CN117201132A - Multi-committee attribute base encryption method capable of achieving complete decentralization and application of multi-committee attribute base encryption method - Google Patents

Abstract

The invention discloses a multi-committee attribute-based encryption method capable of completely decentralizing, which belongs to the field of information security, and is characterized in that an attribute mechanism is modified into a committee consisting of a plurality of nodes, and committee initialization, attribute key release and verification, encryption and decryption algorithms are designed; the committee employs the DKG protocol to generate public and private keys between nodes while ensuring that the committee can tolerate 1/2 of the bye nodes. An attribute key verification algorithm is designed to enable a user to filter out invalid keys issued by the Bayesian node. The invention uses X-ABE to realize the decentralized access control protocol DACCS in the cloud storage scene, and uses X-ABE to realize the data encryption transmission in the stage of releasing user attribute key and encrypting session key; by combining with a block chain architecture of the fragments, intra-fragment consensus is used to ensure consistency among committee nodes in the process of issuing the secret keys; information such as user attribute information, ciphertext hash values and the like is recorded on the blockchain.

Description

Multi-committee attribute base encryption method capable of achieving complete decentralization and application of multi-committee attribute base encryption method

Technical Field

The invention belongs to the technical field of information security, and particularly relates to a multi-committee attribute-based encryption method capable of completely decentralizing and application thereof.

Background

Attribute-Based Encryption (ABE) is an important research field of public key cryptography, and belongs to the category of function Encryption. In conventional public key encryption, data owners encrypt data n times for n users using their public keys, while ABE allows the data owners to encrypt data with fine granularity according to the attributes of a target user group, and only 1 encryption is needed for n users, so that ABE is suitable for large-scale organization application scenarios with numerous users and different access rights, such as cloud computing.

Conventional ABE schemes employ a single attribute authority to issue attribute keys to users, but in real world applications, the construction of global authorities is impractical, so Multi-authority attribute-Based Encryption schemes have been proposed (Multi-Authority Attribute-Based Encryption, mA-ABE). In MA-ABE, a plurality of different attribute authorities independently manage different sets of attributes.

Some problems remain with the MA-ABE solution. In the existing MA-ABE scheme, each attribute mechanism is a centralized entity in nature, and has certain defects in terms of safety, particularly limitation, and complete decentralization cannot be achieved. When the attack of the down adversary is faced, the attribute mechanism is down, the capability of issuing the attribute key is lost, and the normal proceeding of the decryption process of the user is further affected. In addition, under the circumstance of facing the Bayesian adversary, the attribute mechanism can be controlled by the adversary, at the moment, the private key of the attribute mechanism is mastered by the adversary, the process of issuing the attribute key is controlled by the adversary, and once the attribute key which can be controlled by the adversary meets the access strategy meeting a specific ciphertext, the adversary can successfully decrypt the ciphertext, and the security of the ciphertext is affected. In military, and medical, security-critical scenarios, the decentralized incompleteness and low bayer fault tolerance threshold in the traditional MA-ABE scheme are unacceptable. For example, a bystander may manipulate an attribute authority server in the army to control key distribution and gain decryption rights to ciphertext prior to combat, resulting in unauthorized exposure of secret military command control information. In financial scenarios, adversaries may obtain personal privacy and account information, even disrupting normal financial transactions, resulting in paralysis of economic activity.

Disclosure of Invention

In view of the above, the present invention aims to solve the problem of incomplete decentralization of MA-ABE, improve the fault tolerance of an attribute-based encryption algorithm under the condition of coping with down adversaries and bezels adversaries, and provide a multi-committee attribute-based encryption X-ABE with complete decentralization, wherein an attribute committee composed of a plurality of nodes is used to replace a single attribute mechanism. Within the committee, a distributed key generation (Distributed Key Generation, DKG) protocol is applied to correlate the private keys of each committee node, further correlating the public keys of the committee nodes and their issued attribute keys. A user who obtains legal attribute keys exceeding a threshold t (the threshold is determined by DKG) can correctly decrypt the ciphertext. The X-ABE provides a powerful Bayesian fault tolerance capability lacking in MA-ABE by combining a committee mechanism, DKG and an attribute key verification algorithm additionally designed in the method, and improves the fault tolerance threshold of ciphertext security in MA-ABE by about n times (n is the average node number in the committee). Further application of X-ABE to access control can solve the centralization problem existing in ABE-based access control architecture.

In order to achieve the above purpose, the present invention provides the following technical solutions:

in one aspect, the invention provides a multi-committee attribute-based encryption method for complete decentralization, comprising the steps of:

s1: global initialization GlobalSetup, input security parameter 1 ^κ Outputting a global parameter GP;

s2: committeeset is initialized by Committeeset, assuming an Attribute CommitteeEach committee includes node P _i,j Each node P _i,j Running improved DKG protocol, inputting global parameter GP, committee number i, outputting private key set { sk } _i,j Public key set { pk } _i,j }；

S3: encryption of encryptions: input message M, access matrix (A, ρ), public key set { pk of committee corresponding to attributes in access matrix _i,j Outputting ciphertext CT;

s4: key generation KeyGen: input user attribute k, user identification GID, private key sk _i,j . Node P _i,j Attribute key K for outputting attribute K _k,i,j ；

S5: key verification KeyVer: for verifying node P _i,j Generated attribute key K _k,i,j The method comprises the steps of carrying out a first treatment on the surface of the Inputting attribute key K _k,i,j Node P _i,j Public key pk of (a) _1,k,i,j ,pk _2,k,i,j Outputting a Boolean value;

s6: decryption Decrypt: input ciphertext CT, attribute key set { K _k,i,j Node set b= { B _i },B _i ＝{B _i,j -outputting message M; if the decryptor slave node P _i,j After all keys are verified by KeyVer, node P _i,j Known as legitimate nodes; will B _i,j As a means ofMiddle legal node P _i,j Serial number of B _i Is->Set of sequence numbers of legal nodes in the hierarchy if |B _i I > t, then B _i Is a legal set.

Further, the improved DKG protocol comprises the steps of:

a1: secret sharing is carried out among committee nodes, and a private key is shared;

a2: the committee performs share distribution and share verification, and each node obtains a public key after executing the share distribution and the share verification.

Further, the step A1 specifically includes the following steps:

a11: share distribution: the node selects a polynomial to generate secret shares, discloses promise values of polynomial coefficients and mutually sends the secret shares;

a12: and (3) share verification: after receiving the secret share, the node verifies the share, and the verification does not pass the sending complaints;

a13: responding to complaints: the node which receives the complaint broadcasts the correct share;

a14: marking malicious nodes: more than t complaints received will be marked as malicious nodes;

a15: generating a legal node set: nodes that are not marked as malicious form a collection;

a16: generating a private key share: each node combines the received secret shares into a private key share.

Further, the step A2 specifically includes the following steps:

a21: share distribution: the node broadcasts the secret share.

A22: and (3) share verification: after receiving the secret share, the node verifies the share, and the verification does not pass the sending complaints.

A23: generating a public key: if the verification is passed, each node respectively generates a public key; otherwise, the secret share in the step A1 is used for key reconstruction.

Further, the step S3 specifically includes the following steps:

matrix a is an nxl matrix, using a to encrypt message M, ρ is a mapping function that maps row x of the matrix to an attribute, τ is a mapping function that maps the attribute to a committee's sequence number, let k=ρ (x), i=τ (ρ (x)), performing the following operations:

s31: random selectionColumn vector with s as the first term +.>Column vector with 0 as the first part +.>Calculation C ₀ ＝Me(g ₁ ,g ₁ ) ^s ；

S32: for row A in A _x Randomly selectCalculate->Calculation of ciphertext

S33: using a corresponding committeeNode P in (a) _i,j Public key of (2), calculate

Further, the step S6 specifically includes the following steps:

encrypting data using an access matrix (A, ρ), the decrypting party has an attribute key { K _k,i,j -performing the following calculation:

s61: for each row A _x Let k=ρ (x), i=τ (ρ (x));

s62: committee node P _i,j If index (P _i,j )∈B _i And (3) calculating:

s63: user calculation:

s64: selection ofSo that it satisfies the sum _x c _x A _x = (1, 0,) 0), then Calculation of

S65: outputting plaintext

On the other hand, the invention provides an application of the multi-committee attribute-based encryption method in the cloud storage scene, which comprises the following steps:

b1: initializing, namely generating global parameters by global initialization of an attribute committee, initializing a fragment block chain and a maintained attribute set by each committee, and executing the initialization of the committee to generate a public key and a private key of a node;

b2: user registration, the user sends a registration request to the committee, and the committee agrees with the registration information to generate an on-chip transaction uplink;

b3: in the key generation stage, a user sends a key request to a committee, each node of the committee issues an attribute key for the user, and the user verifies the key generated by each node;

b4: and in the data uploading and accessing stage, the data owner encrypts the message by using the access matrix and the public key of the committee, uploads the message to the server, and the user decrypts the message by using the attribute key corresponding to the access matrix.

Further, the step B1 specifically includes the following steps:

step 1: global initialization: initializing a fragment block chain to generate global public parameters of an attribute-based encryption algorithm;

step 2: committee initialization: each committee initializes a set of attributes, runs a DKG to generate a public key and a private key for each node.

Further, the step B2 specifically includes the following steps:

b21: sending a registration request: a user U sends a request, wherein the user U constructs a request and sends the request to a committee, and the request comprises an attribute set of a user and a user identity;

b22: and (3) uplink: after the committee receives the request, the leader node packages the intra-chip transaction and chains it up.

Further, the step B3 specifically includes the following steps:

b31: sending a key request: a user sends a key request, and a user U constructs a key request and broadcasts the key request to a corresponding committee;

b32: and (3) uplink: after receiving the request, the committee packages the intra-chip transaction, and each node in the committee verifies the user attribute in the request and then votes and links the user attribute;

b33: committee generated keys: after receiving the transaction containing the key request, the committee node receives the key request according to the user attribute and the user GID _U Generating a secret key;

b34: user authentication key: after receiving the key, the user uses the public key corresponding to the committee to verify.

Further, the step B4 specifically includes the following steps:

b41: encryption: the data owner uses the symmetric encryption original file to encrypt the symmetric key with the attribute base, and the ciphertext comprises the symmetric encrypted ciphertext and the attribute base encrypted ciphertext;

and B42: uploading ciphertext: uploading the ciphertext to a cloud server by a data owner, calculating a hash value of the ciphertext, and broadcasting the hash value to a committee of the corresponding attribute;

b43: verifying ciphertext integrity: after receiving the uploaded ciphertext, the cloud server verifies the integrity of the ciphertext, and if the verification is passed, the cloud server stores the hash value and the ciphertext of the ciphertext;

and B44: and (3) uplink: the committee receives the integrity evidence sent by the data owner, runs the on-chip consensus, and packages the integrity evidence into on-chip transactions;

b45: sending an access request: the user acquires corresponding integrity evidence from the block chain and sends an access request;

b46: and (3) sending ciphertext: the cloud server sends ciphertext;

and B47: decryption: and decrypting by the user, firstly verifying the integrity of the ciphertext according to the integrity evidence on the chain, then decrypting the ciphertext by using the attribute key to obtain a symmetric key, and decrypting to obtain the original data.

The invention has the beneficial effects that: 1) The method is a multi-committee attribute-based encryption algorithm with complete decentralization, solves the weak decentralization problem in MA-ABE, improves the fault tolerance capability, and has the potential of being widely used in a decentralization environment. 2) The method reserves the function of MA-ABE, and ensures that the committee can tolerate 1/2 Bayesian nodes through the committee architecture, DKG and key verification algorithm. 3) The application of the method ensures consistency and activity among committees in the processes of user registration and key issuing by using a consensus algorithm through the method and the blockchain. The method and the device can solve the problems of single point failure, trust concentration and the like of the traditional access control architecture. 4) The application of the method uses the blockchain storage to ensure the access record and the non-falsification of the integrity evidence.

Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objects and other advantages of the invention may be realized and obtained by means of the instrumentalities and combinations particularly pointed out in the specification.

Drawings

In order to make the objects, technical solutions and advantageous effects of the present invention more clear, the present invention provides the following drawings for description:

FIG. 1 is a general flow chart of the X-ABE algorithm and the DACCS protocol;

FIG. 2 is a flow chart of the DACCS protocol;

FIG. 3 is a flowchart of the X-ABE algorithm;

fig. 4 is a diagram of the overall architecture of the DACCS.

Detailed Description

The following describes the multi-committee attribute-based encryption and its application method with complete decentralization in detail with reference to the accompanying drawings, wherein fig. 1 is a general flow chart of the X-ABE algorithm and the DACCS protocol, fig. 2 is a flow chart of the DACCS protocol, fig. 3 is a flow chart of the X-ABE algorithm, and fig. 4 is a general architecture diagram of the DACCS. The DKG protocol used in the method, the X-ABE algorithm designed by the invention and the DACCS protocol are elaborated.

The symbol definitions for the X-ABE algorithm and access control scheme are shown in table 1 below.

TABLE 1

The invention comprises four entities: 1) Distributed attribute committee (Attribute Committee): and the method is mainly responsible for issuing attribute keys corresponding to the user attributes and maintaining the fragment block chain. Each attribute committee is comprised of a plurality of nodes, including honest nodes and bayer and camping nodes. The committee operates under a synchronous network model, uses the DKG algorithm of the synchronous network, and uses the synchronous BFT algorithm as an on-chip consensus. 2) Cloud storage server (Cloud Storage Server): in the scheme, the cloud storage server is simplified to be described as an honest but curious cloud storage server. In fact, it may consist of a plurality of cloud servers, each having storage and computing functions, and no interactions between them, assuming a Bayesian familyAn adversary may control multiple cloud servers. All servers accept the same input, all honest servers perform the same operation, producing the same and correct output, while the byesty servers may perform malicious operations and produce false outputs. The number of Bayesian servers is denoted as f, and the total number of cloud servers is denoted as N _s . When N _s =f, the system is inactive, but the security of the ciphertext is not compromised. When f is less than or equal to N _s -1, the activity and safety of the system can be guaranteed. Thus the cloud server's bayer fault tolerance capacity f=n _s -1, which means that when at least one of the cloud servers is not destroyed by an adversary, the cloud server cluster with the byesting node corresponds to an honest but curious cloud server. 3) Data Owner (Data Owner): is the producer of the data and has ownership of the data, and grants rights to users with specific attributes using the X-ABE algorithm. 4) User (User): identified by a globally unique identifier (globally identifier, GID). The attribute key is obtained from the attribute committee and the data is requested from the cloud server. Neither the nodes in each committee nor the cloud server are trusted.

The enemy model of the invention is as follows:is a probability polynomial time bezels adversary. Let->Any honest node in each committee may be statically corrupted or crashed, but the attribute keys may be adaptively queried. When a node is corrupted, +.>All inputs can be read and the message to be sent set. When the number of corrupt nodes in the committee exceeds 1/2, the committee may be corrupt and a public key may be selected for the corrupt committee. Encryption authentication channels are used between honest nodes, and adversary is +.>Messages exchanged between honest nodes cannot be tampered with.

Dkg protocol:

in the invention, DKG protocol is modified, the group used for secret sharing in the second stage in the original scheme is modified into a subgroup of the combined order group, and the detailed construction is as follows:

stage 1: in the committee, n nodes P ₁ ,...,P _n And secret sharing and secret key sharing are carried out.

Step 1: p (P) _i Select Z _q Two t-th order random polynomials f _i (z)＝a _i0 +a _i1 z+…+a _it z ^t ,f' _i (z)＝b _i0 +b _i1 z+…+b _it z ^t 。

Let z _i ＝a _i0 ＝f _i (0)，P _i BroadcastingEach P _i Calculating polynomial shares s _ij ＝f _i (j),s′ _ij ＝f' _i (z) mod q, send shares to corresponding P _j 。

Step 2: each node P _j Validating received shares

If the share verification of sequence number i is wrong, P _j Broadcast pair P _i Is a complaint of (2).

Step 3: received P _j After complaint of node P _i Broadcasting a fraction s satisfying equation (1) _ij And s' _ij 。

Step 4: if a node receives more than t complaints or the share broadcast in step 3 does not satisfy equation (1), the other nodes mark the node as malicious.

Step 5: each node establishes a legal node set

Step 6: the shared key value is x= Σ _i∈B z _i mod q, but not calculated by any single node, each node P _j Calculating private key share x _j ＝∑ _i∈B s _ij mod q, calculate x' _j ＝∑ _i∈B s′ _ij mod q。

Stage 2: each node P _i E B performs the steps, where G is the N-th order elliptic curve group,p is G ₁ Order group, g ₁ Is->Is a generator of (1):

step 7: p (P) _i E B broadcast

Step 8: each node P _j Validating shares broadcast by other nodes in set B

If the share verification of sequence number i is wrong, P _j Broadcast pair P _i Is a complaint of (2).

Step 9: if node P _i Upon receipt of at least one valid complaint, other nodes may calculate z using the shares received in stage 1 _i ,f _i (z),A _ik . Node P _i E B calculationPublic key y= pi _i∈B y _i mod p ₁ 。

X-ABE algorithm:

comprises the steps of 1 to 7, and the specific steps are as follows:

step 1: global initialization of Global setup (1) ^k ) GP, input of safety parameter 1 ^k Outputting global parameter GP

p ₁ ,p ₂ ,p ₃ Is a prime number with length kappa, and a complex order bilinear group G is constructed, the order of which is N=p ₁ p ₂ p ₃ Subgroup of GIs the generator g of (1) ₁ 。H:{0,1} ^* Mapping GID to an element in G, let gp= (G) ₁ ,N)。

Step 2: committeesetup (GP, i) → ({ sk) _i,j ,pk _i,j }):

Committee (committee)Comprising n _i Individual nodes, maintain attribute sets S _i Global parameters GP, committee number i, each node P are input _i,j DKG algorithm is operated to generate public key +.>Private key->Output private key set { sk _i,j Public key set { pk } _i,j }. As committee->Node P in (a) _i,j The following calculations were performed:

for attribute k εS _i Randomly selectCalculation of Make sk _1,k,i,j ＝α _k,i,j ,sk _2,k,i,j ＝y _k,i,j ,s _k3,i,j ＝a _i,j 。

Step 3: encryption Encrypt (M, (A, ρ), { pk) _i,j })→CT:

Matrix a is an nxl matrix, using a to encrypt message M, ρ is a mapping function that maps row x of the matrix to an attribute, τ is a mapping function that maps the attribute to a committee's sequence number, let k=ρ (x), i=τ (ρ (x)), performing the following operations:

(1) Random selectionColumn vector with s as the first term +.>Column vector with 0 as the first part +.>Calculation C ₀ ＝Me(g ₁ ,g ₁ ) ^s 。

(2) For row A in A _x Randomly selectCalculate->Calculation of ciphertext

(3) Using a corresponding committeeNode P in (a) _i,j Public key of (2), calculate

Step 4: key generation KeyGen (k, GID, sk) _i,j )→{K _k,i,j }:

Committee (committee)Node P in (a) _i,j Let i=τ (k), calculate +.>

Step 5: key verification KeyVer (K) _k,i,j ,pk _1,k,i,j ,pk _2,k,i,j )→1/0:

Calculate e (g) ₁ ,K _k,i,j )＝pk _1,k,i,j ·e(H(GID),pk _2,k,i,j ) If the equation is true, output 1, verify pass; otherwise, output 0, verify failed.

Step 6: decrypt (CT, { K) _k,i,j },B)→M:

Encrypting data using an access matrix (A, ρ), the decrypting party has an attribute key { K _k,i,j -performing the following calculation:

(1) For each row A _x Let k=ρ (x), i=τ (ρ (x)).

(2) Committee node P _i,j If index (P _i,j )∈B _i And (3) calculating:

(3) User calculation:

(4) Selection ofSo that it satisfies the sum _x c _x A _x = (1, 0,) 0), then Calculation of

(5) Outputting plaintext

Daccs protocol:

stage 1: initialization of

Step 1: global initialization

(1) Initializing a sliced blockchainEach committee maintains a slice.

(2) Calling GlobalSetup (1) ^κ ) And GP, generating global parameters.

Step 2: committee initialization

(1) Initializing a set of attributes S _i ＝{S _i,1 ,...,S _i,Z }。

(2) Run DKG, call CommitteESetup (GP, i) → ({ pk) _i,j -generating a public private key for each intra-committee node.

Stage 2: user registration

Step 3: sending registration request

User U constructs a requestb _i ＝b _i,1 ,...,b _i,z Is a binary string corresponding toCommittee (I/O)>Attribute set S of (2) _i ，GID _U Is a global identifier, will request +.>Broadcast to the corresponding committee.

Step 4: winding chain

The leader node receives the request of the userAfter that, call->Running intra-slice consensus, will->Packaging into on-chip transactions>

Stage 3: key issuance

Step 5: sending a key request

User U constructs a requestk represents an attribute, will request +.>Broadcast to committees of the corresponding attributes.

Step 6: winding chain

Committee receives the request from user UAfter that, the leader node calls +.>Each sectionThe points all receive the request of the user U>And (2) after that:

(1) Find the corresponding (GID from the current slice _U ,b _i )。

(2) Constructing a set of attributes S _U ＝{S _i,j |S _i,j ∈S _i ,b _i,j ＝1}。

(3) If k is S _U In the followingVoting on the transaction presented by the leader.

After consensus is reachedPackaging into on-chip transactions>

Step 7: generating a key

As committee onNode P in (a) _i,j Receive the intra-chip transaction->And (2) after that:

(1) Call KeyGen (k, GID, sk) _i,j )→{K _k,i,j }。

(2) Will K _k,i,j And sent to the user U.

Step 8: user authentication key

Received P _i,j Generated K _k,i,j After that, keyVer (K) _k,i,j ,pk _1,k,i,j ,pk _2,k,i,j ) To bool, if bool=1, index (P _i,j ) Added to the legitimate node set B.

Stage 4: data upload access

Step 9: data owner encryption

(1) Call Encrypt (K) _s ,(A,ρ),{pk _i,j -CT, where K _s Is a symmetric key.

(2) Invoking symmetric encryption algorithm uses K _s Encrypting the message M to obtain

Step 10: uploading ciphertext by data owner

(1) UploadingTo the cloud server CSS.

(2) Calculate h=hash (C), broadcast to committee (ID _DO ,h)

Step 11: winding chain

The leader node receives the DO sent (ID _DO After h), callRunning intra-chip consensus, will (ID _DO H) packaging into on-chip transactions>Committee pair (ID) _DO H) post-consensus transaction chaining.

Step 12: server verification of ciphertext integrity

After receiving the data C sent by DO, the cloud server CSS searches (ID _DO H), carrying out integrity verification, and outputting the T if Hash (C) is not equal to h; if Hash (C) =h, store (h, C).

Step 13: sending an access request

User U constructs access requestsh is the hash value of the ciphertext, will +.>And sending to the cloud server CSS.

Step 14: server sends ciphertext

The cloud server CSS receives the access requestAnd then, sending the C to the user U.

Step 15: user decryption

The user U receives ciphertext C sent by the cloud server CSS:

(1) Verifying the integrity of the ciphertext, and outputting the T if Hash (C) is not equal to h; if Hash (C) =h, the decryption is continued.

(2) Call Decrypt (CT, { K) _k,i,j },B)→K _s Decrypting with the attribute key satisfying the access matrix to obtain the symmetric key K _s 。

(3) Invoking a symmetric decryption algorithm, using K _s DecryptionA message M is obtained.

Finally, it is noted that the above-mentioned preferred embodiments are only intended to illustrate rather than limit the invention, and that, although the invention has been described in detail by means of the above-mentioned preferred embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the scope of the invention as defined by the appended claims.

Claims (10)

1. A method for fully de-centralized multi-committee attribute-based encryption, characterized by: the method comprises the following steps:

s1: global initialization GlobalSetup, input security parameter 1 ^κ Outputting a global parameter GP;

s2: committeeset is initialized by Committeeset, assuming an Attribute CommitteeEach committee includes node P _i,j Each node P _i,j Operating an improved DKG protocol, inputting global parameters GPCommittee number i, output private key set { sk } _i，j Public key set { pk } _i，j }；

S3: encryption of encryptions: input message M, access matrix (A, ρ), public key set { pk of committee corresponding to attributes in access matrix _i，j Outputting ciphertext CT;

s4: key generation KeyGen: input user attribute k, user identification GID, private key sk _i，j The method comprises the steps of carrying out a first treatment on the surface of the Node P _i，j Attribute key K for outputting attribute K _k,i,j ；

S5: key verification KeyVer: for verifying node P _i，j Generated attribute key K _k,i,j The method comprises the steps of carrying out a first treatment on the surface of the Inputting attribute key K _k,i,j Node P _i，j Public key pk of (a) _1,k,i，j ,Pk _2,k,i，j Outputting a Boolean value;

s6: decryption Decrypt: input ciphertext CT, attribute key set { K _k,i,j Node set b= { B _i }，B _i ＝{B _i，j -outputting message M; if the decryptor slave node P _i，j After all keys are verified by KeyVer, node P _i，j Will be called legal node B _i，j As a means ofMiddle legal node P _i，j Serial number of B _i Is->Set of sequence numbers of legal nodes in the hierarchy if |B _i I > t, then B _i Is a legal set.

2. The full decentralization multi-committee attribute-based encryption method of claim 1, wherein: the improved DKG protocol comprises the steps of:

a1: secret sharing is carried out among committee nodes, and a private key is shared;

a2: the committee performs share distribution and share verification, and each node obtains a public key after executing the share distribution and the share verification.

3. The full decentralization multi-committee attribute-based encryption method of claim 2, wherein: the step A1 specifically comprises the following steps:

a11: share distribution: the node selects a polynomial to generate secret shares, discloses promise values of polynomial coefficients and mutually sends the secret shares;

a12: and (3) share verification: after receiving the secret share, the node verifies the share, and the verification does not pass the sending complaints;

a13: responding to complaints: the node which receives the complaint broadcasts the correct share;

a14: marking malicious nodes: more than t complaints received will be marked as malicious nodes;

a15: generating a legal node set: nodes that are not marked as malicious form a collection;

a16: generating a private key share: each node combines the received secret shares into a private key share.

4. The full decentralization multi-committee attribute-based encryption method of claim 2, wherein: the step A2 specifically comprises the following steps:

a21: share distribution: the node broadcasts the secret share;

a22: and (3) share verification: after receiving the secret share, the node verifies the share, and the verification does not pass the sending complaints;

a23: generating a public key: if the verification is passed, each node respectively generates a public key; otherwise, the secret share in the step A1 is used for key reconstruction.

5. The full decentralization multi-committee attribute-based encryption method of claim 1, wherein: the step S3 specifically comprises the following steps:

matrix a is an n×1 matrix, using a encryption message M, ρ is a mapping function that maps row x of the matrix to an attribute, τ is a mapping function that maps an attribute to a committee's sequence number, let k=ρ (x), i=τ (ρ (x)), performing the following operations:

s31: random selectionColumn vector with s as the first term +.>Column vector with 0 as the first part +.>Calculation C ₀ ＝Me(g ₁ ,g ₁ ) ^s ；

S32: for row A in A _x Randomly selectCalculate->Calculating ciphertext->

S33: using a corresponding committeeNode P in (a) _i，j Public key of (2), calculate

6. The full decentralization multi-committee attribute-based encryption method of claim 1, wherein: the step S6 specifically comprises the following steps:

encrypting data using an access matrix (A, ρ), the decrypting party has an attribute key { K _k,i,j -performing the following calculation:

s61: for each row A _x Let k=ρ (x), i=τ (ρ (x));

s62: committee node P _i,j If index (P _i，j )∈B _i And (3) calculating:

s63: user calculation:

s64: selection ofSo that it satisfies the sum _x x _x A _x = (1, 0,) 0), then Calculation of

S65: outputting plaintext

7. An application of a full-decentralization multi-committee attribute-based encryption method in a cloud storage scene is characterized in that: the method comprises the following steps:

b1: initializing, namely generating global parameters by global initialization of an attribute committee, initializing a fragment block chain and a maintained attribute set by each committee, and executing the initialization of the committee to generate a public key and a private key of a node;

b2: user registration, the user sends a registration request to the committee, and the committee agrees with the registration information to generate an on-chip transaction uplink;

b3: in the key generation stage, a user sends a key request to a committee, each node of the committee issues an attribute key for the user, and the user verifies the key generated by each node;

b4: and in the data uploading and accessing stage, the data owner encrypts the message by using the access matrix and the public key of the committee, uploads the message to the server, and the user decrypts the message by using the attribute key corresponding to the access matrix.

8. The application of the full decentralization multi-committee attribute-based encryption method in a cloud storage scenario of claim 7, wherein: the step B2 specifically comprises the following steps:

b21: sending a registration request: a user U sends a request, wherein the user U constructs a request and sends the request to a committee, and the request comprises an attribute set of a user and a user identity;

b22: and (3) uplink: after the committee receives the request, the leader node packages the intra-chip transaction and chains it up.

9. The application of the full decentralization multi-committee attribute-based encryption method in a cloud storage scenario of claim 7, wherein: the step B3 specifically comprises the following steps:

b31: sending a key request: a user sends a key request, and a user U constructs a key request and broadcasts the key request to a corresponding committee;

b32: and (3) uplink: after receiving the request, the committee packages the intra-chip transaction, and each node in the committee verifies the user attribute in the request and then votes and links the user attribute;

b33: committee generated keys: after receiving the transaction containing the key request, the committee node receives the key request according to the user attribute and the user GID _U Generating a secret key;

b34: user authentication key: after receiving the key, the user uses the public key corresponding to the committee to verify.

10. The application of the full decentralization multi-committee attribute-based encryption method in a cloud storage scenario of claim 7, wherein: the step B4 specifically comprises the following steps:

b41: encryption: the data owner uses the symmetric encryption original file to encrypt the symmetric key with the attribute base, and the ciphertext comprises the symmetric encrypted ciphertext and the attribute base encrypted ciphertext;

and B42: uploading ciphertext: uploading the ciphertext to a cloud server by a data owner, calculating a hash value of the ciphertext, and broadcasting the hash value to a committee of the corresponding attribute;

b43: verifying ciphertext integrity: after receiving the uploaded ciphertext, the cloud server verifies the integrity of the ciphertext, and if the verification is passed, the cloud server stores the hash value and the ciphertext of the ciphertext;

and B44: and (3) uplink: the committee receives the integrity evidence sent by the data owner, runs the on-chip consensus, and packages the integrity evidence into on-chip transactions;

b45: sending an access request: the user acquires corresponding integrity evidence from the block chain and sends an access request;

b46: and (3) sending ciphertext: the cloud server sends ciphertext;

and B47: decryption: and decrypting by the user, firstly verifying the integrity of the ciphertext according to the integrity evidence on the chain, then decrypting the ciphertext by using the attribute key to obtain a symmetric key, and decrypting to obtain the original data.