertext associated with revocation attribute μ, an unremoved user having revocation attribute μ needs to update key KUK with the key j,μ Updating mu-related key, AM k With its private key SK k New version key VK k,μ ' old version key VK k,μ And attribute public key set of non-revoked users +.>
Figure FDA0004140934800000056
Calculation to get->
Figure FDA0004140934800000057
And
Figure FDA0004140934800000058
s703, authority AM k Recording the process of attribute revocation to revocation list L R-Att In the list and the key update key KUK j,μ Record onto blockchain, then AM k CUK through secure channel μ Sending the encrypted text to a data provider DP needing to be updated;
s704, DP obtains ciphertext update key CUK through secure channel μ Updating session key ciphertext KCT associated with revocation attribute μ x DP reselects the session key kappa', calculates the updated data ciphertext DCT using the AES symmetric encryption algorithm ud Aes. Enc (κ', M), this process may be performed in advance when the attribute is revoked;
s705, partial ciphertext component CT μ ={C 0 ,C 3,i Updating of property revocation efficiency is improved, DP updates KCT using κ' computation x C in (C) 0
Figure FDA0004140934800000061
C 0 Is performed locally in advance, so that the computational overhead of the attribute revocation is to update ciphertext C associated with the revoked attribute μ 3,i DP updates the key CUK with ciphertext μ For KCT x C in (C) 3,i Updating:
Figure FDA0004140934800000062
obtaining updated session key ciphertext KCT ud
Figure FDA0004140934800000063
Figure FDA0004140934800000064
Figure FDA0004140934800000065
Figure FDA0004140934800000066
Figure FDA0004140934800000067
Ciphertext KCT after DP will be updated ud Uploading to a cloud server through AM k Ciphertext providedUpdating the key, the proposed scheme ensures the forward security of the access control system, i.e. if the newly added user has the attribute meeting the access control policy, the session key ciphertext can be decrypted and the user is revoked
Figure FDA0004140934800000068
Using old version of the attribute private key set { ask } k,j,i |k∈SA,i∈S k Failure to decrypt session key ciphertext KCT ud Because the cloud server ESC selects a set of constants { c }, when performing outsourcing decryption i ∈Z N Calculation +.>
Figure FDA0004140934800000069
When the vector (1, 0, …, 0) is not obtained, decryption is stopped, so that the conversion ciphertext cannot be decrypted to obtain the updated session key kappa', and the data ciphertext cannot be decrypted;
s706, after the cipher text of the key is updated, the non-revoked users meeting the cipher text access control policy need to update their attribute private keys, and the authority mechanism AM is in the list L DU-Att Searching the users needing to update the attribute private key and recording the users as a list { list } DU AM notification { list } DU Each user in the } updates the attribute private key, each unremoved user DU with the revoked attribute μ j Wherein DU j Obtaining a corresponding key update key KUK through a smart contract without including a user requiring attribute revocation j,μ ,DU j By KUK j,μ Updating its attribute private key ask k,j,i K in (B) j,μ
Figure FDA0004140934800000071
Wherein K' j,μ Then represents the attribute private key component after the update, v k,μ A version private key representing an attribute μ owned by the kth authority;
obtaining an updated attribute private key ask' k,j,μ
Figure FDA0004140934800000072
Figure FDA0004140934800000073
Due to DU j Wallet address u of (2) j Is unique, and therefore these KUK j,μ Is different for all non-revoked users, so that revoked users
Figure FDA0004140934800000074
KUK of other non-revoked users cannot be used j,μ Updating own secret key, and guaranteeing the backward security of data sharing;
s707, after the unremoved user updates the own attribute private key, acquiring the updated key ciphertext KCT from the cloud server ESC ud Sum data ciphertext DCT ud Step S602, step S603, step S604, step S605, step S606 are repeated, and the non-revoked user first obtains the decryption factor df' j The updated key set { ask } 'is then assembled' k,j,i |k∈SA,i∈S k And its own public key pk j Is sent to the ESC, which selects a set of constants { c i ∈Z N } such that Σ i c i A i = (1, 0, …, 0), then for KCT ud Decryption to obtain converted ciphertext CT' c Then the non-revoked user uses its own private key sk j Recovering the session key kappa', and finally decrypting the DCT using kappa ud Obtaining shared internet of things data M x
CN202310289399.9A 2023-03-22 2023-03-22 Distributed attribute base encryption method based on block chain revocation Pending CN116366320A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310289399.9A CN116366320A (en) 2023-03-22 2023-03-22 Distributed attribute base encryption method based on block chain revocation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310289399.9A CN116366320A (en) 2023-03-22 2023-03-22 Distributed attribute base encryption method based on block chain revocation

Publications (1)

Publication Number Publication Date
CN116366320A true CN116366320A (en) 2023-06-30

Family

ID=86928201

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310289399.9A Pending CN116366320A (en) 2023-03-22 2023-03-22 Distributed attribute base encryption method based on block chain revocation

Country Status (1)

Country Link
CN (1) CN116366320A (en)

Similar Documents

Publication Publication Date Title
Zhang et al. Data security and privacy-preserving in edge computing paradigm: Survey and open issues
Huang et al. Secure data access control with ciphertext update and computation outsourcing in fog computing for Internet of Things
Zhou et al. Achieving secure role-based access control on encrypted data in cloud storage
Jung et al. Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption
Zhu et al. A secure anti-collusion data sharing scheme for dynamic groups in the cloud
Ruj et al. Privacy preserving access control with authentication for securing data in clouds
Kumar et al. Secure storage and access of data in cloud computing
Zhou et al. Efficient and secure data storage operations for mobile cloud computing
Han et al. A data sharing protocol to minimize security and privacy risks of cloud storage in big data era
Shen et al. Secure authentication in cloud big data with hierarchical attribute authorization structure
Lin et al. A collaborative key management protocol in ciphertext policy attribute-based encryption for cloud data sharing
CN114039790B (en) Fine-grained cloud storage security access control method based on blockchain
Fan et al. TraceChain: A blockchain‐based scheme to protect data confidentiality and traceability
Jiang et al. Attribute-based encryption with blockchain protection scheme for electronic health records
Ming et al. Efficient revocable multi-authority attribute-based encryption for cloud storage
Tu et al. A secure, efficient and verifiable multimedia data sharing scheme in fog networking system
Chaudhary et al. RMA-CPABE: A multi-authority CPABE scheme with reduced ciphertext size for IoT devices
Sabitha et al. Multi-level on-demand access control for flexible data sharing in cloud
Eltayieb et al. ASDS: Attribute‐based secure data sharing scheme for reliable cloud environment
Kumar Cryptography during data sharing and accessing over cloud
Wang et al. Privacy‐preserving data search and sharing protocol for social networks through wireless applications
CN116112185A (en) Private data sharing method based on blockchain and zero knowledge proof
Jahan et al. Method for providing secure and private fine-grained access to outsourced data
Zhang et al. Blockchain-aided anonymous traceable and revocable access control scheme with dynamic policy updating for the cloud IoT
Wang et al. Revocable, dynamic and decentralized data access control in cloud storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination