CN116484392A - Data encryption method, attribute authorization center and storage medium - Google Patents
Data encryption method, attribute authorization center and storage medium Download PDFInfo
- Publication number
- CN116484392A CN116484392A CN202210049415.2A CN202210049415A CN116484392A CN 116484392 A CN116484392 A CN 116484392A CN 202210049415 A CN202210049415 A CN 202210049415A CN 116484392 A CN116484392 A CN 116484392A
- Authority
- CN
- China
- Prior art keywords
- key
- user
- access
- attribute
- access user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 68
- 238000012545 processing Methods 0.000 claims description 17
- 238000013524 data verification Methods 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 5
- 238000004364 calculation method Methods 0.000 description 25
- 230000008901 benefit Effects 0.000 description 19
- 238000004422 calculation algorithm Methods 0.000 description 14
- 230000006870 function Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 5
- 238000010276 construction Methods 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009467 reduction Effects 0.000 description 2
- 238000004088 simulation Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention provides a data encryption method, an attribute authorization center and a storage medium, wherein the data encryption method is applied to the attribute authorization center in an attribute encryption system and comprises the following steps: acquiring a system public key and a system master key; obtaining a user private key of the access user according to the system public key, the system master key, the acquired key generation information and the identity identification information of the access user, wherein the identity identification information is independently bound with the access user, and the key generation information is associated with the access user; when the condition that the plaintext to be encrypted of the access user is encrypted to obtain the ciphertext is determined, the ciphertext is decrypted according to the user private key of the access user to obtain the plaintext to be encrypted. In the embodiment of the invention, the attribute authorization center can accurately find out the malicious user causing the key leakage through the stored identity information so as to cancel the authority of the malicious user, effectively correct the vulnerability of the attribute encryption system and improve the security performance of the attribute encryption system.
Description
Technical Field
The embodiment of the invention relates to the technical field of information security, in particular to a data encryption method, an attribute authorization center and a computer readable storage medium.
Background
The key disclosure is a problem to be solved in the current attribute encryption (Attribute Based Encryption, ABE) system, because ABE belongs to a broadcast encryption mode, users with the same attribute share the same private key, and thus malicious users may intentionally disclose own private key, thereby causing the key disclosure, in this case, which user is a malicious user intentionally causing the key disclosure cannot be accurately found, and thus the vulnerability of the ABE system cannot be effectively corrected, resulting in the security performance reduction of the ABE system.
Disclosure of Invention
The following is a summary of the subject matter described in detail herein. This summary is not intended to limit the scope of the claims.
The embodiment of the invention provides a data encryption method, an attribute authorization center and a computer readable storage medium, which can improve the security performance of an attribute encryption system.
In a first aspect, an embodiment of the present invention provides a data encryption method, which is applied to an attribute authorization center in an attribute encryption system, including:
acquiring a system public key and a system master key;
obtaining a user private key of an access user according to the system public key, the system master key, the obtained key generation information and the identity information of the access user, wherein the identity information is independently bound with the access user, and the key generation information is associated with the access user;
And when the condition that the plaintext to be encrypted of the access user is encrypted to obtain the ciphertext is determined, decrypting the ciphertext according to the user private key of the access user to obtain the plaintext to be encrypted.
In a second aspect, an embodiment of the present invention further provides an attribute authority, including: a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the data encryption method as described in the first aspect above when executing the computer program.
In a third aspect, embodiments of the present invention further provide a computer-readable storage medium storing computer-executable instructions for performing the data encryption method according to the first aspect above.
The embodiment of the invention comprises a data encryption method applied to an attribute authorization center in an attribute encryption system, which comprises the following steps: acquiring a system public key and a system master key; obtaining a user private key of the access user according to the system public key, the system master key, the acquired key generation information and the identity identification information of the access user, wherein the identity identification information is independently bound with the access user, and the key generation information is associated with the access user; when the condition that the plaintext to be encrypted of the access user is encrypted to obtain the ciphertext is determined, the ciphertext is decrypted according to the user private key of the access user to obtain the plaintext to be encrypted. According to the scheme provided by the embodiment of the invention, under the condition that the system public key, the system master key and the key generation information related to the access user are obtained, the identity information uniquely bound to the access user is embedded in the user private key of the access user, and then the data encryption processing is carried out according to the user private key of the access user, when the key leakage occurs due to the illegal disclosure of the user private key of a malicious user, the attribute authority center can accurately find out which user is the malicious user which intentionally causes the key leakage through the stored identity information, so that the authority of the malicious user is further withdrawn, the vulnerability of the attribute encryption system is effectively corrected, and the safety performance of the attribute encryption system is improved.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate and do not limit the invention.
FIG. 1 is a schematic diagram of an attribute authority for performing a data encryption method according to one embodiment of the present invention;
FIG. 2 is a flow chart of a data encryption method provided by one embodiment of the present invention;
FIG. 3 is a flowchart of a method for obtaining a system public key and a system master key in a data encryption method according to an embodiment of the present invention;
FIG. 4 is a flowchart of a method for encrypting data to obtain a user private key of an accessing user according to an embodiment of the present invention;
FIG. 5 is a flowchart of a method for encrypting data according to another embodiment of the present invention, wherein a user private key of an accessing user is obtained;
Fig. 6 is a schematic diagram of encrypting a plaintext to be encrypted by an access user to obtain a ciphertext according to a data encryption method according to an embodiment of the present invention;
fig. 7 is a schematic diagram of a ciphertext obtained by encrypting a plaintext to be encrypted by an access user in a data encryption method according to another embodiment of the present invention;
FIG. 8 is a flow chart of a data encryption method provided by another embodiment of the present invention;
FIG. 9 is a flowchart of an embodiment of a method for data encryption for identity tracking of multiple access users;
FIG. 10 is a flowchart of an embodiment of a method for encrypting data for identity tracking of multiple access users;
fig. 11 is a schematic diagram of an attribute authority according to another embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
It should be noted that although functional block division is performed in the apparatus schematic and logical order is shown in the flowchart, in some cases, the steps shown or described may be performed in a different order than block division in the apparatus or in the flowchart. The terms first, second and the like in the description and in the claims and in the above-described figures, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
The invention provides a data encryption method, an attribute authorization center and a computer readable storage medium, wherein under the condition that a system public key, a system master key and key generation information related to an access user are acquired, identity information uniquely bound to the access user is embedded in a user private key of the access user, and then data encryption processing is carried out according to the user private key of the access user, when a malicious user illegally discloses the user private key, and key leakage occurs, the attribute authorization center can accurately find out which user is a malicious user deliberately causing key leakage through the stored identity information, so that the authority of the malicious user is further withdrawn, thereby effectively correcting the vulnerability of an attribute encryption system and improving the safety performance of the attribute encryption system.
Embodiments of the present invention will be further described below with reference to the accompanying drawings.
Referring to fig. 1, fig. 1 is a schematic diagram of an attribute authority 110 for performing a data encryption method according to an embodiment of the present invention.
In the example of fig. 1, the attribute authority 110 is a part of the attribute encryption system 100 and is applied to the field of data security encryption application in cloud computing, wherein based on an attribute encryption mechanism of the attribute encryption system 100, related access users can safely share data to a designated user on an untrusted server, a key and ciphertext of the access user are associated with descriptive attribute sets and access policies, and only when the related attribute sets and the access policies are matched, one key can decrypt one specific ciphertext. Attribute-based encryption can be divided into two categories, attribute-based encryption of key policies (Key Policy Attribute Based Encryption, KP-ABE) in which an access user's key is associated with an access policy specified by an authorizer and attribute-based encryption of ciphertext policies (Ciphertext Policy Attribute Based Encryption, CP-ABE) in which an access user's key is marked by a descriptive set of attributes and ciphertext is associated with an access policy specified by an encryptor. In the above application scenario, the attribute authorization center 110 existing in the attribute encryption system 100 may define related attributes in the system, distribute the private key of the user, and cooperate to perform data encryption processing.
It should be noted that, the attribute authority 110 has a storage function, and may record related key parameters, and based on this feature, embodiments of the present invention further find out the identity of the user who maliciously reveals the key through the attribute authority 110.
The attribute authority 110 in the attribute encryption system 100 may include a memory and a processor, respectively, where the memory and the processor may be connected by a bus or other means.
The memory, as a non-transitory computer readable storage medium, may be used to store non-transitory software programs as well as non-transitory computer executable programs. In addition, the memory may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory remotely located relative to the processor, the remote memory being connectable to the processor through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The attribute authorization center 110 and the application scenario in the attribute encryption system 100 described in the embodiments of the present invention are for more clearly describing the technical solution of the embodiments of the present invention, and do not constitute a limitation on the technical solution provided by the embodiments of the present invention, and those skilled in the art can know that, with the evolution of the attribute authorization center 110 and the appearance of the new application scenario in the attribute encryption system 100, the technical solution provided by the embodiments of the present invention is equally applicable to similar technical problems.
It will be appreciated by those skilled in the art that the attribute authority 110 shown in fig. 1 is not limiting of embodiments of the present invention and may include more or fewer components than shown, or certain components may be combined, or a different arrangement of components.
In the attribute authority 110 shown in fig. 1, the attribute authority 110 may call its stored data encryption program to cooperate with performing the data encryption method.
Based on the above-mentioned structure of the attribute authority 110, various embodiments of the data encryption method of the present invention are presented, and in order to more clearly and clearly illustrate the working principle and flow of the present invention, the following embodiments are mainly described based on the cases of the attribute encryption (Key Tracing Key Policy Attribute based Encryption, KT-KP-ABE) of the key policy for key leakage tracking and the attribute encryption (Key Tracing Ciphertext Policy Attribute based Encryption, KT-CP-ABE) of the ciphertext policy for key leakage tracking, respectively.
As shown in fig. 2, fig. 2 is a flowchart of a data encryption method according to an embodiment of the present invention, which may be applied to, but not limited to, the attribute authority shown in the embodiment of fig. 1, and includes, but is not limited to, steps S100 to S300.
Step S100: a system public key and a system master key are obtained.
In an embodiment, the initial key parameters of the attribute authority are determined by acquiring a system public key and a system master key, so as to further determine a key of the access user according to the determined system public key and the determined system master key, wherein the system public key can be shared by the attribute authority and the access user, and the system master key is kept private and secret by the attribute authority, generally speaking, the system public key and the system master key can be calculated according to a specific algorithm, and specific examples will be given below.
In the example of fig. 3, step S100 includes, but is not limited to, step S110.
Step S110: and initializing the input security parameters to obtain a system public key and a system master key.
In an embodiment, the corresponding security parameters are preset and input to the attribute authorization center for initialization processing, so that a system public key and a system master key are obtained through conversion, and the characteristics of the security parameters under attribute encryption can be well characterized and meet the attribute encryption requirements based on the system public key and the system master key obtained through processing in the mode, wherein the mode of initialization processing includes, but is not limited to, bilinear mapping and the like, and a person skilled in the art can also correspondingly set the mode of initialization processing according to an actual application scene, which is not limited in the embodiment.
Specific examples are given below to illustrate the working principles and flow of the above embodiments.
Example one:
described in terms of simultaneous adaptation to KT-KP-ABE and KT-CP-ABE, based on Setup (1 λ ) And (PP, MSK), inputting a security parameter lambda, constructing bilinear mapping and other related parameters, and finally outputting a system public key PP and a system master key MSK, wherein the PP is shared by an attribute authorization center and an access user, the MSK is kept private and secret by the attribute authorization center, and a specific initialization algorithm is shown in the following example.
Setup(1 λ ) → (PP, MSK): inputting a security parameter lambda, the calculation steps include, but are not limited to:
1) Two multiplication loop groups G defining prime number p-order 1 And G 2 And define G as G 1 Defining bilinear maps
2) Defining a hash function H 1 :{0,1} * →G 1 ;
3) For attribute set { A i Each attribute in the sequence is selected to be a random number(this parameter is constant/random number) and calculating +.>
4) Selecting(the parameter is constant/random number), calculate
5) Definition of Lagrange interpolation function
Wherein i is E Z p (the parameter is constant/random number), S is Z p A group of elements in (a);
6) According to the above calculation steps, output:
system master key MSK= { t i ,y,u};
System public key
Step S200: and obtaining a user private key of the access user according to the system public key, the system master key, the acquired key generation information and the identity identification information of the access user, wherein the identity identification information is independently bound with the access user, and the key generation information is related to the access user.
In an embodiment, based on the determined system public key and system master key, and the key generation information and the identity information associated with the access user, the user private key of the access user can be accurately calculated, and the identity information uniquely bound to the access user is embedded in the user private key of the access user.
It can be understood that, because the identity information of different access users is different, other users cannot acquire the key by using the identity information, and once the condition of key disclosure occurs, it can be determined that the malicious user corresponding to the identity information is necessarily subject to key disclosure, so that the malicious user revealing the key can be accurately determined.
It should be noted that, the presentation forms of the identification information may be various, and those skilled in the art may set the presentation forms according to the actual application scenario, which is not limited in this embodiment.
In the example of fig. 4, in the case where the key generation information is an access control structure associated with an access user, step S200 includes, but is not limited to, steps S210 to S220.
Step S210: performing key generation processing on the system public key, the system master key and the acquired access control structure to obtain a first attribute private key;
step S220: and inserting the identification information of the access user into the first attribute private key to obtain the user private key of the access user.
In an embodiment, based on an access control structure associated with an access user, a system public key and a system master key are combined to perform key generation processing, so that a first attribute private key can be accurately obtained, the first attribute private key is kept private and secret by an attribute authorization center, in this case, the user private key of the access user is obtained by inserting the identity information of the access user into the first attribute private key, so that the attribute authorization center can store the identity information of the access user, and a malicious user can be accurately found out through the stored identity information under the condition that key leakage possibly occurs.
In this scenario, the user private key of the access user is finally obtained based on the access control structure associated with the access user, which is an encryption scheme related to KT-KP-ABE.
Specific examples are given below to illustrate the working principles and flow of the above embodiments.
Example two:
key Generation (PP, MSK, id, gamma) to (SK) for KT-KP-ABE id ) Inputting the identity information id of the access user, the access control structure gamma, the generated system public key PP and the system master key MSK, and finally outputting the traceable user private key SK id The calculation steps include, but are not limited to:
1) The access control structure in this scheme employs an access tree, where p is defined x A polynomial for each node x in the tree structure; defining p for root node root in access tree structure root (0) For non-root nodes in the access tree structure, define p =y x (0)=p parent(x) (index(x)) 。
2) In order to achieve the purpose of tracking malicious users, a unique identification information H 1 (id) u Inserted into the attribute private key to reveal the identity of the user.
3) According to the calculation steps, the user private key is output
In the example of fig. 5, in the case where the key generation information is a set of attributes associated with the accessing user, step S200 includes, but is not limited to, steps S230 to S240.
Step S230: performing key generation processing on the system public key, the system master key and the acquired attribute set to obtain a second attribute private key;
Step S240: and inserting the identity information of the access user into the second attribute private key to obtain the user private key of the access user.
In an embodiment, based on the attribute set associated with the access user, the system public key and the system master key are combined to perform key generation processing, so that the second attribute private key can be accurately obtained, the second attribute private key is kept private and secret by the attribute authorization center, in this case, the user private key of the access user is obtained by inserting the identity information of the access user into the second attribute private key, so that the attribute authorization center can store the identity information of the access user, and in the case that key leakage possibly occurs, a malicious user can be accurately found out through the stored identity information.
In this scenario, the user private key of the access user is finally obtained based on the attribute set associated with the access user, which is an encryption method related to KT-CP-ABE.
Specific examples are given below to illustrate the working principles and flow of the above embodiments.
Example three:
key Generation (PP, MSK, id, { A) is based on KT-CP-ABE i })→(SK id ) Inputting identification information id and attribute set { A (identity id) of access user i The generated system public key PP and the generated system master key MSK are finally output to a traceable user private key SK id The calculation steps include, but are not limited to:
1) In order to achieve the purpose of tracking malicious users, a unique identification information H 1 (id) u Inserted into the attribute private key to reveal the identity of the user.
2) According to the calculation steps, the user private key is output
It should be noted that, for convenience of description, the output user private key is D id But D calculated here id Namely SK id The two are substantially identical, and only the description difference appears on the naming convention, but this does not affect the meaning expression, and in order to avoid ambiguity, similar cases appear in the following embodiments, which are also identified, so as to avoid redundancy, and are not described in detail below.
Step S300: when the condition that the plaintext to be encrypted of the access user is encrypted to obtain the ciphertext is determined, the ciphertext is decrypted according to the user private key of the access user to obtain the plaintext to be encrypted.
In an embodiment, under the condition that a system public key, a system master key and key generation information related to an access user are obtained, identity information uniquely bound to the access user is embedded in a user private key of the access user, and then data encryption processing is carried out according to the user private key of the access user, when a malicious user illegally discloses the user private key of the malicious user to cause key leakage, an attribute authority center can accurately find out which user is a malicious user deliberately causing key leakage through the stored identity information, so that authority of the malicious user is further revoked, thereby effectively correcting loopholes of an attribute encryption system and improving safety performance of the attribute encryption system.
In the example of fig. 6, "encrypting the plaintext to be encrypted for the access user to obtain ciphertext" in step S300 includes, but is not limited to, step S310.
Step S310: and encrypting the plaintext to be encrypted of the access user according to the system public key and the attribute set of the access user to obtain the ciphertext.
In an embodiment, since the system public key is shared by the attribute authorization center and the access user, when the key generation information is an access control structure associated with the access user, the access user can further input an attribute set into the system public key under the condition that the access user obtains the system public key, so that the access user encrypts a plaintext to be encrypted according to the system public key and the attribute set of the access user, and a related ciphertext is accurately and reliably obtained.
Specific examples are given below to illustrate the working principles and flow of the above embodiments.
Example four:
based on Encrypt (M, PP, { A) for KT-KP-ABE i -j) to (CT), inputting the plaintext M to be encrypted, the system public key PP, the set of attributes { a } i Finally, the encrypted ciphertext CT is output, and the calculation steps of the encryption algorithm include, but are not limited to, the following:
Selecting attribute set { A > for plaintext M to be encrypted i Selecting(this parameter is a constant/random number), the following information is calculated by the data owner:
C 0 =MY s ;
C 1,i =U i s ;
C 2,i =T i s ;
finally, the generated ciphertext is CT= { C 0 ,C 1,i ,C 2,i }。
Then, based on Decrypt (CT, SK) id ) -M, input ciphertext CT and traceable private key SK id Finally, the decrypted plaintext M is output, that is, the sharing user decrypts a ciphertext with his own private key, and the calculation steps of the decryption algorithm include, but are not limited to:
1) Definition of the recursive function Decryptnode (x, D) id CT) with access to the node x, the user private key D on the control tree structure γ id Ciphertext CT is taken as input.
2) If x is a leaf node, the calculation is as follows:
3) If x is a non-leaf node, define the child node with z as x, then call Decryptnode (z, D) id CT) and represent the result as F z The calculation is as follows:
i=index(z),S x ,={index(z):z∈S x }
4) By calling a function Decryptnode (x, D id CT) calculated:
calculating a plaintext:
the correctness of the result for calculating the plaintext is demonstrated as follows:
it will be appreciated that F is to be calculated root Must be obtained that satisfies the leaf nodes of the access control tree structure. Whether or not x is a leaf node or not,the constant holds. Thus, root node F root The value of (2) can be calculated as:
p root (0)=y;
C 0 =MY s ;
the calculation correctness of the plaintext M can thus be demonstrated.
In the example of fig. 7, "encrypting the plaintext to be encrypted for the access user to obtain ciphertext" in step S300 includes, but is not limited to, step S320.
Step S320: and according to the system public key and the access control structure of the access user, encrypting the plaintext to be encrypted of the access user to obtain the ciphertext.
In an embodiment, since the system public key is shared by the attribute authorization center and the access user, when the key generation information is an attribute set associated with the access user, the access user can further input an access control structure into the system public key when obtaining the system public key, so that the access control structure further encrypts the plaintext to be encrypted of the access user according to the system public key and the access control structure of the access user, and accurately and reliably obtains the related ciphertext, which is an encryption mode corresponding to KT-CP-ABE.
Specific examples are given below to illustrate the working principles and flow of the above embodiments.
Example five:
for KT-CP-ABE, based on Encrypt (M, PP, { A) i -j) to (CT), inputting the plaintext M to be encrypted, the system public key PP, the access control structure γ, and finally outputting the encrypted ciphertext CT, the calculation steps of the encryption algorithm include, but are not limited to:
For plaintext M to be encrypted, an access control structure gamma is selected, and a secret number is randomly selected(the parameter is constant/random number) and an LSSS pi access structure +.>Let->As a matrix of (m x n), the function ρ (.) Associating attributes to +.>Is a row of (c). Wherein the limit ρ (.) As a single mapping function, this means that a single attribute is at most +.>Is associated with a row of the row. The encryptor randomly selects a vector +.>This vector will be used to share the value of the encryption exponent s. Let->Wherein->Representing matrix->Line i of (a). Select->(this parameter is a constant/random number), the data owner calculates the following information:
C 0 =MY s ;
finally, the generated ciphertext is CT= { C 0 ,C 1,i ,C 2,i ,C 3,i }。
Then, based on Decrypt (CT, SK) id ) -M, input ciphertext CT and traceable private key SK id Finally outputting the decrypted plaintext M, namely the sharing user uses the private key to decrypt a ciphertext, and the decryptionThe calculation steps of the secret algorithm include, but are not limited to:
the correctness is demonstrated as follows:
if such a constant { omega }, is present i ∈Z p } i∈I And { lambda ] i Is an efficient sharing of any secret s according to LSSS pi, then Σ i∈I ω i λ i =s。
The calculation correctness of the plaintext M can thus be demonstrated.
Further, in order to prove the security of the above KT-KP-ABE and KT-CP-ABE schemes, the following description will be given with respect to examples, respectively.
Example six:
improved decision bilinear Diffie-Hellman related questions are employed to prove the security of the KT-KP-ABE scheme.
According to the theorem: if the Diffie-Hellman related problem cannot be successfully solved within the polynomial time, the KT-KP-ABE scheme is chosen to be secure against ciphertext attacks, wherein the polynomial time is a technical term in the art, in the calculation complexity theory, it means that the calculation time of a problem is not more than the polynomial multiple of the problem size { \displayyyyjn }, and any abstract machine has a complexity class, including the problem that can be solved by the machine in polynomial time.
And (3) to be proved: if there is an attack game that an attacker can win in polynomial time with a non-negligible advantage σ with respect to the proposed KT-KP-ABE scheme, then an attempt can be made to construct a simulator that can solve the problem with a σ/2 advantage.
The construction flow of the attack game participated by challengers and attackers is as follows:
init, attacker selects oneAttribute set a of challenges * 。
Setup, challenger simulation constructs an attack environment as follows:
1) Two multiplication loop groups G defining prime number p-order 1 And G 2 And define G as G 1 Is a generator of (1);
2) Defining bilinear maps
3) Defining a hash function H 1 :{0,1} * →G 1 ;
4) Randomly selecting μ ε {0,1}, a, b, c, Z ε Z p Order-making
An attacker defines a set of attributes { A } l And in which a challenge game is played, the identity information of the attacker is denoted by id.
The simulator randomly selects u, alpha i ,β i ∈Z p Common parameters are set as follows:
according to the calculation steps, the method comprises the following steps:
system public key
The system master key is MSK= { a, u, t i }。
The challenger transmits the system public key PP to the attacker and retains the system master key MSK.
Challenge phase 1 an attacker can ask the challenger for the following challenge:
key generation challenge: an attacker submits a key-generated query to the access control structure γ. In the scheme, an access control structure adopts an access tree. Wherein p is defined as x A polynomial for each node x in the tree structure.
Defining p for root node root in access tree structure root (0) =a; defining p for non-root nodes in an access tree structure x (0)=p parent(x) (index(x)) . The identity information of the attacker is represented by id, and the key of the attacker is constructed as follows:
challengers will D id Is disclosed to an attacker.
Decryption challenge: attacker submits the ciphertext ct= { C 0 ,C 1,i ,C 2,i Decryption query request, simulator runs decryption algorithm Decrypt (CT, PP, D) id )→(M):
/>
The plaintext M is then sent to the attacker.
Challenge stage after the attacker finishes the challenge stage 1, two plain texts M with the same size are selected 0 、M 1 Return to the pickWarrior, where M 0 And M 1 Cannot occur in a previous decryption challenge. The challenger then uses the challenge attribute set A selected in advance by the attacker * EncryptionWherein μ ε {0,1} is random. Ciphertext->The structure of (2) is as follows:
the generated ciphertext isAfter encryption is finished, the ciphertext is transmitted to an attacker.
And C is o The method is as follows:
thus, it can be derived that:
ciphertext when μ=0
A correct legal ciphertext.
Challenge phase 2 the operation of challenge phase 1 is repeated, the attacker continues to issue private key generation challenges and decryption challenges to the challenger a limited number of times.
Guessing stage: an attacker submits a guess mu * Only when mu * =μ, the attacker can win the game. Based on the above description, defining the advantages of an attacker in this attack game is that
The advantages of the simulator are discussed in the case of distinguishing the following two tuples: (A=g a ,B=g b ,C=g c ,),(A=g a ,B=g b ,C=g c ,/>)。
When μ=1, the ciphertext is random and the attacker cannot get any knowledge of μ 1 In which case:
and because of the sum of mu 1 * ≠μ 1 When the simulator outputs μ' =1, in which case:
When μ=0, the ciphertext is correctly legitimate, and according to the above assumption, the attacker has the non-negligible advantage σ to break the proposed scheme. In this case:
and because of the sum of mu 1 * =μ 1 When the simulator outputs μ' =0, in which case:
in summary, the simulator solves the above-described problems with the following advantages:
thus, the simulator can solve the problem with the sigma/2 advantage, so that the KT-KP-ABE scheme is safe for ciphertext attack.
Example seven:
improved decision bilinear Diffie-Hellman related problems are employed to prove the security of the KT-CP-ABE scheme.
According to the theorem: if the Diffie-Hellman related problem cannot be solved successfully within polynomial time, then the KT-KP-ABE scheme is chosen to be cryptographically secure against attack.
And (3) to be proved: if there is an attack game that an attacker can win in polynomial time with a non-negligible advantage sigma with respect to the proposed KT-CP-ABE scheme, then an attempt can be made to construct a simulator that can solve the problem with a sigma/2 advantage.
The construction flow of the attack game participated by challengers and attackers is as follows:
init: an attacker selects a challenging access control structure gamma * 。
Setup, challenger simulation constructs an attack environment as follows:
1) Two multiplication loop groups G defining prime number p-order 1 And G 2 And define G as G 1 Is a generator of (1);
2) Defining bilinear maps
3) Defining a hash function H 1 :{0,1} * →G 1 ;
4) Randomly selecting μ ε {0,1}, a, b, c, Z ε Z p Order-making
An attacker defines a set of attributes { A } l And in which a challenge game is played, the identity information of the attacker is denoted by id.
The simulator randomly selects u, alpha i ,β i ∈Z o Common parameters are set as follows:
according to the calculation steps, the method comprises the following steps:
system public key
The system master key is MSK= { a, u, t i }。
The challenger transmits the system public key PP to the attacker and retains the system master key MSK.
Challenge phase 1 an attacker can ask the challenger for the following challenge:
key generation challenge: attribute A for user submitted by attacker i Key generation of (c) is performed. The identity information of the attacker is represented by id, and the key of the attacker is constructed as follows:
challengers will D id Is disclosed to an attacker.
Decryption challenge: attacker submits the ciphertext ct= { C 0 ,C 1,i ,C 2,i ,C 3,i Decryption query request, simulator runs decryption algorithm Decrypt (CT, PP, D) id )→(M):
The plaintext M is then sent to the attacker.
Challenge stage after the attacker finishes the challenge stage 1, two plain texts M with the same size are selected 0 、M 1 Returning to challenger, wherein M 0 And M 1 Cannot occur in a previous decryption challenge. The challenger then accesses the control structure gamma with the challenge selected in advance by the attacker * EncryptionWherein μ ε {0,1} is random. Ciphertext->The structure of (2) is as follows:
generated ciphertextAfter encryption is finished, the ciphertext is transmitted to an attacker.
And C is o The method is as follows:
/>
thus, it can be derived that:
ciphertext when μ=0
Ciphertext at this timeIndicating that this is a correct legal ciphertext.
Challenge phase 2 the operation of challenge phase 1 is repeated, the attacker continues to issue private key generation challenges and decryption challenges to the challenger a limited number of times.
Guessing stage: an attacker submits a guess mu * Only when mu * =μ, the attacker can win the game. Based on the above description, defining the advantages of an attacker in this attack game is that
The advantages of the simulator are discussed in the case of distinguishing the following two tuples: (A=g a ,B=g b ,C=g c ,),(A=g a ,B=g b ,C=g c ,/>)。
When μ=1, the ciphertext is random and the attacker cannot get any knowledge of μ 1 In which case:
and because of the sum of mu 1 * ≠μ 1 When the simulator outputs μ=1, in which case:
when μ=0, the ciphertext is correctly legitimate, and according to the above assumption, the attacker has the non-negligible advantage σ to break the proposed scheme. In this case:
And because of the sum of mu 1 * =μ 1 When the simulator outputs μ' =0, in which case:
in summary, the simulator solves the above-described problems with the following advantages:
from this, it can be demonstrated that the simulator can solve the above-mentioned problem with sigma/2 advantage, so that the KT-CP-ABE scheme is secure against ciphertext attack.
In the example of fig. 8, when there are a plurality of access users, the data encryption method according to the embodiment of the present invention further includes, but is not limited to, step S400.
Step S400: and carrying out identity tracking on the plurality of access users according to the identity identification information of the plurality of access users, the user private key and the key generation information associated with the access users.
In an embodiment, when determining the identity information of each access user, the user private key and the key generation information associated with the access user, the discrimination calculation may be performed based on the identity information of each access user, the user private key and the key generation information associated with the access user, so as to obtain corresponding discrimination parameters, so as to accurately check the identity of the user through the discrimination parameters, and realize identity tracking of the access user.
In the example of fig. 9, step S400 includes, but is not limited to, steps S410 to S420.
Step S410: processing the identity information of a plurality of access users, the user private key and key generation information related to the access users to generate a key leakage tracking list carrying a plurality of groups of data verification information, wherein one group of data verification information comprises the identity information of one access user and the user private key;
step S420: and carrying out identity tracking on each access user according to the key leakage tracking list.
In an embodiment, since the key leakage tracking list includes multiple sets of data verification information, and each set of data verification information includes identity information of an access user and a user private key, a corresponding relationship between the identity information of each access user and the user private key can be confirmed by querying the key leakage tracking list, and when a situation that a malicious user leaks a key occurs, the attribute authority can search the identity information corresponding to the user private key, thereby achieving the purpose of searching the malicious user revealing the key.
Specific examples are given below to illustrate the working principles of the above embodiments.
Example eight:
If the number of users in the attribute encryption system is relatively less, the attribute authority center may construct a data list as a key leakage tracking list to record the identity information of the accessing user and the corresponding user private key, as shown in the following table 1 and table 2, where table 1 is the identity information of the accessing user and the corresponding user private key in the KT-KP-ABE scheme, and table 2 is the identity information of the accessing user and the corresponding user private key in the KT-CP-ABE scheme. When the private key is leaked, the attribute authorization center can track the identity of the malicious user by searching the identity information corresponding to the private key of the user.
Table 1 KT-KP-ABE Access user identity information and corresponding user private Key
Table 2 KT-CP-ABE scheme access user identification information and corresponding user private key
/>
In the example of fig. 10, step S400 includes, but is not limited to, steps S430 through S440.
Step S430: determining key leakage tracking conditions according to the identity information of a plurality of access users, the private keys of the users and key generation information associated with the access users;
step S440: and carrying out identity tracking on each access user according to the key leakage tracking condition.
In an embodiment, since the key leakage tracking list includes multiple sets of data verification information, and each set of data verification information includes identity information of an access user and a user private key, a corresponding relationship between the identity information of each access user and the user private key can be confirmed by querying the key leakage tracking list, and when a situation that a malicious user leaks a key occurs, the attribute authority can search the identity information corresponding to the user private key, thereby achieving the purpose of searching the malicious user revealing the key.
In an embodiment, since the key leakage tracking condition is relatively visual and clear, the key leakage tracking condition is determined according to the identity information of a plurality of access users, the private keys of the users and the key generation information associated with the access users, so that when the condition that a malicious user leaks a key occurs, the attribute authority can determine whether the identity information corresponding to the access users corresponds or not by calculating the key leakage tracking condition, and the purpose of finding the malicious user revealing the key is achieved.
Specific examples are given below to illustrate the working principles of the above embodiments.
Example nine:
if a suspicious user is considered a malicious user that illegally exposes the private key, then the attribute authority may determine by verifying an equation.
In the proposed KT-KP-ABE scheme, the attribute authority verifies the equation Whether or not it is.
The correctness is demonstrated as follows:
in the proposed KT-CP-ABE scheme, the attribute authority verifies the equationWhether or not to useThis is true.
The correctness is demonstrated as follows:
since the parameters involved in the computation are known to the attribute authority, the attribute authority can verify the above-described computation equations to confirm whether the suspected user is a traitor revealing the private key.
Example ten:
if the number of users is relatively large, the attribute authorization center can track according to the following flow:
in the proposed KT-KP-ABE scheme, the attribute authority calculates each attribute A i Values of (2)When a key leakage occurs, the attribute authority tries a value +.>And calculate +.>When x=i, the identity of the malicious user will be accurately detected. Since the number of attributes is much smaller than the number of users in the attribute encryption system, the attribute authority finds the corresponding value satisfying x=i +. >Not requiring much computation.
The correctness is demonstrated as follows:
in the proposed KT-CP-ABE scheme, the attribute authority calculates each attribute A i Values of (2)When a key leakage occurs, the attribute authority tries a value +.>And calculate +.>When x=i, the identity of the malicious user will be accurately detected. Since the number of attributes is much smaller than the number of users in the system, the attribute authority finds the corresponding value satisfying x=i +.>Not requiring much computation.
The correctness is demonstrated as follows:
because the parameters related in the calculation process are known by the attribute authorization center, the attribute authorization center can accurately find out the identity of the malicious user.
In addition, with respect to the advantages of the KT-KP-ABE and KT-CP-ABE compared with the related art in the embodiments of the present invention, the following is exemplified in conjunction with specific comparison results between the KT-KP-ABE, KT-CP-ABE and the related art.
It will be appreciated that bilinear pairing operations and exponent operations occupy more computing resources than other operations in an attribute-based cryptosystem. Therefore, reducing the number of bilinear pairing operations and exponential operations can greatly improve the algorithm efficiency, and therefore the KT-KP-ABE scheme, the KT-CP-ABE scheme and [1 ] in the related art provided by the embodiment of the invention ]Scheme [2 ]]Scheme and [3 ]]The scheme is used for comparing the access structure, encryption and decryption calculation consumption, the size of the private key of the user and the size of the ciphertext. Wherein, the Exp is set as one exponential operation consumption, and the Pair is set as one bilinear pairing operation cancellationConsumption, "n" is the number of attributes involved in encryption, "|p|" is the size |D of each private key id Scheme comparison results are shown in table 3 below.
Table 3 results of comparison of KT-KP-ABE, KT-CP-ABE with calculated parameters of the related art
As can be seen from the comparison result of Table 3, the calculation consumption of the scheme provided by the embodiment of the invention in the encryption algorithm is obviously lower than that of other schemes, and less bilinear pairing operation is adopted in the decryption algorithm, so that the KT-KP-ABE and KT-CP-ABE of the embodiment of the invention have higher efficiency in the aspect of encryption and decryption calculation consumption due to the reduction of bilinear pairing operation and exponential operation times.
Besides higher efficiency of encryption and decryption algorithm, KT-KP-ABE and KT-CP-ABE also have better efficiency performance in terms of private key and ciphertext size. Since the attribute authority must generate and store private keys of all users in order to track the identity of malicious users when the keys are leaked, reducing the size of the private keys can reduce the storage and calculation burden of the whole attribute encryption system, and describing and analyzing the key generation algorithm in the specific construction according to the scheme, wherein the size of each private key is |D id As a result, the total size of all the private keys of the attribute is n|p|, and according to the description analysis of the encryption algorithm in the foregoing embodiment, the sizes of ciphertext in KT-KP-ABE and KT-CP-ABE are (2n+1) |p|and (3n+1) |p|, respectively, and by comparison, the sizes of private keys of users in KT-KP-ABE and KT-CP-ABE are relatively much smaller, which will reduce the heavy burden of the attribute authority in terms of key distribution and storage. And, the ciphertext sizes in KT-KP-ABE and KT-CP-ABE are relatively smaller. From the above comparison results, from the perspective of overall efficiency, the KT-KP-ABE and KT-CP-ABE of the embodiments of the present invention have lower calculation cost and better performance, and can not only utilize the fine-grained data access control advantage of attribute encryption, but also satisfy the regional requirements of different users through their unique private keysAnd (5) dividing the requirements.
In addition, referring to fig. 11, an embodiment of the present invention further provides an attribute authority, including: memory, a processor, and a computer program stored on the memory and executable on the processor.
The processor and the memory may be connected by a bus or other means.
The non-transitory software program and instructions required to implement the data encryption method of the above embodiments are stored in the memory, and when executed by the processor, the data encryption method of the above embodiments is performed, for example, the method steps S100 to S300 in fig. 2, the method step S110 in fig. 3, the method steps S210 to S220 in fig. 4, the method steps S230 to S240 in fig. 5, the method step S310 in fig. 6, the method step S120 in fig. 7, the method step S400 in fig. 8, the method steps S410 to S420 in fig. 9, or the method steps S430 to S440 in fig. 10 described above are performed.
The above described apparatus embodiments are merely illustrative, wherein the units illustrated as separate components may or may not be physically separate, i.e. may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
Furthermore, an embodiment of the present invention provides a computer-readable storage medium storing computer-executable instructions that are executed by a processor or controller, for example, by one of the processors in the above-described device embodiments, which may cause the processor to perform the data encryption method in the above-described embodiment, for example, performing the above-described method steps S100 to S300 in fig. 2, the method step S110 in fig. 3, the method steps S210 to S220 in fig. 4, the method steps S230 to S240 in fig. 5, the method step S310 in fig. 6, the method step S120 in fig. 7, the method step S400 in fig. 8, the method steps S410 to S420 in fig. 9, or the method steps S430 to S440 in fig. 10.
Those of ordinary skill in the art will appreciate that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as known to those skilled in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. Furthermore, as is well known to those of ordinary skill in the art, communication media typically include computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and may include any information delivery media.
While the preferred embodiments of the present invention have been described in detail, the present invention is not limited to the above embodiments, and various equivalent modifications and substitutions can be made by those skilled in the art without departing from the spirit of the present invention, and these equivalent modifications and substitutions are intended to be included in the scope of the present invention as defined in the appended claims.
Claims (11)
1. A data encryption method is applied to an attribute authorization center in an attribute encryption system, and comprises the following steps:
acquiring a system public key and a system master key;
obtaining a user private key of an access user according to the system public key, the system master key, the obtained key generation information and the identity information of the access user, wherein the identity information is independently bound with the access user, and the key generation information is associated with the access user;
and when the condition that the plaintext to be encrypted of the access user is encrypted to obtain the ciphertext is determined, decrypting the ciphertext according to the user private key of the access user to obtain the plaintext to be encrypted.
2. The data encryption method according to claim 1, wherein the access users are plural; the method further comprises the steps of:
And carrying out identity tracking on the access users according to the identity identification information, the user private key and the key generation information associated with the access users.
3. The data encryption method according to claim 2, wherein the performing identity tracking on the plurality of access users based on the identification information of the plurality of access users, the user private key, and the key generation information associated with the access users, comprises:
processing the identity information, the user private key and the key generation information associated with the access user of a plurality of access users to generate a key leakage tracking list carrying a plurality of sets of data verification information, wherein one set of data verification information comprises the identity information and the user private key of one access user;
and carrying out identity tracking on each access user according to the key leakage tracking list.
4. The data encryption method according to claim 2, wherein the performing identity tracking on the plurality of access users based on the identification information of the plurality of access users, the user private key, and the key generation information associated with the access users, comprises:
Determining key leakage tracking conditions according to the identity information of a plurality of access users, the user private keys and the key generation information associated with the access users;
and carrying out identity tracking on each access user according to the key leakage tracking conditions.
5. The data encryption method of claim 1, wherein the key generation information is an access control structure associated with the access user; the obtaining the user private key of the access user according to the system public key, the system master key, the obtained key generation information and the identity information of the access user comprises the following steps:
performing key generation processing on the system public key, the system master key and the acquired access control structure to obtain a first attribute private key;
and inserting the identity information of the access user into the first attribute private key to obtain a user private key of the access user.
6. The method for encrypting data according to claim 5, wherein said encrypting the plaintext to be encrypted for the access user to obtain ciphertext comprises:
and according to the system public key and the attribute set of the access user, encrypting the plaintext to be encrypted of the access user to obtain the ciphertext.
7. The data encryption method of claim 1, wherein the key generation information is a set of attributes associated with the access user; the obtaining the user private key of the access user according to the system public key, the system master key, the obtained key generation information and the identity information of the access user comprises the following steps:
performing key generation processing on the system public key, the system master key and the acquired attribute set to obtain a second attribute private key;
and inserting the identity information of the access user into the second attribute private key to obtain a user private key of the access user.
8. The method for encrypting data according to claim 7, wherein said encrypting the plaintext to be encrypted for the access user to obtain ciphertext comprises:
and according to the system public key and the access control structure of the access user, encrypting the plaintext to be encrypted of the access user to obtain the ciphertext.
9. The data encryption method according to claim 1, wherein the obtaining the system public key and the system master key includes:
and initializing the input security parameters to obtain a system public key and a system master key.
10. An attribute authority comprising: memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the data encryption method according to any one of claims 1 to 9 when executing the computer program.
11. A computer-readable storage medium storing computer-executable instructions for performing the data encryption method of any one of claims 1 to 9.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210049415.2A CN116484392A (en) | 2022-01-17 | 2022-01-17 | Data encryption method, attribute authorization center and storage medium |
| PCT/CN2023/071009 WO2023134576A1 (en) | 2022-01-17 | 2023-01-06 | Data encryption method, attribute authorization center, and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210049415.2A CN116484392A (en) | 2022-01-17 | 2022-01-17 | Data encryption method, attribute authorization center and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116484392A true CN116484392A (en) | 2023-07-25 |
Family
ID=87218336
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210049415.2A Pending CN116484392A (en) | 2022-01-17 | 2022-01-17 | Data encryption method, attribute authorization center and storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN116484392A (en) |
| WO (1) | WO2023134576A1 (en) |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11310041B2 (en) * | 2019-04-05 | 2022-04-19 | Arizona Board Of Regents On Behalf Of Arizona State University | Method and apparatus for achieving fine-grained access control with discretionary user revocation over cloud data |
| CN111310214A (en) * | 2020-02-24 | 2020-06-19 | 福建师范大学 | Attribute-based encryption method and system capable of preventing key abuse |
| CN111447209B (en) * | 2020-03-24 | 2021-04-06 | 西南交通大学 | Black box traceable ciphertext policy attribute-based encryption method |
| CN113098849A (en) * | 2021-03-23 | 2021-07-09 | 鹏城实验室 | Access control method based on attribute and identity encryption, terminal and storage medium |
-
2022
- 2022-01-17 CN CN202210049415.2A patent/CN116484392A/en active Pending
-
2023
- 2023-01-06 WO PCT/CN2023/071009 patent/WO2023134576A1/en unknown
Also Published As
| Publication number | Publication date |
|---|---|
| WO2023134576A1 (en) | 2023-07-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112019591B (en) | Cloud data sharing method based on block chain | |
| CN107864139B (en) | Cryptographic attribute base access control method and system based on dynamic rules | |
| CN111130757B (en) | Multi-cloud CP-ABE access control method based on block chain | |
| Yang et al. | Privacy-preserving attribute-keyword based data publish-subscribe service on cloud platforms | |
| JP5562687B2 (en) | Securing communications sent by a first user to a second user | |
| Zhang et al. | Anonymous attribute-based encryption supporting efficient decryption test | |
| Liu et al. | Certificateless signcryption scheme in the standard model | |
| US10250591B2 (en) | Password-based authentication | |
| Ying et al. | Adaptively secure ciphertext-policy attribute-based encryption with dynamic policy updating | |
| CN110933033B (en) | Cross-domain access control method for multiple Internet of things domains in smart city environment | |
| CN111614680B (en) | CP-ABE-based traceable cloud storage access control method and system | |
| CN104967693B (en) | Towards the Documents Similarity computational methods based on full homomorphism cryptographic technique of cloud storage | |
| CN114219483B (en) | Method, equipment and storage medium for sharing block chain data based on LWE-CPBE | |
| Ali et al. | Attribute-based fine-grained access control for outscored private set intersection computation | |
| Jiang et al. | Efficient identity-based broadcast encryption with keyword search against insider attacks for database systems | |
| Park et al. | Fully secure hidden vector encryption under standard assumptions | |
| Zhang et al. | A traceable and revocable multi-authority access control scheme with privacy preserving for mHealth | |
| Du et al. | A Lightweight Authenticated Searchable Encryption without Bilinear Pairing for Cloud Computing | |
| CN114629640B (en) | White box disciplinable attribute-based encryption system and method for solving key escrow problem | |
| CN116318663A (en) | Multi-strategy safe ciphertext data sharing method based on privacy protection | |
| Yang et al. | Efficient certificateless encryption withstanding attacks from malicious KGC without using random oracles | |
| WO2023134576A1 (en) | Data encryption method, attribute authorization center, and storage medium | |
| CN114430321A (en) | DFA self-adaptive security-based black box traceable key attribute encryption method and device | |
| Ren et al. | SM9-based traceable and accountable access control for secure multi-user cloud storage | |
| CN109218016B (en) | Data transmission method and device, server, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |