CN116366320A - Distributed attribute base encryption method based on block chain revocation - Google Patents
Distributed attribute base encryption method based on block chain revocation Download PDFInfo
- Publication number
- CN116366320A CN116366320A CN202310289399.9A CN202310289399A CN116366320A CN 116366320 A CN116366320 A CN 116366320A CN 202310289399 A CN202310289399 A CN 202310289399A CN 116366320 A CN116366320 A CN 116366320A
- Authority
- CN
- China
- Prior art keywords
- attribute
- key
- data
- ciphertext
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 70
- 230000007246 mechanism Effects 0.000 claims abstract description 20
- 230000008569 process Effects 0.000 claims description 30
- 239000013256 coordination polymer Substances 0.000 claims description 27
- 238000011217 control strategy Methods 0.000 claims description 25
- 238000004364 calculation method Methods 0.000 claims description 18
- 239000011159 matrix material Substances 0.000 claims description 18
- 239000013598 vector Substances 0.000 claims description 12
- 238000012216 screening Methods 0.000 claims description 6
- 238000006243 chemical reaction Methods 0.000 claims description 5
- 238000013475 authorization Methods 0.000 claims description 4
- 238000013507 mapping Methods 0.000 claims description 4
- 238000010276 construction Methods 0.000 claims description 3
- 238000012946 outsourcing Methods 0.000 claims description 3
- 230000036961 partial effect Effects 0.000 claims description 3
- 238000004321 preservation Methods 0.000 claims description 3
- 238000012795 verification Methods 0.000 claims description 3
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 description 8
- 230000003044 adaptive effect Effects 0.000 description 4
- 230000002829 reductive effect Effects 0.000 description 4
- 238000013500 data storage Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/062—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a distributed attribute-based encryption method based on a block chain revocation, and belongs to the technical fields of block chains, the Internet of things, data sharing and attribute-based encryption (ABE). The technical problem of privacy disclosure in the data sharing scene of the Internet of things is solved. The technical proposal is as follows: the method comprises the following steps: s10, establishing a system; s20, initializing an authority mechanism; s30, registering a user; s40, generating a user attribute private key; s50, encrypting data; s60, data access; s70, user attribute revocation. The beneficial effects of the invention are as follows: and 3, fine granularity safe sharing of the data of the Internet of things is realized by using the block chain and the distributed multi-authority ABE, forward and backward safety of the shared data during attribute revocation is realized, and the attribute revocation efficiency is improved.
Description
Technical Field
The invention relates to the technical fields of blockchain, internet of things, data sharing and attribute-based encryption, in particular to a distributed attribute-based encryption method based on blockchain revocation.
Background
With the rapid development of access and 5G technology of mass terminal devices, internet of things (IoT) has become an indispensable part of people's daily life, complements and supplements technologies such as edge computing and artificial intelligence, and plays an important role in typical applications such as industrial automation, transportation, energy systems and medical care in academia and industry. The world wide internet of things device count by Statista predicted to reach 750 billion by 2025, which produced IoT data of approximately 79.4ZB. While these IoT data often have a certain value, such as patient data collected by medical wearable devices, the accuracy of medical services can be improved. Most of the bottom layers of the existing internet of things application programs are deployed based on data sharing, the internet of things application programs collect internet of things (IoT) data through intelligent sensors and upload the internet of things data to a cloud server, and the cloud server stores and shares the IoT data. At present, ioT data sharing has penetrated into various fields of smart home, smart medical treatment, smart education and the like, and is gradually changing the industrial structure and the economic growth mode, so that the IoT data sharing has important strategic significance and social and economic values. However, ioT data often contains private information of users, which once compromised can pose a serious threat to the security of an individual's property or country. Therefore, how to construct a safe data sharing platform in the environment of the Internet of things has important practical significance.
The advent of attribute-based encryption (ABE) provides a viable solution for secure sharing of IoT data. ABE makes ciphertext and secret key associated with attribute set and access structure, and decryption can be successful only when attribute set satisfies access structure, so as to ensure confidentiality of data. The ABE scheme has the following 4 features: firstly, the data provider only needs to encrypt data according to the attribute, does not need to pay attention to the identity of the user, reduces encryption calculation overhead and protects user privacy; secondly, the user meeting the access control strategy can correctly decrypt the ciphertext, so that the confidentiality of the data is ensured; thirdly, the user key is related to the embedded random number, and keys of different users cannot be combined, so that collusion attack among malicious users is prevented; and fourthly, the ABE mechanism supports a flexible access control strategy and can realize AND, OR, NOT and threshold operation of the attribute. The flexibility, high efficiency and collusion resistance of the ABE enable the ABE to have good application prospects in the fields of fine-grained access control, privacy protection and the like.
The ABE scheme originally proposed can only support a threshold access control policy. To more flexibly represent access control policies, scholars of Bethencourt et al have proposed ciphertext policy attribute-based encryption (CP-ABE). In the CP-ABE scheme, a private key is associated with a set of attributes, and ciphertext is associated with an access control policy. The data provider, in order to share IoT data to people with certain attributes, needs to formulate a corresponding access control policy and embed the policy into the ciphertext. Other users want to acquire the shared data, and then the access control strategy of the ciphertext is satisfied by the attribute of the users, so that the ciphertext can be decrypted. Therefore, the CP-ABE is more suitable for fine-grained secure sharing of data in the environment of the Internet of things. However, the conventional CP-ABE scheme requires a trusted key generation center to manage keys, and generation, distribution and revocation of user attribute private keys are excessively dependent on the key generation center, and when security problems occur in the key generation center, security of the system is seriously threatened.
To improve the security issues of key generation centers, researchers have proposed some blockchain-based data sharing schemes. The blockchain is a distributed account book with a chained structure, integrates the technologies of distributed data storage, a cryptographic algorithm, a peer-to-peer network, a consensus mechanism and the like, and brings hopes for solving the trust problem of a key distribution center and the transparent data sharing process. By means of a consensus mechanism and a distributed data storage technology, the blockchain can provide traceable basis for the generation, distribution and revocation processes of the private key of the user attribute, and absolute trust of a key generation center is reduced. The blockchain can also solve the policy matching problem in the sharing process by utilizing the intelligent contract, and the data provider writes the logic of the policy matching into the intelligent contract so as to automatically execute the policy matching under a specific scene, thereby improving the sharing efficiency and simplifying the sharing process. In addition, the blockchain plays an important role in the transparent sharing process, and compared with the traditional sharing platform, the sharing process recorded in the blockchain is more authentic and reliable. The blockchain ensures the non-falsification of the data by utilizing the cryptography principle, the time stamp and other technologies, and helps each entity in the system establish trust. Therefore, the blockchain is used for storing data in the data sharing scene of the Internet of things, so that fairness, fairness and disclosure of the data sharing process can be ensured.
However, data access is not static and the rights of the user to access the data need to be continually adjusted as the user's attributes change dynamically. Thus, it would be a basic need to support user attribute revocation by which revoked users are prevented from decrypting data ciphertext. Considering that the revoked user may retain the old decryption key, the ciphertext and the key may still need to be updated when the attribute revocation is performed, so that the forward and backward security of the data sharing can be ensured. Therefore, how to realize fine-grained secure sharing of data by using technologies such as blockchain and distributed CP-ABE while guaranteeing IoT data sharing security has important practical significance.
Disclosure of Invention
The invention aims to provide a distributed attribute-based encryption method based on the revocation of a blockchain, which ensures the disclosure, transparency and traceability of a data sharing process in an Internet of things environment by utilizing the blockchain and an attribute-based encryption algorithm, effectively prevents unauthorized users from accessing data, maintains the safety of the shared data, wraps part of decryption computation of the users to a cloud server, greatly reduces the computation cost of the users and improves the operation efficiency of a system.
The invention is characterized in that: the invention provides a distributed attribute-based encryption method based on a block chain revocation, which comprises the steps of firstly, globally initializing a system, constructing the block chain by a system administrator, and generating global public parameters; each authority calculates a corresponding attribute public-private key pair according to the range of the jurisdiction attribute of the authority; a system administrator generates an identity public-private key pair and a digital certificate for a legal user; the authority calculates a corresponding attribute private key for a legal user according to the attribute set governed by the authority; the data provider formulates and encrypts the data of the Internet of things to be shared by utilizing an access control strategy, and uploads the ciphertexts to a cloud server; the data applicant downloads ciphertext of the internet of things data from the cloud server, and can decrypt and obtain shared data only when the attribute set of the user meets the access control strategy of the ciphertext; when one or more attributes of the user are revoked, the data provider needs to update the ciphertext and the data applicant needs to update the attribute private key.
In order to achieve the aim of the invention, the invention adopts the technical scheme that: a distributed attribute-based encryption method based on block chain revocation includes the following steps:
S10, establishing a system, constructing a blockchain by a platform supervisor PS, generating a public parameter CP, and obtaining a corresponding wallet address and public-private key pair (sk) 0 ,pk 0 ). PS will CP and public Key pk 0 Recorded on an created block of the blockchain.
S20, initializing authority mechanisms, and designating a jurisdictional attribute set for each legal authority mechanism AM by the platform supervisor PS. The AM randomly selects two numbers as own private key and version private key of self-managed attribute respectively, and then reads public key pk of public parameters CP and PS from block chain 0 And calculating and obtaining an attribute public key of the administered attribute and an own authorized public key. The AM records the set of attribute public keys, the attribute hash value, and the authorized public key into the blockchain.
S30, registering the user, wherein the user applies for registration to a platform supervisor PS, the PS calculates a public and private key pair and a verification certificate for a legal user, and the public key of the user is used as a transaction record to the blockchain.
S40, generating a user attribute private key, and countingAccording to the application of the attribute private key from the user DU to the authority mechanism AM, the AM verifies the identity of the DU and calculates the attribute private key ask for the legal DU k,j,i . The AM encrypts the attribute private key set by utilizing the public key of the DU and the RSA encryption algorithm, and uploads the list recorded with the attribute private key ciphertext to the blockchain. The DU may obtain the ciphertext of the attribute private key from the blockchain according to the index of the transaction record, and then obtain the attribute private key by decrypting the ciphertext.
S50, data encryption, namely, randomly selecting a session key kappa by a data provider DP, encrypting the internet of things data M to be shared by using an AES symmetric encryption algorithm to obtain a data ciphertext DCT, and then formulating a corresponding access control strategy according to the application range of MThe DP reads a public key set related to the access control strategy from the blockchain, encrypts a session key kappa, calculates a key ciphertext KCT, and then the DP uploads the KCT to the cloud server.
S60, data access, namely, a data user DU calls a strategy matching function to obtain a key ciphertext KCT from a cloud server, and the ciphertext can be decrypted only when the attribute of the DU meets the access control strategy of the ciphertext. First, DU calculates decryption factor df by ciphertext component in KCT j The method comprises the steps of carrying out a first treatment on the surface of the The cloud server then utilizes df j The method comprises the steps of collecting a public key and an attribute private key of a DU, and calculating to obtain a conversion ciphertext CTc; and finally, the DU uses the private key of the DU to decrypt the CTc, recovers the session key kappa, and uses kappa to decrypt the data ciphertext DCT to obtain the shared data M.
S70, user attribute withdrawal, when the authority AM withdraws one or more attributes of the data user DU, the AM invokes a strategy matching algorithm to screen out a session key secret corpus { KCT (key agreement) which needs to be updated x Related data provider DP and data consumer DU. The AM running algorithm calculates to obtain the new attribute public key, ciphertext update key CUK, and key update key KUK. The AM sends the CUK to the DP, which needs to update the ciphertext, over the secure channel, recording KUK into the blockchain. DP updates the corresponding key ciphertext using CUK and the non-revoked user updates its own attribute private key using KUK.
The block chain-based data fine granularity secure sharing method for the Internet of things mainly comprises the following steps: system administrators, data providers, data applicants, authorities, blockchains, cloud servers.
Further, the step S10 includes:
s101, platform supervisor PS builds block chainFor which a unique identity id is selected PS Generate public-private key pair { sk } 0 ,pk 0 };
S102, inputting a safety parameter lambda by a platform supervisor PS, and selecting an order of N=p 1 p 2 p 3 Bilinear group G of (1), where p 1 ,p 2 ,p 3 Is three different large primes, a hash function H {0,1} → G is selected, and the function can map the attribute to the elements in the group G;
s103, order G 1 Representing the order p in group G 1 Randomly selecting a generator G e G 1 The platform supervisor PS gets the common parameter cp= { N, G e G 1 ,H(·)};
S104, the platform supervisor PS secretly stores the private key sk thereof 0 And the public key pk 0 And common parameters CP are recorded into an created block of the blockchain, so that users and authorities can conveniently acquire CPs and pk from the blockchain 0 。
Further, the step S20 includes:
s201, a platform supervisor PS designates a governed attribute set for each authority AM, and the attribute managed by each AM is required to be not repeated;
S202, presume the kth authority AM k The jurisdictional attribute set is S k The platform supervisor PS is a legitimate AM k Wallet address aid is selected as its identity and AM is granted k Corresponding attribute set management authorities;
s203, authority AM k Reading public parameter CP and platform supervisor public key pk from an creative block 0 。AM k Selecting a random number beta k ∈Z N As AM k For any attribute i e S k Further selecting a random number v k,i Version private key VK as attribute i k,i =v k,i ,AM k By beta k And v k,i Calculating to obtain the ith attribute public key
S204, for authority mechanism AM k All the attributes in jurisdiction are used for obtaining the version private key of each attribute by using the method of the step S203 to obtain an attribute version private key set { VK } k,i =v k,i ,v k,i ∈Z N Sum attribute public key set
s206, authority AM k Requiring secret preservation of its private key beta k And version private key VK k,i ,AM k Public key { PK of each attribute corresponding to each attribute i k,i |i∈S k A set of hash values { H (i) |i ε S } k Public key PK k Record to authority list L AM-att The list is recorded into the blockchain.
Further, the step S30 includes:
s301, when the data provider DP and the data user DU join the system, the data provider DP and the data user DU need to apply for registration to the platform supervisor PS first and submit the identity description information Info DU (e.g., name, mailbox, etc.), after passing the PS authentication, selecting a wallet address uid as its identity for the legitimate user;
s302, according to wallet address uid of user, PS selects two random numbers u uid ,z uid ∈Z N Calculating a public key of the userAnd private key sk uid =z uid ;
S303, the platform supervisor PS verifies the identity of the user for the convenience of the authority and uses the private key sk thereof 0 Computing digital signatures for usersGenerating a digital certificate Cert (uid) of the user;
s304, the platform supervisor PS transmits the public and private key pair (pk) through the secret channel uid ,sk uid ) And a digital certificate Cert (uid) is sent to the user, and the pk of the user is sent to the user uid Recorded on the blockchain.
Further, the step S40 includes:
s401, assuming wallet address is j, data user DU j To the kth authority AM k Application attribute private key, U k Is AM k User set in domain, SA is authority set, j E U k ,k∈SA,AM k The managed attribute set is S k ,DU j Attribute i e S of application k 。DU j In order to obtain the attribute private key, the method comprises the following steps of k At the same time of filing the application, sending the own digital certificate Cert (uid) to the AM k ,AM k Reading the public key pk of platform supervisor PS from the blockchain 0 Validating DUs j Obtain the identity of (C) and (D) of (C) j Related components
S402, authority AM k For legitimate data users DU j Generating an attribute private key for DU j Arbitrary attribute i e S in (3) k ,AM k Reading public parameter CP from block chain and using its private key SK k Attribute public Key set { PK k,i |i∈S k Set of attributes S k Calculating to obtain the ith attribute private key
S403, authority AM k By RSAEncryption algorithm Enc (pk j ,{ask k,j,i -computing ciphertext { mask) of the user attribute private key set k,j,i |k∈SA,j∈U k ,i∈S k };
S404, authority AM k Recording the public key, attribute set and attribute private key ciphertext of the user to a user attribute list L DU-Att And records the list as a transaction on the blockchain while recording the index TX of the transaction j,k . Data consumer DU j According to TX j,k Acquiring attribute private key ciphertext from block chain and using private key sk of the attribute private key ciphertext j And decrypting the ciphertext to obtain the corresponding attribute private key. In the same way, DU j Obtaining all attribute private keys from other authorities to obtain an attribute private key set { ask } k′,j′,i′ |k′∈SA,j′∈U k′ ,i′∈S k′ }。
Further, the step S50 includes:
s501, a data provider DP selects a session key kappa, encrypts shared internet of things data M by using an AES symmetric encryption algorithm AES.enc (kappa, M), and calculates a data ciphertext DCT=AES.enc (kappa, M);
s502, the data provider DP formulates a corresponding access control strategy for the shared Internet of things data M according to the attribute of the data provider DP and the object desiring to share the data Where A is an n×l matrix and the function ρ is a mapping from the set {1,2, …, n } to the set of attributes;
s503, the data provider DP reads the common parameter CP from the generation block and reads the attribute public key set { PK } related to the access control policy from the blockchain k,i |i∈S k Sum of the public key set { PK } and authorization k } k∈SA The DP uses the CP to determine the channel quality of the signal,{PK k,i |i∈S k },{PK k } k∈SA the session key κ is encrypted to generate a session key ciphertext KCT. The specific process is as follows: DP selects one followerNumber of machines s, v 2 ,v 3 ,…,v l ∈Z N * Construction vector v= < s, v 2 ,v 3 ,…,v l >Lambda is calculated i =A i V, wherein A i Is the ith row of matrix a; selecting l-1 random numbers omega 2 ,ω 3 ,…,ω l ∈Z N * Constituting vector ω= < 0, ω 2 ,ω 3 ,…,ω l >Calculate ω i =A i Omega. For each row a of the access control matrix a i DP randomly selects r i ∈Z N * The KCT was calculated as:
ρ(i)∈S k ,k∈SA}
wherein A (A, ρ) represents an access control policy, C 0 Representing the result of encrypting the session key, κ represents the session key, β k The private key representing the kth authority, k.epsilon.SA represents the kth authority in the set of authorities SA, e (g, g) represents a bilinear pairing operation, C 1,i ,C 2,i ,C 3,i Represents ciphertext components containing access control policies, ρ (i) represents an attribute corresponding to the ith row of the access control matrix, v k,ρ(i) Represents the kth authority attribute ρ (i) version private key.
S504, the data provider DP uploads the data ciphertext DCT, the access control strategy A (A, ρ) and the session key ciphertext KCT of the shared data M to a cloud server, and the cloud server records the address URL storing the ciphertext and the description information of the shared data M on a blockchain.
Further, the step S60 includes:
s601, data user DU with wallet address j j Searching the description information of the shared data in the blockchain through the key words, calling a strategy matching function after finding the required information, and enabling the intelligent contract in the blockchain to share the data M only when the attribute of the intelligent contract meets the access control strategy set by the data provider DP x Data ciphertext DCT of (a) x And session key ciphertext KCT x Is sent to DU by storage address URL of (E) j ,DU j Ciphertext stored in the cloud server by the DP may be obtained through the address URL. DU (data Unit) j The process of acquiring data is recorded in the shared list L data In (a) and (b);
s602, due to data user DU j Is limited, some complex operations of the decryption process need to be outsourced to the cloud server. First, DU j Ciphertext KCT using session key x Ciphertext component C of (C) 1,i And its own private key sk j Calculating decryption factor df j :
Wherein z is j Data user DU representing wallet address j j Of (a), i.e. z j =sk j 。
S603, data user DU j Decrypting the factor df over a secure channel j Own public key pk j And attribute private key set { ask } k,j,i |k∈SA,i∈S k Transmitting to a cloud server ESC;
s604, cloud server ESC is in user attribute list L DU-Att Data user DU j Related attribute public key set { PK k,j -computing a common subset P of attributes j,A ={ρ(i):i∈l}∩{PK k,j Where l is a set of row numbers of access control matrix a. For set P j,A The ESC will further check if the subset Ic is present such that Ic is a linear combination of vectors (1, 0, …, 0). If present, the ESC selects a set of constants { c i ∈Z N (where i represents)Access the ith row of the control matrix such that Σ i c i A i = (1, 0, …, 0), ESC calculation yields transformed ciphertext CT c :
Wherein omega i =A i ·ω,λ i =A i V, v· (1, 0, …, 0) =s, ω· (1, 0, …, 0) =0. Cloud server ESC transmits CT through secure channel c Transmitting to DU j ;
S605, data user DU j Obtaining a converted ciphertext CT c Then, the private key sk of the user is utilized j Decrypting CT c Recovering the session key κ:
s606, data user DU j Decrypting data ciphertext DCT with session key kappa x Obtaining the shared data M x I.e. M x =Dec(κ,DCT x )。
Further, the step S70 includes:
s701, suppose data applicantAttribute μ by authority AM k Revocation, AM k Calling a strategy matching function, and screening out the factor of revocation +.>The session key cipher text { KCT } required to be updated for μ attribute of (a) x },AM k Retrieving shared list L data Screening and { KCT } x DP and DU, AM related k Notifying the user in the search result to update the ciphertext or the secret key of the user;
S702, authority AM k Reselecting a random value v k,μ ′∈Z N New version private key VK as revocation attribute μ k,μ =v k,μ ' update attribute public key of attribute muIn order to guarantee the security of attribute revocation, DP needs to update key CUK using ciphertext μ Updating ciphertext associated with revocation attribute μ, an unremoved user having revocation attribute μ needs to update key KUK with the key j,μ The key associated with mu is updated. AM (AM) k With its private key SK k New version key VK k,μ ' old version key VK k,μ And attribute public key set of non-revoked users +.>Calculation to get->And
s703, authority AM k Recording the process of attribute revocation to revocation list L R-Att In the list and the key update key KUK j,μ Record onto blockchain, then AM k CUK through secure channel μ Sending the encrypted text to a data provider DP needing to be updated;
s704, DP obtains ciphertext update key CUK through secure channel μ Updating session key ciphertext KCT associated with revocation attribute μ x . DP reselects the session key kappa', calculates the updated data ciphertext DCT using the AES symmetric encryption algorithm ud Aes. Enc (κ', M), this process may be performed in advance when the attribute is revoked;
s705, partial ciphertext component CT μ ={C 0 ,C 3,i Updates of property revocation can be greatly improved by DP updating KCT using κ' computation x C in (C) 0 :
C 0 The calculation of (a) can also be locally advancedProceeding so that the primary computational overhead of attribute revocation is to update ciphertext C associated with the revoked attribute μ 3,i DP updates the key CUK with ciphertext μ For KCT x C in (C) 3,i Updating:
obtaining updated session key ciphertext KCT ud :
Ciphertext KCT after DP will be updated ud Uploading the cloud server. By AM (AM) k The provided ciphertext updating key and the proposal can ensure the forward security of the access control system, namely, if a newly added user has the attribute meeting the access control strategy, the session key ciphertext can be decrypted. And revoke the userUsing old version of the attribute private key set { ask } k,j,i |k∈SA,i∈S k Failure to decrypt session key ciphertext KCT ud Because the cloud server ESC selects a set of constants { c }, when performing outsourcing decryption i ∈Z N Calculation +.>When the vector (1, 0, …, 0) is not available, decryption will stop. Therefore, the updated session key kappa' cannot be obtained by decrypting the conversion ciphertext, and further the data ciphertext cannot be decrypted;
s706, after the cipher text of the key is updated, the non-revoked users meeting the cipher text access control policy need to update their attribute private keys. Authority AM on list L DU-Att Searching the users needing to update the attribute private key and recording the users as a list { list } DU AM notification { list } DU Each user in the list updates the attribute private key. Each non-revoked user DU having a revoke attribute μ j Wherein DU j Obtaining a corresponding key update key KUK through a smart contract without including a user requiring attribute revocation j,μ ,DU j By KUK j,μ Updating its attribute private key ask k,j,i K in (B) j,μ :
Wherein K is j ′ ,μ Then represents the attribute private key component after the update. v k,μ A version private key representing the attribute μ owned by the kth authority.
Obtaining an updated attribute private key ask' k,j,μ :
Due to DU j Wallet address u of (2) j Is unique, and therefore these KUK j,μ Is different for all non-revoked users, so that revoked usersFailure to use other non-revoked usesKUK of the household j,μ Updating own secret key, and guaranteeing the backward security of data sharing;
s707, after the unremoved user updates the own attribute private key, acquiring the updated key ciphertext KCT from the cloud server ESC ud Sum data ciphertext DCT ud . Repeating the steps of S602, S603, S604, S605, S606, the undegraded user first obtains the decryption factor df j ' the updated key set { ask } ' is then used ' k,j,i |k∈SA,i∈S k And its own public key pk j To the ESC. ESC selects a set of constants { c i ∈Z N } such that Σ i c i A i = (1, 0, …, 0), then for KCT ud Decryption to obtain converted ciphertext CT' c Then the non-revoked user uses its own private key sk j Recovering the session key kappa', and finally decrypting the DCT using kappa ud Obtaining shared internet of things data M x 。
Compared with the prior art, the invention has the beneficial effects that:
(1) According to the distributed attribute-based encryption method based on the blockchain revocation, the blockchain and the distributed attribute-based encryption scheme are combined, and the trust problem of key distribution is mapped from an authority mechanism to a distributed account book by utilizing a commonly-driven blockchain framework, so that decentralized key management in the Internet of things environment is realized.
(2) According to the distributed attribute-based encryption method based on the block chain revocation, the sharing process of the whole internet traffic (IoT) data is recorded on the block chain, and the fairness, fairness and disclosure of the data sharing process are guaranteed by utilizing the characteristics of non-falsification, traceability and auditability of the block chain.
(3) According to the block chain-based revocable distributed attribute-based encryption method, the distributed attribute-based encryption scheme is applied to data sharing of the Internet of things, fine-grained authorization of user data is achieved while user privacy is protected, unauthorized users are effectively prevented from accessing the data, and safety of data sharing of the Internet of things is guaranteed.
(4) According to the distributed attribute-based encryption method based on the blockchain revocation, provided by the invention, the intelligent contracts in the blockchain are utilized to assist the authority to realize revocation of the user attributes, the data provider updates the ciphertext related to the revoked attributes, and the user does not revoke the attribute private key of the user, so that the forward and backward safety of shared data is ensured, and the attribute revocation efficiency is improved.
(5) According to the invention, technologies such as blockchain and attribute-based encryption are combined, fine-granularity safe sharing of the data of the Internet of things is realized, collusion attack among malicious nodes is effectively resisted, and forward and backward safety of the sharing process is ensured.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate the invention and together with the embodiments of the invention, serve to explain the invention.
FIG. 1 is a flow chart of a blockchain-based revocable distributed attribute-based encryption method provided by the invention.
Fig. 2 is a model diagram of a distributed attribute-based encryption method based on blockchain revocation according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. Of course, the specific embodiments described herein are for purposes of illustration only and are not intended to limit the invention.
Examples
Referring to fig. 1 to 2, the present embodiment provides a blockchain-based revocable distributed attribute-based encryption method, which includes: system administrators, data providers, data applicants, authorities, blockchains, cloud servers.
The method comprises the following steps:
s10, establishing a system, constructing a blockchain by a platform supervisor PS, generating a public parameter CP, and obtaining a corresponding wallet address and public-private key pair (sk) 0 ,pk 0 ). PS will CP and public Key pk 0 Wound recorded in blockchainThe world block.
S20, initializing authority mechanisms, and designating a jurisdictional attribute set for each legal authority mechanism AM by the platform supervisor PS. The AM randomly selects two numbers as own private key and version private key of self-managed attribute respectively, and then reads public key pk of public parameters CP and PS from block chain 0 And calculating and obtaining an attribute public key of the administered attribute and an own authorized public key. The AM records the set of attribute public keys, the attribute hash value, and the authorized public key into the blockchain.
S30, registering the user, wherein the user applies for registration to a platform supervisor PS, the PS calculates a public and private key pair and a verification certificate for a legal user, and the public key of the user is used as a transaction record to the blockchain.
S40, generating a user attribute private key, applying the attribute private key to an authority mechanism AM by a data user DU, verifying the identity of the DU by the AM, and calculating an attribute private key ask for the legal DU k,j,i . The AM encrypts the attribute private key set by utilizing the public key of the DU and the RSA encryption algorithm, and uploads the list recorded with the attribute private key ciphertext to the blockchain. The DU may obtain the ciphertext of the attribute private key from the blockchain according to the index of the transaction record, and then obtain the attribute private key by decrypting the ciphertext.
S50, data encryption, namely, randomly selecting a session key kappa by a data provider DP, encrypting the internet of things data M to be shared by using an AES symmetric encryption algorithm to obtain a data ciphertext DCT, and then formulating a corresponding access control strategy according to the application range of MThe DP reads a public key set related to the access control strategy from the blockchain, encrypts a session key kappa, calculates a key ciphertext KCT, and then the DP uploads the KCT to the cloud server.
S60, data access, namely, a data user DU calls a strategy matching function to obtain a key ciphertext KCT from a cloud server, and the ciphertext can be decrypted only when the attribute of the DU meets the access control strategy of the ciphertext. First, DU calculates decryption factor df by ciphertext component in KCT j The method comprises the steps of carrying out a first treatment on the surface of the The cloud server then utilizes df j Public key and attribute private key set of DU, calculation and acquisition transferCiphertext CTc is converted; and finally, the DU uses the private key of the DU to decrypt the CTc, recovers the session key kappa, and uses kappa to decrypt the data ciphertext DCT to obtain the shared data M.
S70, user attribute withdrawal, when the authority AM withdraws one or more attributes of the data user DU, the AM invokes a strategy matching algorithm to screen out a session key secret corpus { KCT (key agreement) which needs to be updated x Related data provider DP and data consumer DU. The AM running algorithm calculates to obtain the new attribute public key, ciphertext update key CUK, and key update key KUK. The AM sends the CUK to the DP, which needs to update the ciphertext, over the secure channel, recording KUK into the blockchain. DP updates the corresponding key ciphertext using CUK and the non-revoked user updates its own attribute private key using KUK.
The block chain-based revocable distributed attribute-based encryption method mainly comprises the following steps: system administrators, data owners, data applicants, authorities, blockchains, cloud servers.
The step S10 specifically includes the following steps:
s101, platform supervisor PS builds block chainFor which a unique identity id is selected PS Generate public-private key pair { sk } 0 ,pk 0 };
S102, inputting a safety parameter lambda by a platform supervisor PS, and selecting an order of N=p 1 p 2 p 3 Bilinear group G of (1), where p 1 ,p 2 ,p 3 Is three different large primes, a hash function H {0,1} → G is selected, and the function can map the attribute to the elements in the group G;
s103, order G 1 Representing the order p in group G 1 Randomly selecting a generator G e G 1 The platform supervisor PS gets the common parameter cp= { N, G e G 1 ,H(·)};
S104, the platform supervisor PS secretly stores the private key sk thereof 0 And the public key pk 0 And common parameters CP are recorded into an created block of the block chain, so that the user and the authority are facilitated to followAcquiring CP and pk in blockchain 0 。
Step S20 includes the steps of:
s201, a platform supervisor PS designates a governed attribute set for each authority AM, and the attribute managed by each AM is required to be not repeated;
s202, presume the kth authority AM k The jurisdictional attribute set is S k The platform supervisor PS is a legitimate AM k Wallet address aid is selected as its identity and AM is granted k Corresponding attribute set management authorities;
s203, authority AM k Reading public parameter CP and platform supervisor public key pk from an creative block 0 。AM k Selecting a random number beta k ∈Z N As AM k For any attribute i e S k Further selecting a random number v k,i Version private key VK as attribute i k,i =v k,i ,AM k By beta k And v k,i Calculating to obtain the ith attribute public key
S204, for authority mechanism AM k All the attributes in jurisdiction are used for obtaining the version private key of each attribute by using the method of the step S203 to obtain an attribute version private key set { VK } k,i =v k,i ,v k,i ∈Z N Sum attribute public key set
s206, authority AM k Requiring secret preservation of its private key beta k And version private key VK k,i ,AM k Public key { PK of each attribute corresponding to each attribute i k,i |i∈S k A set of hash values { H (i) |i ε S } k Public key PK k Record to authority list L AM-att The list is recorded into the blockchain.
Step S30 includes the steps of:
s301, when the data provider DP and the data user DU join the system, the data provider DP and the data user DU need to apply for registration to the platform supervisor PS first and submit the identity description information Info DU (e.g., name, mailbox, etc.), after passing the PS authentication, selecting a wallet address uid as its identity for the legitimate user;
s302, according to wallet address uid of user, PS selects two random numbers u uid ,z uid ∈Z N Calculating a public key of the userAnd private key sk uid =z uid ;
S303, the platform supervisor PS verifies the identity of the user for the convenience of the authority and uses the private key sk thereof 0 Computing digital signatures for users Generating a digital certificate Cert (uid) of the user;
s304, the platform supervisor PS transmits the public and private key pair (pk) through the secret channel uid ,sk uid ) And a digital certificate Cert (uid) is sent to the user, and the pk of the user is sent to the user uid Recorded on the blockchain.
Step S40 includes the steps of:
s401, assuming wallet address is j, data user DU j To the kth authority AM k Application attribute private key, U k Is AM k User set in domain, SA is authority set, j E U k ,k∈SA,AM k The managed attribute set is S k ,DU j Attribute i e S of application k 。DU j In order to obtain the attribute private key, the method comprises the following steps of k At the same time of filing the application, sending the own digital certificate Cert (uid) to the AM k ,AM k Reading the public key pk of platform supervisor PS from the blockchain 0 Validating DUs j Is obtained by the identity of (a)Wherein and DU j Related components
S402, authority AM k For legitimate data users DU j Generating an attribute private key for DU j Arbitrary attribute i e S in (3) k ,AM k Reading public parameter CP from block chain and using its private key SK k Attribute public Key set { PK k,i |i∈S k Set of attributes S k Calculating to obtain the ith attribute private key
S403, authority AM k Using RSA encryption algorithm Enc (pk j ,{ask k,j,i -computing ciphertext { mask) of the user attribute private key set k,j,i |k∈SA,j∈U k ,i∈S k };
S404, authority AM k Recording the public key, attribute set and attribute private key ciphertext of the user to a user attribute list L DU-Att And records the list as a transaction on the blockchain while recording the index TX of the transaction j,k . Data consumer DU j According to TX j,k Acquiring attribute private key ciphertext from block chain and using private key sk of the attribute private key ciphertext j And decrypting the ciphertext to obtain the corresponding attribute private key. In the same way, DU j Obtaining all attribute private keys from other authorities to obtain an attribute private key set { ask } k′,j′,i′ |k′∈SA,j′∈U k′ ,i′∈S k′ }。
Step S50 includes the steps of:
s501, a data provider DP selects a session key kappa, encrypts shared internet of things data M by using an AES symmetric encryption algorithm AES.enc (kappa, M), and calculates a data ciphertext DCT=AES.enc (kappa, M);
s502, the data provider DP formulates a corresponding access control strategy for the shared Internet of things data M according to the attribute of the data provider DP and the object desiring to share the dataWhere A is an n×l matrix and the function ρ is a mapping from the set {1,2, …, n } to the set of attributes;
s503, the data provider DP reads the common parameter CP from the generation block and reads the attribute public key set { PK } related to the access control policy from the blockchain k,i |i∈S k Sum of the public key set { PK } and authorization k } k∈SA The DP uses the CP to determine the channel quality of the signal,{PK k,i |i∈S k },{PK k } k∈SA the session key κ is encrypted to generate a session key ciphertext KCT. The specific process is as follows: DP selects one random number s, v 2 ,v 3 ,…,v l ∈Z N * Construction vector v= < s, v 2 ,v 3 ,…,v l >Lambda is calculated i =A i V, wherein A i Is the ith row of matrix a; selecting l-1 random numbers omega 2 ,ω 3 ,…,ω l ∈Z N * Constituting vector ω= < 0, ω 2 ,ω 3 ,…,ω l >Calculate ω i =A i Omega. For each row a of the access control matrix a i DP randomly selects r i ∈Z N * The KCT was calculated as:
ρ(i)∈S k ,k∈SA}
wherein the method comprises the steps ofRepresenting access control policy, C 0 Representing the result of encrypting the session key, κ represents the session key, β k The private key representing the kth authority, k.epsilon.SA represents the kth authority in the set of authorities SA, e (g, g) represents a bilinear pairing operation, C 1,i ,C 2,i ,C 3,i Represents ciphertext components containing access control policies, ρ (i) represents an attribute corresponding to the ith row of the access control matrix, v k,ρ(i) Represents the kth authority attribute ρ (i) version private key.
S504, the data provider DP will share the data ciphertext DCT of the data M and access control strategyAnd uploading the session key ciphertext KCT to a cloud server, and recording the address URL for storing the ciphertext and the description information of the shared data M on the blockchain by the cloud server.
Step S60 includes the steps of:
s601, data user DU with wallet address j j Searching the description information of the shared data in the blockchain through the key words, calling a strategy matching function after finding the required information, and enabling the intelligent contract in the blockchain to share the data M only when the attribute of the intelligent contract meets the access control strategy set by the data provider DP x Data ciphertext DCT of (a) x And session key ciphertext KCT x Is sent to DU by storage address URL of (E) j ,DU j Ciphertext stored in the cloud server by the DP may be obtained through the address URL. DU (data Unit) j The process of acquiring data is recorded in the shared list L data In (a) and (b);
s602, due to data user DU j Is limited, some complex operations of the decryption process need to be outsourced to the cloud server. First, DU j Ciphertext KCT using session key x Ciphertext component C of (C) 1,i And its own private key sk j Calculating decryption factor df j :
Wherein z is j Data user DU representing wallet address j j Of (a), i.e. z j =sk j 。
S603, data user DU j Decrypting the factor df over a secure channel j Own public key pk j And attribute private key set { ask } k,j,i |k∈SA,i∈S k Transmitting to a cloud server ESC;
s604, cloud server ESC is in user attribute list L DU-Att Data user DU j Related attribute public key set { PK k,j -computing a common subset P of attributes j,A ={ρ(i):i∈l}∩{PK k,j Where l is a set of row numbers of access control matrix a. For set P j,A The ESC will further check if the subset Ic is present such that Ic is a linear combination of vectors (1, 0, …, 0). If present, the ESC selects a set of constants { c i ∈Z N I represents the ith row of the access control matrix, such that Σ i c i A i = (1, 0, …, 0), ESC calculation yields transformed ciphertext CT c :
Wherein omega i =A i ·ω,λ i =A i V, v· (1, 0, …, 0) =s, ω· (1, 0, …, 0) =0. Cloud server ESC transmits CT through secure channel c Transmitting to DU j ;
S605, data user DU j Obtaining a converted ciphertext CT c Then, the private key sk of the user is utilized j Decrypting CT c Recovering the session key κ:
s606, data user DU j Decrypting data ciphertext DCT with session key kappa x Obtaining the shared data M x I.e. M x =Dec(κ,DCT x )。
Step S70 includes the steps of:
s701, suppose data applicantAttribute μ by authority AM k Revocation, AM k Calling a strategy matching function, and screening out the factor of revocation +.>The session key cipher text { KCT } required to be updated for μ attribute of (a) x },AM k Retrieving shared list L data Screening and { KCT } x DP and DU, AM related k Notifying the user in the search result to update the ciphertext or the secret key of the user;
s702, authority AM k Reselecting a random value v k,μ ′∈Z N New version private key VK as revocation attribute μ k,μ =v k,μ ' update attribute public key of attribute muIn order to guarantee the security of attribute revocation, DP needs to update key CUK using ciphertext μ Updating ciphertext associated with revocation attribute μ, an unremoved user having revocation attribute μ needs to update key KUK with the key j,μ The key associated with mu is updated. AM (AM) k With its private key SK k New version key VK k,μ ' old version key VK k,μ And attribute public key set of non-revoked users +.>Calculation to get->And
s703, authority AM k Recording the process of attribute revocation to revocation list L R-Att In the list and the key update key KUK j,μ Recording onto a blockchainThen AM k CUK through secure channel μ Sending the encrypted text to a data provider DP needing to be updated;
s704, DP obtains ciphertext update key CUK through secure channel μ Updating session key ciphertext KCT associated with revocation attribute μ x . DP reselects the session key kappa', calculates the updated data ciphertext DCT using the AES symmetric encryption algorithm ud Aes. Enc (κ', M), this process may be performed in advance when the attribute is revoked;
s705, partial ciphertext component CT μ ={C 0 ,C 3,i Updates of property revocation can be greatly improved by DP updating KCT using κ' computation x C in (C) 0 :
C 0 The calculation of (2) may also be performed locally in advance, so the main computational overhead of the attribute revocation is to update ciphertext C associated with the revoked attribute μ 3,i DP updates the key CUK with ciphertext μ For KCT x C in (C) 3,i Updating:
obtaining updated session key ciphertext KCT ud :
Ciphertext KCT after DP will be updated ud Uploading the cloud server. By AM (AM) k The provided ciphertext updating key and the proposal can ensure the forward security of the access control system, namely, if a newly added user has the attribute meeting the access control strategy, the session key ciphertext can be decrypted. And revoke the user Using old version of the attribute private key set { ask } k,j,i |k∈SA,i∈S k Failure to decrypt session key ciphertext KCT ud Because the cloud server ESC selects a set of constants { c }, when performing outsourcing decryption i ∈Z N Calculation +.>When the vector (1, 0, …, 0) is not available, decryption will stop. Therefore, the updated session key kappa' cannot be obtained by decrypting the conversion ciphertext, and further the data ciphertext cannot be decrypted;
s706, after the cipher text of the key is updated, the non-revoked users meeting the cipher text access control policy need to update their attribute private keys. Authority AM on list L DU -searching the Att for the user who needs to update the attribute private key and recording it as a list { list } DU AM notification { list } DU Each user in the list updates the attribute private key. Each non-revoked user DU having a revoke attribute μ j Wherein DU j Obtaining a corresponding key update key KUK through a smart contract without including a user requiring attribute revocation j,μ ,DU j By KUK j,μ Updating its attribute private key ask k,j,i K in (B) j,μ :
Wherein K is j ′ ,μ Then represents the attribute private key component after the update. v k,μ A version private key representing the attribute μ owned by the kth authority.
Obtaining an updated attribute private key ask' k,j,μ :
Due to DU j Wallet address u of (2) j Is unique, and therefore these KUK j,μ Is different for all non-revoked users, so that revoked users KUK of other non-revoked users cannot be used j,μ Updating own secret key, and guaranteeing the backward security of data sharing; />
S707, after the unremoved user updates the own attribute private key, acquiring the updated key ciphertext KCT from the cloud server ESC ud Sum data ciphertext DCT ud . Repeating the steps of S602, S603, S604, S605, S606, the undegraded user first obtains the decryption factor df j ' the updated key set { ask } ' is then used ' k,j,i |k∈SA,i∈S k And its own public key pk j To the ESC. ESC selects a set of constants { c i ∈Z N } such that Σ i c i A i = (1, 0, …, 0), then for KCT ud Decryption to obtain converted ciphertext CT' c Then the non-revoked user uses its own private key sk j Recovering the session key kappa', and finally decrypting the DCT using kappa ud Obtaining shared internet of things data M x 。
In this embodiment, the aspects of the function, calculation overhead, storage overhead, and the like of the scheme are compared with the related scheme. The functions of the comparison scheme mainly consider the use of groups, the safety of attribute revocation and the like; meter with a meter bodyThe calculation cost comparison mainly considers the key generation time, the data encryption time, the data decryption time and the attribute revocation time; the storage overhead comparison mainly considers the storage overhead of the user, the storage overhead of the blockchain and the storage overhead of the cloud server. Wherein AM represents authority, ESC represents cloud server, DU represents user, G q Is a group of order prime number q, the bit length of q is 160 bits, E q Is group G q An exponentiation of m q Is group G q A multiplication operation, p q Is group G q A bilinear pair operation. Suppose G i Is of order prime number p i I=1, 2,3, p i Bit length of 517 bits, E i Is group G i An exponentiation of m i Is group G i Last multiplication operation, p i Is group G i And (3) carrying out double pair operation on the attribute, wherein R represents the number of the revoked attributes. NN (N) A Representing the number of all AMs in the cloud storage system, |q| represents group G q Is, |p| represents the group G 1 Size, n uid,i Representation DU uid Attribute number, n aid,i Representation of AM aid The managed attribute quantity, TX, represents the transaction size, and AMM represents the data storage module in the trusted cloud server.
Table 1 functional comparison of the schemes
Table 1 gives a comparison of this embodiment and other schemes in terms of attribute revocation security. Scheme 1 is built based on the complex order group, satisfying the adaptive security, but the scheme cannot revoke the user's attributes. The scheme 2 is constructed based on prime order groups, only meets the selection security, and the scheme 2 realizes the attribute revocation function by using a blockchain, but realizes the access control of data only through an access control list, does not update a secret key and a ciphertext, and does not meet the backward security of user attribute revocation. Scheme 3 does not meet the backward security, and ciphertext is updated by utilizing a cloud server, so that collusion attack cannot be resisted. In scheme 4, there is a completely trusted entity AMM, but in the distributed internet of things scenario, it is difficult to find a completely trusted entity. However, solutions 2,3, and 4 only satisfy the weaker selective security model, i.e., the attribute set of the revoked user is selected before the system is initialized, while in the actual IoT scenario, the attacker can adaptively select the attribute set of the revoked user, so that solutions 2,3, and 4 cannot satisfy the security requirement of the actual IoT application scenario. The embodiment can meet the safety requirement of the adaptive user attribute revocation, does not need any trust center, records the process of the user attribute revocation to the distributed account book of the blockchain, updates the version key component in the ciphertext and the secret key in a chain uplink and downlink combined mode, and achieves the forward and backward safety of the user attribute revocation.
Table 2 comparison of computational overhead
Table 2 shows some improvements of this example: (1) Data decryption is very important for IoT devices with limited computing power, and in this embodiment, only one exponentiation operation and one multiplication operation are needed, and bilinear peer-to-peer complex operations in the decryption process are outsourced to a cloud server for execution, so that a user can obtain IoT raw data only by executing a small amount of simple computation. Therefore, the data decryption algorithm of the present embodiment is faster than that of schemes 1 and 2; (2) The main computational overhead of attribute revocation is ciphertext update and key update. The ciphertext updating in this embodiment is the fastest in all schemes, and the data provider only needs to update the session key ciphertext at p 1 Order group G 1 The more the number of attributes to be revoked, the more obvious our solution is the advantage. The key update phase, our scheme, has a slightly higher computational overhead than schemes 3 and 4, but the differences are within acceptable limits. (3) Compared with the scheme 1 and the scheme 2, the embodiment can ensure the forward and backward safety of data sharing; compared with the schemes 2, 3 and 4, the embodiment has higher security level, allows the system to adaptively revoke the attribute of the user, and satisfies the requirement of the prior attribute revocation of the adaptive user The backward and forward security is more suitable for fine-grained secure sharing of data in an untrusted internet of things scene.
Table 3 store overhead contrast
Table 3 shows the user (DU), blockchainAnd storage overhead of a storage module (AMM) in the cloud server. The key design in the scheme 3 is complex, and the user terminal stores the attribute public-private key pair, so that the storage pressure of the IoT terminal device is increased. When the user attribute updating frequency is high, the user frequently acquires the key updating key KUK from the authority, the communication expense of the user and the authority is huge, and if the interaction amount is increased in a short time, the system can be blocked or even down. In addition, the security of the data transmission process cannot be guaranteed, data cannot be traced by malicious theft and tampering, and the security of data sharing is seriously threatened. To solve this problem, scheme 4 introduces a trusted entity AMM, records the attribute public keys managed by all Authorities (AM), and the interactive data between entities is received and broadcast by AMM. Although the storage overhead of the user can be reduced by using the interactive information between the AMM storage entities, the storage overhead of the system is increased. When the user attribute is revoked, the key update key KUK and the updated attribute public key PK' uid,i Recorded into AMM, AMM will KUK and PK' uid,i The overhead of system communication for this procedure is doubled compared to scheme 3, which is sent to the non-revoked users. In addition, in an untrusted internet of things scenario, most entities are semi-trusted, the assumption of scheme 4 is too strong, a trusted centralized server hardly exists in an IoT scenario, and when an AMM has a problem, the security of the system cannot be guaranteed. The invention adopts the blockchain technology to replace an AMM trusted centralized server, does not need any trusted entity, maps the trust of a system depending on an authority mechanism to a distributed account book, records the mapping relation between a data applicant and the attribute thereof, and utilizes an intelligent contract to assist the authority mechanism to realize the user belongingsAnd (3) the revocation of the property, and the process record of the user attribute revocation is uplink. Although the blockchain adds additional storage overhead, it can reduce the storage overhead of users at the system level, guarantee the security of data sharing, play an important role in untrusted IoT scenarios. When a user applies for the attribute private key, the attribute public key and the attribute private key ciphertext record are uplink, so that the storage overhead of the user internet of things (IoT) terminal equipment is reduced, and the absolute trust problem of the user to the authority is solved. When the data provider executes the encryption algorithm, the attribute public key is acquired through the intelligent contract, local storage is not needed, the storage overhead of the data provider is reduced, the acquisition process of the attribute public key is traceable and non-tamperable, and the integrity and verifiability of the shared data are ensured. When the user attribute is revoked, the authority links up KUK records, users which are not revoked call the revoked contracts to obtain KUK, the attribute private key is updated under the links, the updated ciphertext can be correctly decrypted by using the updated attribute private key, the users which are revoked cannot update the attribute private key, and the updated ciphertext cannot be decrypted by using the old version private key, so that the forward and backward safety of shared data is ensured. In a word, compared with scheme 3, we realize the user attribute to cancel, have raised the security that the data shares; compared with scheme 4, we do not depend on any trusted entity, have a higher security level, meet the forward and backward security of adaptive user attribute revocation, and are more suitable for secure sharing of data in untrusted IoT scenarios.
The foregoing description of the preferred embodiments of the invention is not intended to limit the invention to the precise form disclosed, and any such modifications, equivalents, and alternatives falling within the spirit and scope of the invention are intended to be included within the scope of the invention.
Claims (8)
1. A block chain-based revocable distributed attribute-based encryption method is characterized by comprising the following steps:
s10, establishing a system, constructing a blockchain by a platform supervisor PS, generating a public parameter CP, and obtaining a corresponding wallet address and public-private key pair (sk) 0 ,pk 0 ) PS will CP and public Key pk 0 Recording in the world of a blockchainOn the block;
s20, initializing authority mechanisms, enabling a platform supervisor PS to assign an attribute set of jurisdiction for each legal authority mechanism AM, enabling the AM to randomly select two numbers to serve as private keys of the AM and version private keys of the attribute managed by the AM, and then reading public parameters CP and public keys pk of the PS from a blockchain 0 Calculating to obtain an attribute public key and an own authorized public key of the administered attribute, and recording the attribute public key set, the attribute hash value and the authorized public key into a blockchain by an AM;
s30, registering the user, wherein the user applies for registration to a platform supervisor PS, the PS calculates a public and private key pair and a verification certificate for a legal user, and the public key of the user is used as a transaction record to a blockchain;
S40, generating a user attribute private key, applying the attribute private key to an authority mechanism AM by a data user DU, verifying the identity of the DU by the AM, and calculating an attribute private key ask for the legal DU k,j,i The AM encrypts the attribute private key set by utilizing the public key of the DU and an RSA encryption algorithm, uploads a list recorded with the attribute private key ciphertext to a blockchain, the DU acquires the attribute private key ciphertext from the blockchain according to the index of the transaction record, and then acquires the attribute private key by decrypting the ciphertext;
s50, data encryption, namely, randomly selecting a session key kappa by a data provider DP, encrypting the internet of things data M to be shared by using an AES symmetric encryption algorithm to obtain a data ciphertext DCT, and then formulating a corresponding access control strategy according to the application range of MThe DP reads a public key set related to the access control strategy from the blockchain, encrypts a session key kappa, calculates a key ciphertext KCT, and then the DP uploads the KCT to the cloud server;
s60, data access, wherein a data user DU calls a strategy matching function to obtain a key ciphertext KCT from a cloud server, and can decrypt the ciphertext only when the attribute of the DU meets the access control strategy of the ciphertext, and firstly, the DU calculates a decryption factor df by utilizing a ciphertext component in the KCT j The method comprises the steps of carrying out a first treatment on the surface of the The cloud server then utilizes df j Public key and attribute private key set of DU, calculationObtaining a conversion ciphertext CTc; finally, the DU uses the private key of the DU to decrypt the CTc, recovers the session key kappa, and uses kappa to decrypt the data ciphertext DCT to obtain the shared data M;
s70, user attribute withdrawal, when the authority AM withdraws one or more attributes of the data user DU, the AM invokes a strategy matching algorithm to screen out a session key secret corpus { KCT (key agreement) which needs to be updated x The related data provider DP and the data user DU are used, the AM operation algorithm calculates and obtains a new attribute public key, a ciphertext update key CUK and a key update key KUK, the AM sends the CUK to the DP needing to update the ciphertext through a secure channel, KUK is recorded in a blockchain, the DP uses the CUK to update the corresponding key ciphertext, and the non-revoked user uses KUK to update the own attribute private key;
the distributed attribute-based encryption method based on the blockchain revocation comprises the following steps: system administrators, data owners, data applicants, authorities, blockchains, cloud servers.
2. The blockchain-based revocable distributed attribute-based encryption method of claim 1, wherein the step S10 includes the steps of:
s101, platform supervisor PS builds block chain For which a unique identity id is selected PS Generate public-private key pair { sk } 0 ,pk 0 };
S102, inputting a safety parameter lambda by a platform supervisor PS, and selecting an order of N=p 1 p 2 p 3 Bilinear group G of (1), where p 1 ,p 2 ,p 3 Is three different large primes, a hash function H {0,1} → G is selected, and the function maps the attribute to the elements in the group G;
s103, order G 1 Representing the order p in group G 1 Randomly selecting a generator G e G 1 The platform supervisor PS gets the common parameter cp= { N, G e G 1 ,H(·)};
S104, platform monitoringThe manager PS keeps its private key sk secret 0 And the public key pk 0 And common parameters CP are recorded into an created block of the blockchain, so that users and authorities can conveniently acquire CPs and pk from the blockchain 0 。
3. The blockchain-based revocable distributed attribute-based encryption method of claim 1, wherein the step S20 includes the steps of:
s201, a platform supervisor PS designates a governed attribute set for each authority AM, and the attribute managed by each AM is required to be not repeated;
s202, presume the kth authority AM k The jurisdictional attribute set is S k The platform supervisor PS is a legitimate AM k Wallet address aid is selected as its identity and AM is granted k Corresponding attribute set management authorities;
S203, authority AM k Reading public parameter CP and platform supervisor public key pk from an creative block 0 ,AM k Selecting a random number beta k ∈Z N As AM k For any attribute i e S k Further selecting a random number v k,i Version private key VK as attribute i k,i =v k,i ,AM k By beta k And v k,i Calculating to obtain the ith attribute public key
S204, for authority mechanism AM k All the attributes in jurisdiction are used for obtaining the version private key of each attribute by using the method of the step S203 to obtain an attribute version private key set { VK } k,i =v k,i ,v k,i ∈Z N Sum attribute public key set
s206, authority AM k Requiring secret preservation of its private key beta k And version private key VK k,i ,AM k Public key { PK of each attribute corresponding to each attribute i k,i |i∈S k A set of hash values { H (i) |i ε S } k Public key PK k Record to authority list L AM-att The list is recorded into the blockchain.
4. The blockchain-based revocable distributed attribute-based encryption method of claim 1, wherein the step S30 includes the steps of:
s301, when the data provider DP and the data user DU join the system, the data provider DP and the data user DU need to apply for registration to the platform supervisor PS first and submit the identity description information Info DU After passing the PS authentication, selecting a wallet address uid as an identity of a legal user;
s302, according to wallet address uid of user, PS selects two random numbers u uid ,z uid ∈Z N Calculating a public key of the userAnd private key sk uid =z uid ;
S303, the platform supervisor PS verifies the identity of the user for the convenience of the authority and uses the private key sk thereof 0 Computing digital signatures for usersGenerating a digital certificate Cert (uid) of the user;
s304, the platform supervisor PS transmits the public and private key pair (pk) through the secret channel uid ,sk uid ) And a digital certificate Cert (uid) is sent to the user, and the pk of the user is sent to the user uid Recorded on the blockchain.
5. The blockchain-based revocable distributed attribute-based encryption method of claim 1, wherein the step S40 includes the steps of:
s401, assuming wallet address is j, data user DU j To the kth authority AM k Application attribute private key, U k Is AM k User set in domain, SA is authority set, j E U k ,k∈SA,AM k The managed attribute set is S k ,DU j Attribute i e S of application k ,DU j In order to obtain the attribute private key, the method comprises the following steps of k At the same time of filing the application, sending the own digital certificate Cert (uid) to the AM k ,AM k Reading the public key pk of platform supervisor PS from the blockchain 0 Validating DUs j Obtain the identity of (C) and (D) of (C) j Related components
S402, authority AM k For legitimate data users DU j Generating an attribute private key for DU j Arbitrary attribute i e S in (3) k ,AM k Reading public parameter CP from block chain and using its private key SK k Attribute public Key set { PK k,i |i∈S k Set of attributes S k Calculating to obtain the ith attribute private key
S403, authority AM k Using RSA encryption algorithm Enc (pk j ,{ask k,j,i -computing ciphertext { mask) of the user attribute private key set k,j,i |k∈SA,j∈U k ,i∈S k };
S404, authority AM k Recording the public key, attribute set and attribute private key ciphertext of the user to a user attribute list L DU-Att And records the list as a transaction on the blockchain while recording the index TX of the transaction k,j Data consumer DU j According to TX k,j Slave blockchainObtain attribute private key ciphertext and use own private key sk j Decrypting ciphertext to obtain corresponding attribute private key, and in the same way, DU j Obtaining all attribute private keys from other authorities to obtain an attribute private key set { ask } k′,j′,i′ |k′∈SA,j′∈U k′ ,i′∈S k′ }。
6. The blockchain-based revocable distributed attribute-based encryption method of claim 1, wherein the step S50 includes the steps of:
s501, a data provider DP selects a session key kappa, encrypts shared internet of things data M by using an AES symmetric encryption algorithm AES.enc (kappa, M), and calculates a data ciphertext DCT=AES.enc (kappa, M);
S502, a data provider DP formulates a corresponding access control strategy A (A, ρ) for the shared Internet of things data M according to the attribute of the data provider DP and the object which wants to share the data, wherein A is an n×l matrix, and the function ρ is a mapping from the set {1,2, …, n } to the attribute set;
s503, the data provider DP reads the common parameter CP from the generation block and reads the attribute public key set { PK } related to the access control policy from the blockchain k,i |i∈S k Sum of the public key set { PK } and authorization k } k∈SA DP utilizes CP, A (A, ρ), { PK k,i |i∈S k },{PK k } k∈SA Encrypting a session key kappa to generate a session key ciphertext KCT;
the specific process is as follows: DP selects one random number s, v 2 ,v 3 ,…,v l ∈Z N * Construction vector v= < s, v 2 ,v 3 ,…,v l >Lambda is calculated i =A i V, wherein A i Is the ith row of matrix a; selecting l-1 random numbers omega 2 ,ω 3 ,…,ω l ∈Z N * Constituting vector ω= < 0, ω 2 ,ω 3 ,…,ω l >Calculate ω i =A i Omega for each row A of the access control matrix A i DP randomly selects r i ∈Z N * The KCT was calculated as:
ρ(i)∈S k ,k∈SA}
wherein the method comprises the steps ofRepresenting access control policy, C 0 Representing the result of encrypting the session key, κ represents the session key, β k The private key representing the kth authority, k.epsilon.SA represents the kth authority in the set of authorities SA, e (g, g) represents a bilinear pairing operation, C 1,i ,C 2,i ,C 3,i Represents ciphertext components containing access control policies, ρ (i) represents an attribute corresponding to the ith row of the access control matrix, v k,ρ(i) Representing a kth authority attribute ρ (i) version private key;
s504, the data provider DP will share the data ciphertext DCT of the data M and access control strategyAnd uploading the session key ciphertext KCT to a cloud server, and recording the address URL for storing the ciphertext and the description information of the shared data M on the blockchain by the cloud server.
7. The blockchain-based revocable distributed attribute-based encryption method of claim 1, wherein the step S60 includes the steps of:
s601, data user DU with wallet address j j Searching the description information of the shared data in the blockchain through the key words, calling a strategy matching function after finding the required information, and enabling the intelligent contract in the blockchain to share the data M only when the attribute of the intelligent contract meets the access control strategy set by the data provider DP x Data ciphertext DCT of (a) x And session key ciphertext KCT x Is sent to DU by storage address URL of (E) j ,DU j Acquiring ciphertext stored in cloud server by DP through address URL, DU j The process of acquiring data is recorded in the shared list L data In (a) and (b);
s602, due to data user DU j To outsource some complex operations of the decryption process to the cloud server, first, DU j Ciphertext KCT using session key x Ciphertext component C of (C) 1,i And its own private key sk j Calculating decryption factor df j :
Wherein z is j Data user DU representing wallet address j j Of (a), i.e. z j =sk j ;
S603, data user DU j Decrypting the factor df over a secure channel j Own public key pk j And attribute private key set { ask } k,j,i |k∈SA,i∈S k Transmitting to a cloud server ESC;
s604, cloud server ESC is in user attribute list L DU-Att Data user DU j Related attribute public key set { PK k,j -computing a common subset P of attributes j,A ={ρ(i):i∈l}∩{PK k,j Where l is a set of row numbers of access control matrix A, for set P j,A The ESC will further check if there is a subset Ic such that Ic is a linear combination of vectors (1, 0, …, 0), if there is, the ESC selects a set of constants { c ] i ∈Z N Where i represents access controlMaking the ith row of the matrix so that Σ i c i A i = (1, 0, …, 0), ESC calculation yields transformed ciphertext CT c :
Wherein omega i =A i ·ω,λ i =A i V, v· (1, 0, …, 0) =s, ω· (1, 0, …, 0) =0; cloud server ESC transmits CT through secure channel c Transmitting to DU j ;
S605, data user DU j Obtaining a converted ciphertext CT c Then, the private key sk of the user is utilized j Decrypting CT c Recovering the session key κ:
s606, data user DU j Decrypting data ciphertext DCT with session key kappa x Obtaining the shared data M x I.e. M x =Dec(κ,DCT x )。
8. The blockchain-based revocable distributed attribute-based encryption method of claim 1, wherein the step S70 includes the steps of:
s701, suppose data applicantAttribute μ by authority AM k Revocation, AM k Calling a strategy matching function, and screening out the factor of revocation +.>The session key cipher text { KCT } required to be updated for μ attribute of (a) x },AM k Retrieving shared list L data Screening and { KCT } x DP and DU, AM related k Notification checkUpdating the ciphertext or the secret key of the user in the searching result;
s702, authority AM k Reselecting a random value v k,μ ′∈Z N New version private key VK as revocation attribute μ k,μ =v k,μ ' update attribute public key of attribute muIn order to guarantee the security of attribute revocation, DP needs to update key CUK using ciphertext μ Updating ciphertext associated with revocation attribute μ, an unremoved user having revocation attribute μ needs to update key KUK with the key j,μ Updating mu-related key, AM k With its private key SK k New version key VK k,μ ' old version key VK k,μ And attribute public key set of non-revoked users +.>Calculation to get->And
s703, authority AM k Recording the process of attribute revocation to revocation list L R-Att In the list and the key update key KUK j,μ Record onto blockchain, then AM k CUK through secure channel μ Sending the encrypted text to a data provider DP needing to be updated;
s704, DP obtains ciphertext update key CUK through secure channel μ Updating session key ciphertext KCT associated with revocation attribute μ x DP reselects the session key kappa', calculates the updated data ciphertext DCT using the AES symmetric encryption algorithm ud Aes. Enc (κ', M), this process may be performed in advance when the attribute is revoked;
s705, partial ciphertext component CT μ ={C 0 ,C 3,i Updating of property revocation efficiency is improved, DP updates KCT using κ' computation x C in (C) 0 :
C 0 Is performed locally in advance, so that the computational overhead of the attribute revocation is to update ciphertext C associated with the revoked attribute μ 3,i DP updates the key CUK with ciphertext μ For KCT x C in (C) 3,i Updating:
obtaining updated session key ciphertext KCT ud :
Ciphertext KCT after DP will be updated ud Uploading to a cloud server through AM k Ciphertext providedUpdating the key, the proposed scheme ensures the forward security of the access control system, i.e. if the newly added user has the attribute meeting the access control policy, the session key ciphertext can be decrypted and the user is revokedUsing old version of the attribute private key set { ask } k,j,i |k∈SA,i∈S k Failure to decrypt session key ciphertext KCT ud Because the cloud server ESC selects a set of constants { c }, when performing outsourcing decryption i ∈Z N Calculation +.>When the vector (1, 0, …, 0) is not obtained, decryption is stopped, so that the conversion ciphertext cannot be decrypted to obtain the updated session key kappa', and the data ciphertext cannot be decrypted;
s706, after the cipher text of the key is updated, the non-revoked users meeting the cipher text access control policy need to update their attribute private keys, and the authority mechanism AM is in the list L DU-Att Searching the users needing to update the attribute private key and recording the users as a list { list } DU AM notification { list } DU Each user in the } updates the attribute private key, each unremoved user DU with the revoked attribute μ j Wherein DU j Obtaining a corresponding key update key KUK through a smart contract without including a user requiring attribute revocation j,μ ,DU j By KUK j,μ Updating its attribute private key ask k,j,i K in (B) j,μ :
Wherein K' j,μ Then represents the attribute private key component after the update, v k,μ A version private key representing an attribute μ owned by the kth authority;
obtaining an updated attribute private key ask' k,j,μ :
Due to DU j Wallet address u of (2) j Is unique, and therefore these KUK j,μ Is different for all non-revoked users, so that revoked usersKUK of other non-revoked users cannot be used j,μ Updating own secret key, and guaranteeing the backward security of data sharing;
s707, after the unremoved user updates the own attribute private key, acquiring the updated key ciphertext KCT from the cloud server ESC ud Sum data ciphertext DCT ud Step S602, step S603, step S604, step S605, step S606 are repeated, and the non-revoked user first obtains the decryption factor df' j The updated key set { ask } 'is then assembled' k,j,i |k∈SA,i∈S k And its own public key pk j Is sent to the ESC, which selects a set of constants { c i ∈Z N } such that Σ i c i A i = (1, 0, …, 0), then for KCT ud Decryption to obtain converted ciphertext CT' c Then the non-revoked user uses its own private key sk j Recovering the session key kappa', and finally decrypting the DCT using kappa ud Obtaining shared internet of things data M x 。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310289399.9A CN116366320A (en) | 2023-03-22 | 2023-03-22 | Distributed attribute base encryption method based on block chain revocation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310289399.9A CN116366320A (en) | 2023-03-22 | 2023-03-22 | Distributed attribute base encryption method based on block chain revocation |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116366320A true CN116366320A (en) | 2023-06-30 |
Family
ID=86928201
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310289399.9A Pending CN116366320A (en) | 2023-03-22 | 2023-03-22 | Distributed attribute base encryption method based on block chain revocation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116366320A (en) |
-
2023
- 2023-03-22 CN CN202310289399.9A patent/CN116366320A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Zhang et al. | Data security and privacy-preserving in edge computing paradigm: Survey and open issues | |
Huang et al. | Secure data access control with ciphertext update and computation outsourcing in fog computing for Internet of Things | |
Zhou et al. | Achieving secure role-based access control on encrypted data in cloud storage | |
Jung et al. | Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption | |
Zhu et al. | A secure anti-collusion data sharing scheme for dynamic groups in the cloud | |
Ruj et al. | Privacy preserving access control with authentication for securing data in clouds | |
Kumar et al. | Secure storage and access of data in cloud computing | |
Zhou et al. | Efficient and secure data storage operations for mobile cloud computing | |
Han et al. | A data sharing protocol to minimize security and privacy risks of cloud storage in big data era | |
Shen et al. | Secure authentication in cloud big data with hierarchical attribute authorization structure | |
Lin et al. | A collaborative key management protocol in ciphertext policy attribute-based encryption for cloud data sharing | |
CN114039790B (en) | Fine-grained cloud storage security access control method based on blockchain | |
Fan et al. | TraceChain: A blockchain‐based scheme to protect data confidentiality and traceability | |
Jiang et al. | Attribute-based encryption with blockchain protection scheme for electronic health records | |
Ming et al. | Efficient revocable multi-authority attribute-based encryption for cloud storage | |
Tu et al. | A secure, efficient and verifiable multimedia data sharing scheme in fog networking system | |
Chaudhary et al. | RMA-CPABE: A multi-authority CPABE scheme with reduced ciphertext size for IoT devices | |
Sabitha et al. | Multi-level on-demand access control for flexible data sharing in cloud | |
Eltayieb et al. | ASDS: Attribute‐based secure data sharing scheme for reliable cloud environment | |
Kumar | Cryptography during data sharing and accessing over cloud | |
Wang et al. | Privacy‐preserving data search and sharing protocol for social networks through wireless applications | |
CN116112185A (en) | Private data sharing method based on blockchain and zero knowledge proof | |
Jahan et al. | Method for providing secure and private fine-grained access to outsourced data | |
Zhang et al. | Blockchain-aided anonymous traceable and revocable access control scheme with dynamic policy updating for the cloud IoT | |
Wang et al. | Revocable, dynamic and decentralized data access control in cloud storage |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |