CN117692201A

CN117692201A - Attribute-based password system and method capable of verifying and chasing access control

Info

Publication number: CN117692201A
Application number: CN202311695694.0A
Authority: CN
Inventors: 孙岗; 严莉; 常英贤; 王高洲; 呼海林; 潘法定; 张闻彬; 汤琳琳; 冯洪新; 刘培顺; 林航锌
Original assignee: Ocean University of China; Information and Telecommunication Branch of State Grid Shandong Electric Power Co Ltd
Current assignee: Ocean University of China; Information and Telecommunication Branch of State Grid Shandong Electric Power Co Ltd
Priority date: 2023-12-08
Filing date: 2023-12-08
Publication date: 2024-03-12

Abstract

The invention provides an attribute-based password system and a method capable of verifying the liability access control, which can not only track malicious users revealing decryption keys, but also track the behaviors of illegal counterfeiting keys of a key generation center through accurate liability-following of illegal keys by a liability-following mechanism. If a malicious user is tracked, part of the attribute or the whole decryption authority of the user can be revoked. The decryption authority adopts a direct revocation method, and the user is deleted from the authorized user list; the attribute revocation adopts an indirect revocation method, and the password generation center updates the key of the revoked attribute and updates the attribute keys of other users with the revoked attribute. The cloud server updates the attribute ciphertext by using the update key, so that complicated ciphertext re-encryption and other user keys are avoided, real-time user revocation can be realized, and the safety of data is enhanced.

Description

Attribute-based password system and method capable of verifying and chasing access control

Technical Field

The invention belongs to the technical field of data security cloud storage, and particularly relates to an attribute-based password system and method capable of verifying and controlling overtaking access.

Background

The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.

With the rapid development of information technology and the popularization of the internet, cloud storage is becoming the first choice for more and more organizations and individuals as an innovative data storage and management mode. Cloud storage provides convenient data access and sharing by storing data on a remote server, providing many benefits to users. The development of cloud storage brings about huge storage capacity and expandability, so that a user can easily store and manage a large amount of data without paying attention to the limitation of local storage equipment. In addition, cloud storage also provides high availability and powerful data backup functionality, protecting user data from hardware failures, natural disasters, or human errors.

However, with the widespread use of cloud storage, there are also a number of new challenges and problems. One of the most important issues is data security and privacy protection. Because the user's data is stored on the cloud service provider's servers, the user must trust that these providers are able to protect the confidentiality and integrity of their data. However, during data transmission and storage, the data may be subject to risk of tampering, loss or corruption. Past security vulnerabilities and data leakage events indicate that cloud storage security still presents a degree of risk.

Another key issue is data access control and rights management. Cloud storage is often faced with multiple users, requiring that each user only access its authorized data while preventing unauthorized access and data leakage. Effective access control mechanisms and rights management policies are critical to protecting the privacy and security of user data.

Attribute encryption has attracted considerable attention in the field of secure cloud storage as an emerging data protection technology. It provides a flexible and efficient method to meet the security requirements of outsourced data. Attribute encryption techniques provide more flexible and dynamic fine-grained access control without exposing plaintext data, protecting the privacy and confidentiality of the data. ABE schemes are largely divided into two categories: an encryption KP-ABE scheme based on key policy attributes and an encryption CP-ABE scheme based on ciphertext policy attributes. The difference between them is that the KP-ABE scheme embeds the access structure in the key, whereas the CP-ABE scheme integrates the access structure into the ciphertext.

However, most available systems require the user to perform a large number of complex bilinear pairing operations, such as patent document CN108200181B, CN114244579a. These overwhelming computations become a heavy burden on the user terminal, especially for energy-constrained devices. To solve this problem, the barong Qin et al in the document "Attribute-Based Encryption With Efficient Verifiable Outsourced decryption" utilized an outsourced decryption method that can reduce the computational burden on the user device by giving complex operations to a computing resource-rich cloud server. However, the cloud server may return erroneous semi-decrypted information due to a malicious attack or system failure. Thus, ensuring the correctness of outsourced decryption remains a challenge. In addition, some authorized malicious users may illegally reveal keys to gain profits, which would undermine the basis of authorized access and data privacy protection. In a conventional ABE system, given a compromised key, the original key owner cannot be determined. This means that there is little risk of a malicious user selling his key being identified. Therefore, it is important to identify and revoke decryption rights of malicious users in time. In addition to malicious users, there may be cases where a key generation center in the system illegally falsifies the attribute key. Therefore, accurate liability for the illegal key ownership is a concern. For illegal actions of the key generation center, further processing the responsibility of related personnel of the key generation center; for malicious users it becomes necessary to revoke or update their access rights in real time. However, multiple users may share each attribute, any attribute of the revoked user may affect other users, and conventional solutions inevitably require re-encrypting data and updating the user's keys. Document CN114244579a implements user-level attribute revocation, but the users of the revoked attributes still have valid keys before revocation. Therefore, how to track malicious users and cancel or update access rights of users in real time, and enhancing security of data are problems that need to be solved at present.

Disclosure of Invention

In order to overcome the defects of the prior art, the invention provides an attribute-based password system and a method capable of verifying the liability-based access control, which are used for realizing flexible and efficient decryption verification and illegal key liability based on a liability-based mechanism, a key generation center and a cloud server, and for a malicious user, the attribute of the malicious user or the whole decryption authority is revoked.

To achieve the above object, a first aspect of the present invention provides an attribute-based cryptographic system capable of verifying a disclaimer access control, comprising:

the responsibility-chasing mechanism is used for verifying the validity of the illegal key, and if the validity is valid, the responsibility attribution is determined according to the illegal key; if the key is forged by the key generation center, further processing of overtaking responsibility is carried out on personnel related to the key generation center; if the decryption permission is revealed by a malicious user, the specific decryption permission is revoked by the key generation center;

the key generation center is used for canceling part of attribute or whole decryption authority of the malicious user; if the attribute is revoked, updating the private key and the public key of the revoked attribute, sending the updated key to the cloud server, and updating the attribute keys of other users with the revoked attribute by using the updated key; and if the whole decryption authority is revoked, sending the malicious user identity to the cloud server.

The cloud server is used for receiving a revocation request of the revealing user of the key generation center; if the decryption authority is revoked, deleting the revealing user from a user list authorized by the data owner; and if the attribute is revoked, receiving an update key sent by the key generation center, and updating the attribute ciphertext by using the update key.

A second aspect of the present invention provides a method of verifiable, accountable access control of an attribute-based password, comprising:

the responsibility-following mechanism verifies the validity of the illegal key, and if the illegal key is valid, the responsibility-following mechanism carries out tracking and responsibility-following on the key; if the key is forged by the key generation center, further processing the responsibility of personnel related to the key generation center; otherwise, the key generation center selects to cancel part of the attribute or the whole decryption authority of the malicious user;

if some attributes are revoked, the key generation center updates the private key and the public key of the revoked attributes and generates an updated key, the updated key is sent to the cloud server, and the attribute keys of other users with the revoked attributes are updated by using the updated key; if the user decryption authority is revoked, the user identity is sent to the cloud server;

the cloud server receives a revocation request of the revealing user of the key generation center, and if the request is for revoke of the decryption authority, the revealing user is deleted from a user list authorized by the data owner; and if the attribute is revoked, updating the attribute ciphertext by using the updating key sent by the key generation center.

The one or more of the above technical solutions have the following beneficial effects:

in the invention, by accurately tracing the illegal key by the tracing mechanism, not only can the malicious user revealing the decryption key be traced, but also the behavior of illegal counterfeiting of the key by the key generation center can be traced. If a malicious user is tracked, part of the attribute or the whole decryption authority of the user can be revoked. The decryption authority adopts a direct revocation method, and the user is deleted from the authorized user list; the attribute revocation adopts an indirect revocation method, and the password generation center updates the key of the revoked attribute and updates the attribute keys of other users with the revoked attribute. The cloud server updates the attribute ciphertext by using the update key, so that complicated ciphertext re-encryption and other user keys are avoided, real-time user revocation can be realized, and the safety of data is enhanced.

Additional aspects of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.

Drawings

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention.

FIG. 1 is a schematic diagram of an attribute-based cryptographic system capable of verifying a disciplinable access control in accordance with a first embodiment of the present invention;

FIG. 2 is a block flow diagram of an attribute-based cryptographic system capable of verifying a disciplinable access control in accordance with one embodiment of the present invention

FIG. 3 is a block diagram illustrating an initialization process for an attribute-based cryptographic system for verifiable accountable access control in accordance with a first embodiment of the present invention;

FIG. 4 is a block diagram of a user registration process in accordance with a first embodiment of the present invention;

FIG. 5 is a block diagram of a ciphertext generation flow in accordance with an embodiment of the present invention;

FIG. 6 is a block diagram illustrating a user decryption process according to a first embodiment of the present invention;

FIG. 7 is a block diagram of a process of illegal key tracing in accordance with an embodiment of the present invention;

fig. 8 is a block diagram of a process for attribute revocation in accordance with a first embodiment of the present invention.

Fig. 9 is a block diagram of a decryption right revocation flow in the first embodiment of the present invention.

Detailed Description

It should be noted that the following detailed description is exemplary and is intended to provide further explanation of the invention. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.

It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the present invention.

Embodiments of the invention and features of the embodiments may be combined with each other without conflict.

Example 1

The embodiment discloses a property-based password system capable of verifying the accountable access control, comprising:

the responsibility-chasing mechanism is used for verifying the validity of the illegal key, and if the validity is valid, the responsibility attribution is determined according to the illegal key; if the key is forged by the key generation center, further processing of overtaking responsibility is carried out on personnel related to the key generation center; if the decryption permission is revealed by a malicious user, the specific decryption permission is revoked by the key generation center.

The key generation center can revoke part of the attribute or the whole decryption authority of the malicious user; and if the attribute is revoked, updating the key of the revoked attribute, sending the updated key to the cloud server, and updating the attribute keys of other users with the revoked attribute by using the updated key. And if the decryption authority is revoked, sending the malicious user identity to the cloud server.

As shown in fig. 1, the present embodiment has five types of entities in total: key generation center KGC, cloud server CS, responsibility entity AC, data owner DO, data query user DU.

Key Generation Center (KGC): KGC is responsible for system parameter settings and user registration. And (5) carrying out the revocation of partial attribute or decryption authority on the malicious user.

Cloud Server (CS): the cloud server has huge storage space and strong computing power, and provides on-demand service for the system. The cloud server is responsible for storing the encrypted files of the data owners. After receiving a decryption request of a data user, semi-decrypting the encrypted file by using an attribute key provided by the user, and transmitting the converted semi-decrypted ciphertext to the user.

Responsibility-following mechanism (AC): after an illegal key is captured, a service for detecting the validity of the key and tracking the responsibility is provided.

Data owner: the data owner uses a cloud storage service to store files. In the encryption process, an access strategy is appointed and embedded into the ciphertext, so that fine-grained access control is realized.

User data: each data user has an attribute set describing the characteristics of the data user, the attribute set is embedded into an attribute key of the user, and if the attribute set of the user meets an access strategy defined in an encrypted file, the cloud server responds to a decryption request of the user and returns a semi-decryption ciphertext to the user. The user runs the final decryption algorithm to recover the plaintext.

In this embodiment, the system workflow:

in the system setup phase, KGC generates public parameters PP and master key MSK of the system. The master key MSK is kept secret by KGC. The system public parameter PP is distributed to cloud servers, responsibility-pursuing institutions, data owners and users.

For a system user with an attribute set S and an identity id, KGC generates an attribute key embedding the identity id of the user and the attribute set S.

The data user list UL is stored by the cloud server, and KGC inserts each authorized user with an identity id into the user list for subsequent malicious user detection and user revocation phases.

The data owner encrypts the file M and formulates an access policy to define the set of authorized users, the access policy being embedded in the ciphertext. And generating a verification key VK for verifying the correctness of the semi-decryption ciphertext of the cloud server. The encrypted file and the verification key are outsourced to the cloud server.

In the decryption algorithm, if the attribute set of the user meets the access policy defined by the owner of the data, the cloud server performs half decryption on the ciphertext first, so that the data user can recover the plaintext M by using lightweight calculation. The semi-decrypted ciphertext and the corresponding authentication key VK are returned to the data user.

In the final decryption algorithm, the data user verifies whether the semi-decrypted ciphertext is correct using the verification key VK. If the verification fails, the semi-decryption result of the cloud server is proved to be wrong. If the verification is successful, the data user performs a lightweight calculation to recover the message M.

For illegitimate compromised keys, the trust authority first checks the validity of the key. If the key format is incorrect, the key is an invalid key. Otherwise, the trust authority recovers the true identity of the compromised key and performs the trust.

If the key leakage person is a malicious user, to cancel some of the attributes, the KGC firstly updates the attribute private key and the public key of the attribute and generates an update key, the update key is sent to the cloud server, and the cloud server updates the attribute ciphertext by using the update key. For other users with revocation properties, KGC updates their property keys accordingly with the update key. If the decryption authority is to be revoked, the KGC sends the malicious user identity to the cloud server, and the cloud server deletes the malicious user identity from the authorized user list.

As shown in fig. 2, the specific configuration includes:

1. initializing a system:

as shown in FIG. 3, G is a bilinear group of one prime order p, G is a generator of G, and e is G×G→G _T Is a bilinear map. A hash function h {0,1}, is defined ^* →K,H:{0,1} ^* →G。

Defining U as attribute domain, randomly selecting v for each attribute x E U in the attribute domain _x ∈ _R Z _p Attribute private key VSK _x ＝v _x Calculating an attribute public key

With a security parameter as input, KGC randomly selects alpha, a, delta epsilon _R Z _p ，k∈ _R K, common parameter of System PP= (g, g) ^a ,g ^δ ,e(g,g) ^α ,h,H,{VPK _x } _x∈U ) Master key msk= (α, a, δ).

2. User registration:

as shown in FIG. 4, when a user applies to join the system, a random number b E is first selected _R Z _p And secret-preserving for final decryption, calculating key generation parameter g ^b And g is to ^b And one about g ^b A zero knowledge proof of discrete logarithms of (1) is sent to KGC. And generating an attribute key for the user by using a KGC operation key generation algorithm according to the identity ID of the user and the attribute set S.

KGC randomly selects key generation parameter c, t E _R Z _p According to the system master key MSK= (alpha, a, delta), the public parameter PP= (g, g) ^a ,g ^δ ,e(g,g) ^α ,h,H,{VPK _x } _x∈U ) And user ID calculation of user's attribute keyK ₂ ＝c，K ₃ ＝g ^bt ，K ₄ ＝g ^δbt For all x.epsilon.S, calculate +.>The attribute key can be directly submitted to the cloud server for semi-decryption. The incompletely trusted key generation center cannot reveal the user attribute key that can be decrypted to obtain plaintext without the final decryption key. The user adds the final decryption key K ₅ Obtain =bTo its own complete attribute key SK _ID,S ＝(K ₁ ,K ₂ ,K ₃ ,K ₄ ,K ₅ ,{K _x } _x∈S )

KGC adds (ID, c) to the authorized user list, sends the authorized user list to the cloud server, and SK _ID,S Distributed to the corresponding users.

3. Encryption:

as shown in fig. 5, the data owner uses the attribute public key { VPK _x } _x∈U The common parameter PP, access policy (M, ρ), where M is a matrix of lxn, and the function ρ maps each row of M to an attribute. Randomly selecting a secret value s epsilon _R Z _p A random vectorWherein the random number y ₂ ,y ₃ ,...,y _n ∈ _R Z _p . Calculating secret sharesWherein M is _i Is the ith row vector of M.

Data owner randomly selects symmetric key generation parameter ζ epsilon _R G _T Calculating a symmetric key k _SE =h (ζ). Then, the plaintext set m= { M is encrypted using the symmetric key ₁ ,M ₂ ,...,M _m M is the number of files to obtain a ciphertext setWherein->Secc () is a symmetric encryption algorithm. Calculate authentication key->The verification key is used for verifying whether the result of the cloud server semi-decryption is correct.

Random selection of r _i ∈ _R Z _p I=1, the combination of the first and second parts, l, calculation of ciphertext C ₁ ＝ζ·e(g,g) ^αs ,C ₂ ＝g ^s ,C ₃ ＝g ^δs ，Adding an access policy (M, ρ) and a symmetric cipher text set C _M Output ciphertext ct= ((M, ρ), C _M ,C ₁ ,C ₂ ,C ₃ {C _i,1 ,C _i,2 } _i＝[l] )。

4. Decryption:

as shown in fig. 6, the cloud server is commissioned to perform half decryption in consideration of the limited computing power of the user, and the user can perform final decryption only by simple computation.

Using user attribute key SK _ID,S Ciphertext CT, if the user belongs to the authorized user and the attribute set meets the access policy, a group of meeting sigma exists _i∈I ω _i λ _i Constant { ω =s _i ∈Z _p } _i∈I Definition ofIs i= { I }:p (I) ∈s }. The cloud server calculates the half decryption result TCT in the following manner.

Wherein the relevant parameters are derived from the user attribute key and ciphertext,

the cloud server decrypts the result TCT and the ciphertext C ₁ And C _M And returning to the user. After receiving the semi-decryption result, the user uses the final decryption key K ₅ And (3) calculating:

verificationWhether or not it is. If not, syndromeThe half decryption result returned by the bright cloud server is incorrect; otherwise, calculate symmetric key k _SE =h (ζ), and utilize k _SE And symmetric decryption algorithm SDec () computationAnd recovering the plaintext.

5. Illegal key following:

as shown in fig. 7, when the attribute key is compromised, validity detection is first performed on the compromised key, which if checked as follows, represents that the key is valid. Otherwise, it is invalid.

1)SK _ID,S Is of the form (K) ₁ ,K ₂ ,K ₃ ,K ₄ ,K ₅ ,{K _x })，K ₂ ,K ₅ ∈Z _p ，K ₁ ,K ₃ ,K ₄ ,{K _x }∈G。

2)e(g,K ₄ )＝e(g ^δ ,K ₃ )

3)

4)

If passing the inspection, extracting the illegal key SK _ID,S K in (B) ₂ =c, searching the authorized user list for a list containing K ₂ Is a tuple of (a). If the tuple is not in the authorization list, the attribute key is determined to be forged by the key generation center; if the tuple is found, extracting the user ID in the tuple, and taking the K of the illegal key ₅ B and K of the ID user _5,ID ＝b _ID In contrast, if b=b _ID The illegal key is determined to be maliciously revealed by the user. If b is not equal to b _ID The illegal key is identified as being forged by the key generating center.

6. Attribute revocation:

as shown in fig. 8, defineFor the set of attributes to be revoked, for each attribute x ε U within the set of revoked attributes ^* Randomly selecting a new attribute private key VSK' _x ＝v′ _x ∈Z _p (v′ _x ≠v _x ) Calculating update key as UPK _x ＝v′ _x ′/v _x 。

The attribute public key of the revoked attribute is first updated,

the cloud server updates the key UPK according to the original ciphertext CT and the attribute _x Updating ciphertext, specifically:

that is, only the ciphertext component corresponding to the revoked attribute is updated with the update key.

For other authorized users with revoked attributes, the attribute key needs to be updated, specifically:

i.e. only the key component corresponding to the revoked attribute is updated with the update key.

7. Decryption rights revocation:

as shown in fig. 9, the cloud server deletes the binary group corresponding to the ID from the authorized user list according to the malicious user ID.

The A-type elliptic curve parameters are selected for experiment, and the elliptic curve used for A-type pairing is shown as F _p Curve y over domain ² ＝x ³ +x, where p is a prime number and p=3 (mod 4) is satisfied. In the experiment, the parameter p= 878071079966331252243778198475404981580688319941420821102865339926647563088022295707862517942266222142315585876958231745927771336731748132492512999822479 was chosen1。

The access strategy of the data owner is selected (student and Chinese and male) or (teacher and female), and the data user is selected (student and Chinese and male) as the attribute set of a certain data user, and the identity id is 001.

The access policy matrix is generated as follows:

[1 1 1 0]

[0 0 1 0]

[0 1 0 0]

[1 0 0 1]

[0 0 0 1]，

the secret value is chosen to be 0x0000000000000000000000000000000000000002.

After ten repeated experiments, the average time required to encrypt a single file was 16.94 milliseconds. The average time to generate the attribute key for a single user is 7.01 milliseconds. The decryption time at the user side is 0.01 ms.

According to the invention, an outsourcing decryption mechanism is adopted, most of complex decryption calculation is outsourced to the cloud server to realize efficient decryption, and for the semi-decryption result of the cloud server, a data user can complete final decryption through simple and efficient calculation. In addition, the user can verify the correctness of the cloud server partial decryption calculation.

The invention realizes white-box traceability of abusing the secret key. Any authorized user who intentionally or unintentionally compromised the key and a key generation center that counterfeits the illegal key can be traced, and once a malicious traitor user is traced through the tracing algorithm, some of the attributes or decryption rights of the malicious user are revoked.

The flexible and efficient indirect revocation method is adopted to revoke the attributes of the users, the scheme of the embodiment only updates the ciphertext and the key related to the revoked attributes, and complicated whole ciphertext re-encryption and other user key re-distribution are avoided. And adopting a direct revocation method to revoke the decryption authority of the user, and deleting the user from the authorized user list.

Example two

An object of the present embodiment is to provide an attribute-based cryptographic method capable of verifying a disclaimer access control, including:

the liability-following mechanism verifies the validity of the illegal key, and if the illegal key is valid, the liability-following mechanism carries out the follow-up and the liability-following on the key.

If the key is forged by the key generation center, further processing the responsibility of personnel related to the key generation center; otherwise, the key generation center selects to cancel part of the attribute or the whole decryption authority of the malicious user;

if some attributes are revoked, the key generation center updates the private key and the public key of the revoked attributes and generates an updated key, the updated key is sent to the cloud server, and the attribute keys of other users with the revoked attributes are updated by using the updated key; and if the user decryption authority is revoked, the user identity is sent to the cloud server.

It will be appreciated by those skilled in the art that the modules or steps of the invention described above may be implemented by general-purpose computer means, alternatively they may be implemented by program code executable by computing means, whereby they may be stored in storage means for execution by computing means, or they may be made into individual integrated circuit modules separately, or a plurality of modules or steps in them may be made into a single integrated circuit module. The present invention is not limited to any specific combination of hardware and software.

While the foregoing description of the embodiments of the present invention has been presented in conjunction with the drawings, it should be understood that it is not intended to limit the scope of the invention, but rather, it is intended to cover all modifications or variations within the scope of the invention as defined by the claims of the present invention.

Claims

1. An attribute-based cryptographic system for validating a disclaiinable access control, comprising:

the key generation center can revoke part of the attribute or the whole decryption authority of the malicious user; if the attribute is revoked, the private key and the public key of the revoked attribute are updated, the updated key is sent to the cloud server, and the attribute keys of other users with the revoked attribute are updated by using the updated key. And if the decryption authority is revoked, sending the malicious user identity to the cloud server.

2. The authentication-capable attribute-based cryptographic system of claim 1, wherein the cloud server is further configured to receive a half decryption key of the querying user, determine whether the querying user is an authorized user according to the half decryption key of the querying user through the authorized user list, and if the querying user belongs to the authorized user and the attribute of the querying user satisfies the access policy, perform half decryption on ciphertext of the data owner using the half decryption key of the querying user, and return a half decryption result to the querying user.

3. An attribute-based cryptographic system for verifiable accountable access control in accordance with claim 1, wherein the key generation center is configured to randomly select a new attribute private key for the user's revocation attribute to compute an update key; the attribute public key of the revoked attribute is calculated using the updated key.

4. An authenticatable, accountable, access control, attribute-based cryptosystem according to claim 1, wherein the cloud server is configured to update the original ciphertext of the data owner with the update key.

5. The attribute-based cryptographic system capable of verifying a liability-based access control of claim 1, wherein the liability-based mechanism is configured to perform liability-based on an illegal key, and if the attribute key is compromised, perform validity detection on the compromised key, and extract the illegal key; searching a tuple containing an illegal key in the authorized user list; if the tuple is not in the authorized user list, the attribute key is determined to be forged by the key generation center; if the tuple is in the authorized user list, extracting the user ID in the tuple and comparing the user ID with the illegal key, and determining whether the illegal key is maliciously leaked by the user or forged by the key generation center according to the comparison result.

6. A method for verifying a disclaimer access control attribute-based password, comprising:

7. The authenticatable, accountable, access control, attribute-based encryption method of claim 6, further comprising: and the cloud server judges whether the inquiring user is an authorized user or not according to the semi-decryption key, judges whether the inquiring user belongs to the authorized user or not according to the authorized user list, and if the inquiring user belongs to the authorized user and the attribute of the inquiring user meets the access strategy, semi-decrypts ciphertext of the data owner by using the semi-decryption key, and sends a semi-decryption result to the inquiring user.

8. The authenticatable, accountable, access control, attribute-based encryption method of claim 7, further comprising: and the inquiring user verifies the half decryption result returned by the cloud server, and if the verification is successful, the inquiring plaintext is calculated and recovered according to the half decryption result.

9. The method of claim 6, wherein when a new user joins, the key generation center generates an attribute key for the new user and sends the attribute key to the cloud server, and the cloud server joins the new user to the authorized user list based on the attribute key.

10. The method for verifying the attribute-based password for the trusted access control as recited in claim 7, wherein the step of performing the trusted key comprises the steps of:

if the attribute key is revealed, carrying out validity detection on the revealed key, and extracting an illegal key;

searching a tuple containing an illegal key in the authorized user list;

if the tuple is not in the authorized user list, the attribute key is determined to be forged by the key generation center;

if the tuple is in the authorized user list, extracting the user ID in the tuple and comparing the user ID with the illegal key, and determining whether the illegal key is maliciously leaked by the user or forged by the key generation center according to the comparison result.