WO2019127912A1 - Differential security ciphertext protection system - Google Patents

Differential security ciphertext protection system Download PDF

Info

Publication number
WO2019127912A1
WO2019127912A1 PCT/CN2018/078902 CN2018078902W WO2019127912A1 WO 2019127912 A1 WO2019127912 A1 WO 2019127912A1 CN 2018078902 W CN2018078902 W CN 2018078902W WO 2019127912 A1 WO2019127912 A1 WO 2019127912A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
server
ciphertext
terminal
osk
Prior art date
Application number
PCT/CN2018/078902
Other languages
French (fr)
Chinese (zh)
Inventor
王树兰
陈剑勇
王磊
Original Assignee
深圳技术大学(筹)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳技术大学(筹) filed Critical 深圳技术大学(筹)
Publication of WO2019127912A1 publication Critical patent/WO2019127912A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Definitions

  • the present invention relates to the field of ciphertext protection technologies, and in particular, to a differentiated and secure ciphertext protection system.
  • CP-ABE Cosmetic Text Policy-Attribute Based Encryption
  • Ciphertext Policy-Attribute Based Encryption is a novel encryption primitive that protects data privacy and implements fine-grained, one-to-many and non-interactive access control. It enables secure data sharing in a distributed environment.
  • the main purpose of the embodiments of the present invention is to provide a differentiated and secure ciphertext protection system, which can solve the problem that the existing CP-ABE solution is not applicable to terminals with limited computing resources, and when a large number of terminals request a key from an authorization center or When a key update is required, the computing load of the authorization center is high, which is prone to technical problems of misoperation.
  • an embodiment of the present invention provides a differential security ciphertext protection system, where the system includes an authorization center, a data owner, a terminal, a data sharing center, a key generation server, an encryption server, and a decryption server;
  • the key generation server and the terminal are both connected to the authorization center, and the key generation server is configured to provide a key generation algorithm to the authorization center, where the authorization center is configured to generate according to the key The algorithm generates a private key and sends the generated private key to the terminal;
  • the encryption server and the data sharing center are both connected to the data owner, and the encryption server is configured to provide an encryption algorithm to the data owner, where the data owner is used to protect according to the encryption algorithm. Encrypting the data, and storing the encrypted ciphertext in the data sharing center;
  • the decryption server and the data sharing center are both connected to the terminal, and the decryption server is configured to provide a decryption algorithm to the terminal, where the terminal is configured to acquire the ciphertext stored by the data sharing center, and is based on The decryption algorithm decrypts the ciphertext with the private key.
  • the authorization center is used to:
  • PK ⁇ G 0 ,g,h,g ⁇ ,g 1/ ⁇ ,e(g,g) ⁇ ,H ⁇
  • G 0 and G T are two cyclic groups of prime p
  • g is a generator of group G 0
  • e(g,g) is the generator G T
  • Z P is a set of random numbers, h ⁇ G 0.
  • the authorization center is further used to:
  • OSK OKGSP ⁇ g r/ ⁇ ⁇
  • g is a generator of the group G, ⁇ , ⁇ 0's, ⁇ Z P, Z P is a set of random numbers, h ⁇ G 0.
  • the key generation server is configured to:
  • g is a generator of group G 0 , r, ⁇ ⁇ Z p , and Z P is a set of random numbers.
  • the authorization center is further used to:
  • the data owner is used to:
  • the first ciphertext CT 1 and the second outsourcing key OSK OESP are calculated and generated using the following formula:
  • ⁇ ⁇ Z P , Z P is a set of random numbers
  • G 0 and G T are two cyclic groups of prime p
  • g is a generator of group G 0
  • e(g, g) is a generator of G T
  • h ⁇ G 0
  • M represents plaintext information
  • T represents an access tree.
  • the encryption server is used to:
  • the data owner is configured to generate a complete ciphertext CT based on the first ciphertext CT 1 and the second ciphertext CT 2 , and store the ciphertext CT in the data sharing center.
  • the terminal is used to:
  • g is a group G generated element 0, h ⁇ G 0, ⁇ , ⁇ , r, r * ⁇ Z P
  • Z P is a set of random numbers
  • j represents user attributes
  • S represents the set of attributes.
  • the decryption server is used to:
  • the terminal is further configured to:
  • the plaintext information M is calculated using the following formula:
  • ⁇ , s, ⁇ , r ⁇ Z P , Z P are a set of random numbers
  • G 0 and G T are two cyclic groups of prime p
  • g is a generator of group G 0
  • e(g, g) is a generator of G T , h ⁇ G 0 .
  • a differentiated and secure ciphertext protection system includes an authorization center, a data owner, a terminal, a data sharing center, a key generation server, an encryption server, and a decryption server; compared with the prior art
  • the three key semi-trusted third-party entities such as the key generation server, the encryption server, and the decryption server, respectively perform most of the calculation tasks of the three stages of key generation, encryption, and decryption, thereby greatly reducing
  • the cryptographic protection system has local computational complexity, so it can be applied to terminals with limited computing resources.
  • the above-mentioned key generation server, encryption server and decryption server are semi-trusted third-party entities, which can decompose the calculation of the authorization center. Load, when a large number of terminals ask for a key from the authorization center or need to update the key, it can avoid the misoperation of the authorization center.
  • FIG. 1 is a schematic structural diagram of a differential security ciphertext protection system according to an embodiment of the present invention.
  • FIG. 1 is a schematic structural diagram of a differential security ciphertext protection system according to an embodiment of the present invention.
  • the system includes an authorization center 10, a data owner 20, a terminal 30, and a data sharing center 40.
  • Both the key generation server 50 and the terminal 30 are in communication with the authorization center 10, and the key generation server 50 is configured to provide a key generation algorithm to the authorization center 10, and the authorization center 10 is configured to generate a private key according to the above key generation algorithm, and The generated private key is sent to the terminal 30;
  • Both the encryption server 60 and the data sharing center 40 are in communication with the data owner 20, and the encryption server 60 is configured to provide an encryption algorithm to the data owner 20, and the data owner 20 encrypts the data to be protected according to the encryption algorithm described above, and The encrypted ciphertext is stored in the data sharing center 40;
  • Both the decryption server 70 and the data sharing center 40 are in communication with the terminal 30.
  • the decryption server 70 is configured to provide a decryption algorithm to the terminal 30.
  • the terminal 30 is configured to acquire the ciphertext stored by the data sharing center 40, and based on the decryption algorithm and the private key pair. The ciphertext is decrypted.
  • the authorization center 10 is a fully trusted entity, which is used to manage the terminal 30 and is responsible for generating a public key, a master private key, and a user key; the data sharing center 40 is a manager who shares data and is semi-trusted. Entity, which provides a variety of services such as data storage, data transfer, outsourced computing, and more.
  • Key generation server 50, encryption server 60, and decryption server 70 are all semi-trusted third party entities that provide a wide variety of outsourced computing services. Among them, semi-trusted entities can honestly execute the various tasks distributed and return the correct results.
  • the public key PK, the master private key MSK and the user key corresponding to the key generation server 50 SK OKGSP are generated by the following formula:
  • PK ⁇ G 0 ,g,h,g ⁇ ,g 1/ ⁇ ,e(g,g) ⁇ ,H ⁇
  • the generated public key PK is sent to the terminal 30, the generated user key SK OKGSP is sent to the key generation server 50;
  • G 0 and G T are two cyclic groups of prime p
  • g is a generator of group G 0
  • e(g,g) is the generator G T
  • Z P is a set of random numbers, h ⁇ G 0.
  • user authorization center 10 based on public key PK and a private key main MSK, for each terminal, select two random numbers r, r *, and r, r * ⁇ Z p, is then calculated by the following formula
  • the first user key SK 1 and the first outsourcing key OSK OKGSP and the calculated first outsourcing key OSK OKGSP is sent to the key generation server 50;
  • OSK OKGSP ⁇ g r/ ⁇ ⁇
  • g is a generator of the group G, ⁇ , ⁇ 0's, ⁇ Z P, Z P is a set of random numbers, h ⁇ G 0.
  • the key generation server 50 obtains the key parameter g r based on the above-described user key SK OKGSP and the first outsourcing key OSK OKGSP using the following formula:
  • g is a generator of group G 0 , r, ⁇ ⁇ Z p , and Z P is a set of random numbers.
  • authorization center 10 is also used to:
  • ⁇ ⁇ Z P , Z P is a set of random numbers
  • G 0 and G T are two cyclic groups of prime p
  • g is a generator of group G 0
  • e(g, g) is a generator of G T
  • h ⁇ G 0
  • M represents plaintext information
  • T represents an access tree.
  • the encryption server 60 defines a polynomial q x for each node x (including leaf nodes) in the access tree T.
  • the polynomial q x of each node is randomly selected from the top down.
  • the degree of the polynomial q x is set to k x -1, where k x represents the threshold.
  • set q x (0) q parent(x) (index(x)), and randomly select d x other nodes to completely define q x .
  • the encryption server 60 In the access tree T, assuming that Y represents a set of leaf nodes, the encryption server 60 generates a second ciphertext CT 2 based on the second outsourcing key OSK OESP using the following formula, and generates the generated second ciphertext CT 2 Send to data owner 20:
  • the data owner 20 generates a complete ciphertext CT based on the first ciphertext CT 1 and the second ciphertext CT 2 , and stores the generated ciphertext CT in the data sharing center 40;
  • the terminal 30 obtains the ciphertext CT from the data sharing center 40, and then selects a random number t, t ⁇ Z P , based on the private key SK, and calculates and generates the first formula by using the following formula.
  • Three outsourced keys OSK ODSP and corresponding escrow key SK Delegate are used to cause the decryption server 70 to perform the relevant decryption work.
  • g is a group G generated element 0, h ⁇ G 0, ⁇ , ⁇ , r, r * ⁇ Z P
  • Z P is a set of random numbers
  • j represents user attributes
  • S represents the set of attributes.
  • the decryption server 70 operates the following operations:
  • the public key PK and the ciphertext CT in the terminal 30 are obtained, and based on the public key PK, the ciphertext CT, and the third outsourcing key OSK ODSP , the intermediate results IT 1 and IT 2 are obtained and transmitted to the terminal 30.
  • the decryption server 70 obtains the intermediate results IT 1 and IT 2 using the following formula and sends it to the terminal 30;
  • the terminal 30 calculates the plaintext information M based on the intermediate results IT 1 and IT 2 , the ciphertext CT, and the escrow key SK Delegate using the following formula:
  • ⁇ , s, ⁇ , r ⁇ Z P , Z P are a set of random numbers
  • G 0 and G T are two cyclic groups of prime p
  • g is a generator of group G 0
  • e(g, g) is a generator of G T , h ⁇ G 0 .
  • a differential security ciphertext protection system provided by the embodiment of the present invention includes an authorization center 10, a data owner 20, a terminal 30, a data sharing center 40, a key generation server 50, an encryption server 60, and a decryption server 70;
  • the embodiment of the present invention performs key generation, encryption, and decryption by using the three semi-trusted third-party entities, such as the key generation server 50, the encryption server 60, and the decryption server 70.
  • Most of the computing tasks in the phase greatly reduce the computational complexity of the ciphertext protection system, so it can be applied to the terminal 30 with limited computing resources.
  • the above-mentioned key generation server, encryption server and decryption server are semi-trusted.
  • the third-party entity can decompose the computing load of the authorization center 10. When a large number of terminals 30 request the key from the authorization center 10 or need to update the key, the authorization center 10 can be prevented from malfunctioning.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed is a differential security ciphertext protection system. The system comprises an authorization center, a data owner, a terminal, a data sharing center, a key generation server, an encryption server and a decryption server. Compared to the prior art, according to the embodiments of the present invention, by means of three semi-trusted third-party entities, i.e. the key generation server, the encryption server and the decryption server, most of the computing tasks of three stages, i.e. key generation, encryption and decryption, are respectively executed, so that local computing complexity of the ciphertext protection system is greatly reduced, and thus, the system can be applicable to a terminal with limited computing resources. Moreover, the key generation server, the encryption server and the decryption server, as the semi-trusted third-party entities, can all break down a computing load of the authorization center, so that when a great number of terminals ask the authorization center for keys or need to update the keys, a misoperation of the authorization center can be avoided.

Description

差异化安全的密文保护系统Differential security ciphertext protection system 技术领域Technical field
本发明涉及密文保护技术领域,尤其涉及一种差异化安全的密文保护系统。The present invention relates to the field of ciphertext protection technologies, and in particular, to a differentiated and secure ciphertext protection system.
背景技术Background technique
CP-ABE(Ciphertext Policy-Attribute Based Encryption,基于密文策略的属性加密体制)作为一种新颖的加密原语,可以保护数据的隐私,并实现细粒度、一对多以及非交互的访问控制,它能够在分布式的环境下达到安全的数据共享。CP-ABE (Ciphertext Policy-Attribute Based Encryption) is a novel encryption primitive that protects data privacy and implements fine-grained, one-to-many and non-interactive access control. It enables secure data sharing in a distributed environment.
但是,当加密系统中有一些资源有限的终端设备参与时,CP-ABE方案具有如下的挑战性难题:However, when there are some terminal devices with limited resources in the encryption system, the CP-ABE solution has the following challenges:
在现存的大多数CP-ABE方案中,加密和解密端的计算开销随着密文访问结构中包含的属性个数的增加而近似线性增长,故不适用于计算资源有限的终端;另外,当大量的终端向授权中心索要密钥或需要更新密钥时,授权中心的计算负载较高,容易出现误操作。In most existing CP-ABE schemes, the computational overhead of the encryption and decryption ends increases approximately linearly with the number of attributes included in the ciphertext access structure, so it is not suitable for terminals with limited computing resources; When the terminal requests the key from the authorization center or needs to update the key, the authorization center has a high calculation load and is prone to misoperation.
发明内容Summary of the invention
本发明实施例的主要目的在于提供一种差异化安全的密文保护系统,可以解决现有的CP-ABE方案不适用于计算资源有限的终端,以及当大量的终端向授权中心索要密钥或需要密钥更新时,授权中心的计算负载较高,容易出现误操作的技术问题。The main purpose of the embodiments of the present invention is to provide a differentiated and secure ciphertext protection system, which can solve the problem that the existing CP-ABE solution is not applicable to terminals with limited computing resources, and when a large number of terminals request a key from an authorization center or When a key update is required, the computing load of the authorization center is high, which is prone to technical problems of misoperation.
为实现上述目的,本发明实施例提供了一种差异化安全的密文保护系统,该系统包括授权中心、数据属主、终端、数据共享中心、密钥生成服务器、加密服务器及解密服务器;To achieve the above objective, an embodiment of the present invention provides a differential security ciphertext protection system, where the system includes an authorization center, a data owner, a terminal, a data sharing center, a key generation server, an encryption server, and a decryption server;
所述密钥生成服务器和所述终端均与所述授权中心通信连接,所述密钥生 成服务器用于向所述授权中心提供密钥生成算法,所述授权中心用于根据所述密钥生成算法生成私钥,并将生成的私钥发送至所述终端;The key generation server and the terminal are both connected to the authorization center, and the key generation server is configured to provide a key generation algorithm to the authorization center, where the authorization center is configured to generate according to the key The algorithm generates a private key and sends the generated private key to the terminal;
所述加密服务器和所述数据共享中心均与所述数据属主通信连接,所述加密服务器用于向所述数据属主提供加密算法,所述数据属主用于根据所述加密算法对待保护的数据进行加密,并将加密得到的密文存储在所述数据共享中心;The encryption server and the data sharing center are both connected to the data owner, and the encryption server is configured to provide an encryption algorithm to the data owner, where the data owner is used to protect according to the encryption algorithm. Encrypting the data, and storing the encrypted ciphertext in the data sharing center;
所述解密服务器和所述数据共享中心均与所述终端通信连接,所述解密服务器用于向所述终端提供解密算法,所述终端用于获取所述数据共享中心存储的密文,并基于所述解密算法与所述私钥对所述密文进行解密。The decryption server and the data sharing center are both connected to the terminal, and the decryption server is configured to provide a decryption algorithm to the terminal, where the terminal is configured to acquire the ciphertext stored by the data sharing center, and is based on The decryption algorithm decrypts the ciphertext with the private key.
优选地,所述授权中心用于:Preferably, the authorization center is used to:
定义属性集合A={a 1,…,a n}; Define the attribute set A={a 1 ,...,a n };
建立哈希函数H:{0,1} *→G 0Establish a hash function H: {0, 1} * → G 0 ;
选择随机数α、β、θ,α、β、θ∈Z P,并分别计算g α、g β、g 1/θSelect random numbers α, β, θ, α, β, θ ∈ Z P and calculate g α , g β , g 1 / θ, respectively ;
利用以下公式生成公钥PK,主私钥MSK及所述密钥生成服务器对应的用户密钥SK OKGSP,并将生成的所述公钥PK发送至所述终端,将生成的所述用户密钥SK OKGSP发送至所述密钥生成服务器; Generating a public key PK, a primary private key MSK and a user key SK OKGSP corresponding to the key generation server, and transmitting the generated public key PK to the terminal, and generating the generated user key SK OKGSP is sent to the key generation server;
PK={G 0,g,h,g β,g 1/θ,e(g,g) α,H} PK={G 0 ,g,h,g β ,g 1/θ ,e(g,g) α ,H}
MSK={g α,β} MSK={g α ,β}
SK OKGSP={θ} SK OKGSP = {θ}
其中,G 0和G T是两个阶为素数p的循环群,g是群G 0的一个生成元,双线性对e:G 0×G 0→G T,e(g,g)是G T的生成元,α、β、θ∈Z P,Z P为随机数集合,h∈G 0Where G 0 and G T are two cyclic groups of prime p, g is a generator of group G 0 , and bilinear pair e:G 0 ×G 0 →G T , e(g,g) is the generator G T, α, β, θ∈Z P, Z P is a set of random numbers, h∈G 0.
优选地,所述授权中心还用于:Preferably, the authorization center is further used to:
选择两个随机数r,r *,且r,r *∈Z p,利用以下公式计算第一用户密钥SK 1和第一外包密钥OSK OKGSP,并将计算出的第一外包密钥OSK OKGSP发送至所述密钥生成服务器; Select two random numbers r, r * and r, r * ∈Z p , and calculate the first user key SK 1 and the first outsourcing key OSK OKGSP using the following formula, and calculate the first outsourcing key OSK The OKGSP is sent to the key generation server;
Figure PCTCN2018078902-appb-000001
Figure PCTCN2018078902-appb-000001
OSK OKGSP={g r/θ} OSK OKGSP ={g r/θ }
其中,g是群G 0的一个生成元,α、β、θ∈Z P,Z P为随机数集合,h∈G 0Wherein, g is a generator of the group G, α, β 0's, θ∈Z P, Z P is a set of random numbers, h∈G 0.
优选地,所述密钥生成服务器用于:Preferably, the key generation server is configured to:
基于所述用户密钥SK OKGSP和第一外包密钥OSK OKGSP,得到密钥参数g r Obtaining a key parameter g r based on the user key SK OKGSP and the first outsourcing key OSK OKGSP ;
基于用户属性集合中的每个用户属性
Figure PCTCN2018078902-appb-000002
选择一个随机数r j∈Z p,利用以下公式生成与属性集合S相关的第二用户密钥SK 2,并发送至所述授权中心; Based on each user attribute in the user attribute collection
Figure PCTCN2018078902-appb-000002
Selecting a random number r j ∈Z p , generating a second user key SK 2 related to the attribute set S by using the following formula, and transmitting to the authorization center;
Figure PCTCN2018078902-appb-000003
Figure PCTCN2018078902-appb-000003
其中,g是群G 0的一个生成元,r、β∈Z p,Z P为随机数集合。 Where g is a generator of group G 0 , r, β Z p , and Z P is a set of random numbers.
优选地,所述授权中心还用于:Preferably, the authorization center is further used to:
基于所述第一用户密钥SK 1与所述第二用户密钥SK 2,生成私钥SK,所述私钥SK={SK 1,SK 2},并发送至所述终端。 Based on the first user key SK 1 and the second user key SK 2 , a private key SK is generated, the private key SK={SK 1 , SK 2 }, and sent to the terminal.
优选地,所述数据属主用于:Preferably, the data owner is used to:
选择两个随机数s、s 1,s、s 1∈Z p,并计算s 2=(s-s 1)modp; Select two random numbers s, s 1 , s, s 1 ∈Z p , and calculate s 2 = (ss 1 ) modp;
利用以下公式计算并生成第一密文CT 1和第二外包密钥OSK OESPThe first ciphertext CT 1 and the second outsourcing key OSK OESP are calculated and generated using the following formula:
Figure PCTCN2018078902-appb-000004
Figure PCTCN2018078902-appb-000004
OSK OESP={T,s 1} OSK OESP ={T,s 1 }
将所述第二外包密钥OSK OESP发送至所述加密服务器; Sending the second outsourcing key OSK OESP to the encryption server;
其中,α∈Z P,Z P为随机数集合,G 0和G T是两个阶为素数p的循环群,g是群G 0的一个生成元,双线性对e:G 0×G 0→G T,e(g,g)是G T的生成元,h∈G 0,M表示明文信息,T表示访问结构树。 Where α ∈ Z P , Z P is a set of random numbers, G 0 and G T are two cyclic groups of prime p, g is a generator of group G 0 , bilinear pair e: G 0 ×G 0 → G T , e(g, g) is a generator of G T , h ∈ G 0 , M represents plaintext information, and T represents an access tree.
优选地,所述加密服务器用于:Preferably, the encryption server is used to:
基于所述第二外包密钥OSK OESP生成第二密文CT 2,并发送至所述数据属主; Generating a second ciphertext CT 2 based on the second outsourcing key OSK OESP and transmitting to the data owner;
所述数据属主用于基于所述第一密文CT 1与第二密文CT 2生成完整的密文CT,并将所述密文CT存储在所述数据共享中心。 The data owner is configured to generate a complete ciphertext CT based on the first ciphertext CT 1 and the second ciphertext CT 2 , and store the ciphertext CT in the data sharing center.
优选地,所述终端用于:Preferably, the terminal is used to:
从所述数据共享中心中获取所述密文CT,选择一个随机数t,t∈Z P,基于所述私钥SK,利用以下公式计算并生成第三外包密钥OSK ODSP和相应的托管密钥SK DelegateObtaining the ciphertext CT from the data sharing center, selecting a random number t, t ∈ Z P , and calculating and generating a third outsourcing key OSK ODSP and a corresponding escrow key based on the private key SK Key SK Delegate :
Figure PCTCN2018078902-appb-000005
Figure PCTCN2018078902-appb-000005
SK Delegate={t} SK Delegate ={t}
将所述第三外包密钥OSK ODSP发送至所述解密服务器; Transmitting the third outsourcing key OSK ODSP to the decryption server;
其中,g是群G 0的一个生成元,h∈G 0,α、β、r、r *∈Z P,Z P为随机数集合,j表示用户属性,S表示属性集合。 Wherein, g is a group G generated element 0, h∈G 0, α, β, r, r * ∈Z P, Z P is a set of random numbers, j represents user attributes, S represents the set of attributes.
优选地,所述解密服务器用于:Preferably, the decryption server is used to:
获取所述终端中的公钥PK及所述密文CT,基于所述公钥PK、所述密文CT及所述第三外包密钥OSK ODSP,得到中间结果IT 1和IT 2,并发送至所述终端。 Obtaining a public key PK and the ciphertext CT in the terminal, and obtaining intermediate results IT 1 and IT 2 based on the public key PK, the ciphertext CT, and the third outsourcing key OSK ODSP , and sending To the terminal.
优选地,所述终端还用于:Preferably, the terminal is further configured to:
基于所述中间结果IT 1和IT 2、所述密文CT及所述托管密钥SK Delegate,利用以下公式计算得到所述明文信息M: Based on the intermediate results IT 1 and IT 2 , the ciphertext CT, and the escrow key SK Delegate , the plaintext information M is calculated using the following formula:
Figure PCTCN2018078902-appb-000006
Figure PCTCN2018078902-appb-000006
其中,α、s、β、r∈Z P,Z P为随机数集合,G 0和G T是两个阶为素数p的循 环群,g是群G 0的一个生成元,双线性对e:G 0×G 0→G T,e(g,g)是G T的生成元,h∈G 0Where α, s, β, r∈Z P , Z P are a set of random numbers, G 0 and G T are two cyclic groups of prime p, g is a generator of group G 0 , bilinear pair e: G 0 × G 0 → G T , e(g, g) is a generator of G T , h ∈ G 0 .
本发明实施例提供的一种差异化安全的密文保护系统,包括授权中心、数据属主、终端、数据共享中心、密钥生成服务器、加密服务器及解密服务器;相较于现有技术而言,本发明实施例通过上述密钥生成服务器、加密服务器及解密服务器这三个半可信的第三方实体,来分别执行密钥产生、加密、解密三个阶段的大部分计算任务,极大地减少了密文保护系统本地的计算复杂度,因此可以适用于计算资源有限的终端;同时,上述密钥生成服务器、加密服务器及解密服务器作为半可信的第三方实体,均能分解授权中心的计算负载,当大量的终端向授权中心索要密钥或需要更新密钥时,可以避免授权中心出现误操作。A differentiated and secure ciphertext protection system provided by the embodiment of the present invention includes an authorization center, a data owner, a terminal, a data sharing center, a key generation server, an encryption server, and a decryption server; compared with the prior art In the embodiment of the present invention, the three key semi-trusted third-party entities, such as the key generation server, the encryption server, and the decryption server, respectively perform most of the calculation tasks of the three stages of key generation, encryption, and decryption, thereby greatly reducing The cryptographic protection system has local computational complexity, so it can be applied to terminals with limited computing resources. At the same time, the above-mentioned key generation server, encryption server and decryption server are semi-trusted third-party entities, which can decompose the calculation of the authorization center. Load, when a large number of terminals ask for a key from the authorization center or need to update the key, it can avoid the misoperation of the authorization center.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的优选实施例,对于本领域技术人员来讲,在不付出创造性劳动的前提下,还可以根据该附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a preferred embodiment of the present invention, and those skilled in the art can obtain other drawings according to the drawing without any creative work.
图1为本发明实施例中差异化安全的密文保护系统的结构示意图。FIG. 1 is a schematic structural diagram of a differential security ciphertext protection system according to an embodiment of the present invention.
具体实施方式Detailed ways
为使得本发明的发明目的、特征、优点能够更加的明显和易懂,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而非全部实施例。基于本发明中的实施例,本领域技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described in conjunction with the drawings in the embodiments of the present invention. The embodiments are merely a part of the embodiments of the invention, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
参照图1,图1为本发明实施例中差异化安全的密文保护系统的结构示意 图,本发明实施例中,上述系统包括授权中心10、数据属主20、终端30、数据共享中心40、密钥生成服务器50、加密服务器60及解密服务器70;1 is a schematic structural diagram of a differential security ciphertext protection system according to an embodiment of the present invention. In the embodiment of the present invention, the system includes an authorization center 10, a data owner 20, a terminal 30, and a data sharing center 40. Key generation server 50, encryption server 60 and decryption server 70;
密钥生成服务器50和终端30均与授权中心10通信连接,密钥生成服务器50用于向授权中心10提供密钥生成算法,授权中心10用于根据上述密钥生成算法生成私钥,并将生成的私钥发送至终端30;Both the key generation server 50 and the terminal 30 are in communication with the authorization center 10, and the key generation server 50 is configured to provide a key generation algorithm to the authorization center 10, and the authorization center 10 is configured to generate a private key according to the above key generation algorithm, and The generated private key is sent to the terminal 30;
加密服务器60和数据共享中心40均与数据属主20通信连接,加密服务器60用于向数据属主20提供加密算法,数据属主20用于根据上述加密算法对待保护的数据进行加密,并将加密得到的密文存储在数据共享中心40;Both the encryption server 60 and the data sharing center 40 are in communication with the data owner 20, and the encryption server 60 is configured to provide an encryption algorithm to the data owner 20, and the data owner 20 encrypts the data to be protected according to the encryption algorithm described above, and The encrypted ciphertext is stored in the data sharing center 40;
解密服务器70和数据共享中心40均与终端30通信连接,解密服务器70用于向终端30提供解密算法,终端30用于获取数据共享中心40存储的密文,并基于上述解密算法与私钥对该密文进行解密。Both the decryption server 70 and the data sharing center 40 are in communication with the terminal 30. The decryption server 70 is configured to provide a decryption algorithm to the terminal 30. The terminal 30 is configured to acquire the ciphertext stored by the data sharing center 40, and based on the decryption algorithm and the private key pair. The ciphertext is decrypted.
其中,授权中心10是完全可信的实体,它用于管理终端30,并负责产生公钥、主私钥及用户密钥;数据共享中心40是共享数据的管理者,且是半可信的实体,它提供多种服务,如数据存储、数据传输、外包计算等。密钥生成服务器50、加密服务器60及解密服务器70都是半可信的第三方实体,它们提供各种各样的外包计算服务。其中,半可信的实体可以诚实的执行分发过来的各种任务,并返回正确的结果。The authorization center 10 is a fully trusted entity, which is used to manage the terminal 30 and is responsible for generating a public key, a master private key, and a user key; the data sharing center 40 is a manager who shares data and is semi-trusted. Entity, which provides a variety of services such as data storage, data transfer, outsourced computing, and more. Key generation server 50, encryption server 60, and decryption server 70 are all semi-trusted third party entities that provide a wide variety of outsourced computing services. Among them, semi-trusted entities can honestly execute the various tasks distributed and return the correct results.
本发明实施例包含以下四个过程:Embodiments of the present invention include the following four processes:
一、系统初始化First, the system initialization
利用授权中心10完成以下工作:Use Authorization Center 10 to do the following:
(1)、定义属性集合A={a 1,…,a n}; (1), define the attribute set A = {a 1 , ..., a n };
(2)、建立哈希函数H:{0,1} *→G 0(2), establish a hash function H: {0, 1} * → G 0 ;
(3)、选择随机数α、β、θ,α、β、θ∈Z P,并分别计算g α、g β、g 1/θ(3), select random numbers α, β, θ, α, β, θ ∈ Z P , and calculate g α , g β , g 1 / θ ;
(4)、利用以下公式生成公钥PK,主私钥MSK及密钥生成服务器50对应的用户密钥SK OKGSP(4) The public key PK, the master private key MSK and the user key corresponding to the key generation server 50 SK OKGSP are generated by the following formula:
PK={G 0,g,h,g β,g 1/θ,e(g,g) α,H} PK={G 0 ,g,h,g β ,g 1/θ ,e(g,g) α ,H}
MSK={g α,β} MSK={g α ,β}
SK OKGSP={θ} SK OKGSP = {θ}
(5)、将生成的公钥PK发送至终端30,将生成的用户密钥SK OKGSP发送至密钥生成服务器50; (5), the generated public key PK is sent to the terminal 30, the generated user key SK OKGSP is sent to the key generation server 50;
其中,G 0和G T是两个阶为素数p的循环群,g是群G 0的一个生成元,双线性对e:G 0×G 0→G T,e(g,g)是G T的生成元,α、β、θ∈Z P,Z P为随机数集合,h∈G 0Where G 0 and G T are two cyclic groups of prime p, g is a generator of group G 0 , and bilinear pair e:G 0 ×G 0 →G T , e(g,g) is the generator G T, α, β, θ∈Z P, Z P is a set of random numbers, h∈G 0.
二、生成用户密钥Second, generate a user key
为了产生用户的部分密钥,授权中心10基于公钥PK和主私钥MSK,针对每个终端,选择两个随机数r,r *,且r,r *∈Z p,然后利用以下公式计算第一用户密钥SK 1和第一外包密钥OSK OKGSP,并将计算出的第一外包密钥OSK OKGSP发送至密钥生成服务器50; To generate partial keys, user authorization center 10 based on public key PK and a private key main MSK, for each terminal, select two random numbers r, r *, and r, r * ∈Z p, is then calculated by the following formula The first user key SK 1 and the first outsourcing key OSK OKGSP , and the calculated first outsourcing key OSK OKGSP is sent to the key generation server 50;
Figure PCTCN2018078902-appb-000007
Figure PCTCN2018078902-appb-000007
OSK OKGSP={g r/θ} OSK OKGSP ={g r/θ }
其中,g是群G 0的一个生成元,α、β、θ∈Z P,Z P为随机数集合,h∈G 0Wherein, g is a generator of the group G, α, β 0's, θ∈Z P, Z P is a set of random numbers, h∈G 0.
进一步地,密钥生成服务器50基于上述用户密钥SK OKGSP和第一外包密钥OSK OKGSP,利用以下公式得到密钥参数g rFurther, the key generation server 50 obtains the key parameter g r based on the above-described user key SK OKGSP and the first outsourcing key OSK OKGSP using the following formula:
Figure PCTCN2018078902-appb-000008
Figure PCTCN2018078902-appb-000008
基于用户属性集合中的每个用户属性
Figure PCTCN2018078902-appb-000009
由密钥生成服务器50选择一个随机数r j,r j∈Z p,利用以下公式生成与属性集合S相关的第二用户密钥SK 2,并发送至授权中心10; Based on each user attribute in the user attribute collection
Figure PCTCN2018078902-appb-000009
Selecting a random number r j , r j ∈Z p by the key generation server 50, using the following formula to generate a second user key SK 2 associated with the attribute set S, and sending it to the authorization center 10;
Figure PCTCN2018078902-appb-000010
Figure PCTCN2018078902-appb-000010
其中,g是群G 0的一个生成元,r、β∈Z p,Z P为随机数集合。 Where g is a generator of group G 0 , r, β Z p , and Z P is a set of random numbers.
进一步地,授权中心10还用于:Further, the authorization center 10 is also used to:
基于上述第一用户密钥SK 1与所述第二用户密钥SK 2,生成私钥SK,私钥SK={SK 1,SK 2},并发送至终端30;即: Based on the first user key SK 1 and the second user key SK 2, generates a secret key SK, the private key SK = {SK 1, SK 2 }, and to the terminal 30; namely:
Figure PCTCN2018078902-appb-000011
Figure PCTCN2018078902-appb-000011
三、数据加密Third, data encryption
数据属主20选择两个随机数s、s 1,s、s 1∈Z p,并计算ds 2=(s-s 1)modp; The data owner 20 selects two random numbers s, s 1 , s, s 1 ∈ Z p , and calculates ds 2 = (ss 1 ) modp;
利用以下公式计算并生成第一密文CT 1和第二外包密钥OSK OESP,将生成的第二外包密钥OSK OESP发送至加密服务器60; Calculating and generating the first ciphertext CT 1 and the second outsourcing key OSK OESP using the following formula, sending the generated second outsourcing key OSK OESP to the encryption server 60;
Figure PCTCN2018078902-appb-000012
Figure PCTCN2018078902-appb-000012
OSK OESP={T,s 1} OSK OESP ={T,s 1 }
其中,α∈Z P,Z P为随机数集合,G 0和G T是两个阶为素数p的循环群,g是群G 0的一个生成元,双线性对e:G 0×G 0→G T,e(g,g)是G T的生成元,h∈G 0,M表示明文信息,T表示访问结构树。 Where α ∈ Z P , Z P is a set of random numbers, G 0 and G T are two cyclic groups of prime p, g is a generator of group G 0 , bilinear pair e: G 0 ×G 0 → G T , e(g, g) is a generator of G T , h ∈ G 0 , M represents plaintext information, and T represents an access tree.
具体的,加密服务器60针对访问结构树T中的每一个节点x(包括叶子节点),定义一个多项式q x,从根节点R开始,各个节点的多项式q x采用自上而下的方式随机选择。对于访问结构树T中的每个节点x,多项式q x的度设置为k x-1,其中k x表示门限值。从根节点R开始,设置q R(0)=s 1(s∈Z p),其中s 1被随机选择;同时,随机选择d R个其它的节点来完整的定义多项式q R。对于每个非根节点x,设定q x(0)=q parent(x)(index(x)),并随机选择d x个其它的节点来完整的定义q xSpecifically, the encryption server 60 defines a polynomial q x for each node x (including leaf nodes) in the access tree T. Starting from the root node R, the polynomial q x of each node is randomly selected from the top down. . For each node x in the access tree T, the degree of the polynomial q x is set to k x -1, where k x represents the threshold. Starting from the root node R, q R (0)=s 1 (s∈Z p ) is set, where s 1 is randomly selected; at the same time, d R other nodes are randomly selected to completely define the polynomial q R . For each non-root node x, set q x (0) = q parent(x) (index(x)), and randomly select d x other nodes to completely define q x .
在访问结构树T中,假设Y表示叶子节点的集合,加密服务器60基于第二 外包密钥OSK OESP,利用以下公式即可生成第二密文CT 2,并将生成的第二密文CT 2发送至数据属主20: In the access tree T, assuming that Y represents a set of leaf nodes, the encryption server 60 generates a second ciphertext CT 2 based on the second outsourcing key OSK OESP using the following formula, and generates the generated second ciphertext CT 2 Send to data owner 20:
Figure PCTCN2018078902-appb-000013
Figure PCTCN2018078902-appb-000013
最后,数据属主20基于上述第一密文CT 1与第二密文CT 2即可生成完整的密文CT,并将生成的密文CT存储在数据共享中心40;其中: Finally, the data owner 20 generates a complete ciphertext CT based on the first ciphertext CT 1 and the second ciphertext CT 2 , and stores the generated ciphertext CT in the data sharing center 40; wherein:
Figure PCTCN2018078902-appb-000014
Figure PCTCN2018078902-appb-000014
四、数据解密Fourth, data decryption
上述终端30为了使解密服务器70执行相关的解密工作,从数据共享中心中40获取密文CT,然后选择一个随机数t,t∈Z P,基于上述私钥SK,利用以下公式计算并生成第三外包密钥OSK ODSP和相应的托管密钥SK DelegateIn order to cause the decryption server 70 to perform the relevant decryption work, the terminal 30 obtains the ciphertext CT from the data sharing center 40, and then selects a random number t, t∈Z P , based on the private key SK, and calculates and generates the first formula by using the following formula. Three outsourced keys OSK ODSP and corresponding escrow key SK Delegate :
Figure PCTCN2018078902-appb-000015
Figure PCTCN2018078902-appb-000015
SK Delegate={t} SK Delegate ={t}
其中,g是群G 0的一个生成元,h∈G 0,α、β、r、r *∈Z P,Z P为随机数集合,j表示用户属性,S表示属性集合。 Wherein, g is a group G generated element 0, h∈G 0, α, β, r, r * ∈Z P, Z P is a set of random numbers, j represents user attributes, S represents the set of attributes.
为了代替终端30执行大部分的解密工作,解密服务器70运行以下操作:In order to perform most of the decryption work in place of the terminal 30, the decryption server 70 operates the following operations:
获取终端30中的公钥PK及密文CT,基于公钥PK、密文CT及上述第三外包密钥OSK ODSP,得到中间结果IT 1和IT 2,并发送至终端30。 The public key PK and the ciphertext CT in the terminal 30 are obtained, and based on the public key PK, the ciphertext CT, and the third outsourcing key OSK ODSP , the intermediate results IT 1 and IT 2 are obtained and transmitted to the terminal 30.
其中,如果与上述第三外包密钥OSK ODSP间接相关的属性集合S满足访问策略T时,则通过计算可以得到
Figure PCTCN2018078902-appb-000016
否则,将输出一个错误符号⊥; Wherein, if the attribute set S indirectly related to the third outsourcing key OSK ODSP satisfies the access policy T, it can be obtained through calculation
Figure PCTCN2018078902-appb-000016
Otherwise, an error symbol ⊥ will be output;
假设属性集S满足策略T,解密服务器70利用以下公式得到中间结果IT 1和IT 2,并发送至终端30; Assuming that the attribute set S satisfies the policy T, the decryption server 70 obtains the intermediate results IT 1 and IT 2 using the following formula and sends it to the terminal 30;
Figure PCTCN2018078902-appb-000017
Figure PCTCN2018078902-appb-000017
Figure PCTCN2018078902-appb-000018
Figure PCTCN2018078902-appb-000018
终端30基于上述中间结果IT 1和IT 2、上述密文CT及托管密钥SK Delegate,利用以下公式计算得到明文信息M: The terminal 30 calculates the plaintext information M based on the intermediate results IT 1 and IT 2 , the ciphertext CT, and the escrow key SK Delegate using the following formula:
Figure PCTCN2018078902-appb-000019
Figure PCTCN2018078902-appb-000019
其中,α、s、β、r∈Z P,Z P为随机数集合,G 0和G T是两个阶为素数p的循环群,g是群G 0的一个生成元,双线性对e:G 0×G 0→G T,e(g,g)是G T的生成元,h∈G 0Where α, s, β, r∈Z P , Z P are a set of random numbers, G 0 and G T are two cyclic groups of prime p, g is a generator of group G 0 , bilinear pair e: G 0 × G 0 → G T , e(g, g) is a generator of G T , h ∈ G 0 .
本发明实施例所提供的一种差异化安全的密文保护系统,包括授权中心10、数据属主20、终端30、数据共享中心40、密钥生成服务器50、加密服务器60及解密服务器70;相较于现有技术而言,本发明实施例通过上述密钥生成服务器50、加密服务器60及解密服务器70这三个半可信的第三方实体,来分别执行密钥产生、加密、解密三个阶段的大部分计算任务,极大地减少了密文保护系统本地的计算复杂度,因此可以适用于计算资源有限的终端30;同时,上述密钥生成服务器、加密服务器及解密服务器作为半可信的第三方实体,均能分解授权中心10的计算负载,当大量的终端30向授权中心10索要密钥或需要更新密钥时,可以避免授权中心10出现误操作。A differential security ciphertext protection system provided by the embodiment of the present invention includes an authorization center 10, a data owner 20, a terminal 30, a data sharing center 40, a key generation server 50, an encryption server 60, and a decryption server 70; Compared with the prior art, the embodiment of the present invention performs key generation, encryption, and decryption by using the three semi-trusted third-party entities, such as the key generation server 50, the encryption server 60, and the decryption server 70. Most of the computing tasks in the phase greatly reduce the computational complexity of the ciphertext protection system, so it can be applied to the terminal 30 with limited computing resources. At the same time, the above-mentioned key generation server, encryption server and decryption server are semi-trusted. The third-party entity can decompose the computing load of the authorization center 10. When a large number of terminals 30 request the key from the authorization center 10 or need to update the key, the authorization center 10 can be prevented from malfunctioning.
以上为对本发明所提供的一种差异化安全的密文保护系统的描述,对于本领域的技术人员,依据本发明实施例的思想,在具体实施方式及应用范围上均会有改变之处,综上,本说明书内容不应理解为对本发明的限制。The above is a description of a differential security ciphertext protection system provided by the present invention. For those skilled in the art, according to the idea of the embodiment of the present invention, there are changes in specific implementation manners and application scopes. In summary, the content of the specification should not be construed as limiting the invention.

Claims (10)

  1. 一种差异化安全的密文保护系统,其特征在于,所述系统包括授权中心、数据属主、终端、数据共享中心、密钥生成服务器、加密服务器及解密服务器;A differential security ciphertext protection system, characterized in that the system comprises an authorization center, a data owner, a terminal, a data sharing center, a key generation server, an encryption server and a decryption server;
    所述密钥生成服务器和所述终端均与所述授权中心通信连接,所述密钥生成服务器用于向所述授权中心提供密钥生成算法,所述授权中心用于根据所述密钥生成算法生成私钥,并将生成的私钥发送至所述终端;The key generation server and the terminal are both connected to the authorization center, and the key generation server is configured to provide a key generation algorithm to the authorization center, where the authorization center is configured to generate according to the key The algorithm generates a private key and sends the generated private key to the terminal;
    所述加密服务器和所述数据共享中心均与所述数据属主通信连接,所述加密服务器用于向所述数据属主提供加密算法,所述数据属主用于根据所述加密算法对待保护的数据进行加密,并将加密得到的密文存储在所述数据共享中心;The encryption server and the data sharing center are both connected to the data owner, and the encryption server is configured to provide an encryption algorithm to the data owner, where the data owner is used to protect according to the encryption algorithm. Encrypting the data, and storing the encrypted ciphertext in the data sharing center;
    所述解密服务器和所述数据共享中心均与所述终端通信连接,所述解密服务器用于向所述终端提供解密算法,所述终端用于获取所述数据共享中心存储的密文,并基于所述解密算法与所述私钥对所述密文进行解密。The decryption server and the data sharing center are both connected to the terminal, and the decryption server is configured to provide a decryption algorithm to the terminal, where the terminal is configured to acquire the ciphertext stored by the data sharing center, and is based on The decryption algorithm decrypts the ciphertext with the private key.
  2. 根据权利要求1所述的系统,其特征在于,所述授权中心用于:The system of claim 1 wherein said authorization center is for:
    定义属性集合A={a 1,…,a n}; Define the attribute set A={a 1 ,...,a n };
    建立哈希函数H:{0,1} *→G 0Establish a hash function H: {0, 1} * → G 0 ;
    选择随机数α、β、θ,α、β、θ∈Z P,并分别计算g α、g β、g 1/θSelect random numbers α, β, θ, α, β, θ ∈ Z P and calculate g α , g β , g 1 / θ, respectively ;
    利用以下公式生成公钥PK,主私钥MSK及所述密钥生成服务器对应的用户密钥SK OKGSP,并将生成的所述公钥PK发送至所述终端,将生成的所述用户密钥SK OKGSP发送至所述密钥生成服务器; Generating a public key PK, a primary private key MSK and a user key SK OKGSP corresponding to the key generation server, and transmitting the generated public key PK to the terminal, and generating the generated user key SK OKGSP is sent to the key generation server;
    PK={G 0,g,h,g β,g 1/θ,e(g,g) α,H} PK={G 0 ,g,h,g β ,g 1/θ ,e(g,g) α ,H}
    MSK={g α,β} MSK={g α ,β}
    SK OKGSP={θ} SK OKGSP = {θ}
    其中,G 0和G T是两个阶为素数p的循环群,g是群G 0的一个生成元,双线性对e:G 0×G 0→G T,e(g,g)是G T的生成元,α、β、θ∈Z P,Z P为随机数集合,h∈G 0Where G 0 and G T are two cyclic groups of prime p, g is a generator of group G 0 , and bilinear pair e:G 0 ×G 0 →G T , e(g,g) is the generator G T, α, β, θ∈Z P, Z P is a set of random numbers, h∈G 0.
  3. 根据权利要求2所述的系统,其特征在于,所述授权中心还用于:The system of claim 2 wherein said authorization center is further configured to:
    选择两个随机数r,r *,且r,r *∈Z p,利用以下公式计算第一用户密钥SK 1和第一外包密钥OSK OKGSP,并将计算出的第一外包密钥OSK OKGSP发送至所述密钥生成服务器; Select two random numbers r, r * and r, r * ∈Z p , and calculate the first user key SK 1 and the first outsourcing key OSK OKGSP using the following formula, and calculate the first outsourcing key OSK The OKGSP is sent to the key generation server;
    Figure PCTCN2018078902-appb-100001
    Figure PCTCN2018078902-appb-100001
    OSK OKGSP={g r/θ} OSK OKGSP ={g r/θ }
    其中,g是群G 0的一个生成元,α、β、θ∈Z P,Z P为随机数集合,h∈G 0Wherein, g is a generator of the group G, α, β 0's, θ∈Z P, Z P is a set of random numbers, h∈G 0.
  4. 根据权利要求3所述的系统,其特征在于,所述密钥生成服务器用于:The system of claim 3 wherein said key generation server is configured to:
    基于所述用户密钥SK OKGSP和第一外包密钥OSK OKGSP,得到密钥参数g r Obtaining a key parameter g r based on the user key SK OKGSP and the first outsourcing key OSK OKGSP ;
    基于用户属性集合中的每个用户属性
    Figure PCTCN2018078902-appb-100002
    选择一个随机数r j∈Z p,利用以下公式生成与属性集合S相关的第二用户密钥SK 2,并发送至所述授权中心;     Based on each user attribute in the user attribute collection
    Figure PCTCN2018078902-appb-100002
    Selecting a random number r j ∈Z p , generating a second user key SK 2 related to the attribute set S by using the following formula, and transmitting to the authorization center;
    Figure PCTCN2018078902-appb-100003
    Figure PCTCN2018078902-appb-100003
    其中,g是群G 0的一个生成元,r、β∈Z p,Z P为随机数集合。 Where g is a generator of group G 0 , r, β Z p , and Z P is a set of random numbers.
  5. 根据权利要求4所述的系统,其特征在于,所述授权中心还用于:The system of claim 4 wherein said authorization center is further configured to:
    基于所述第一用户密钥SK 1与所述第二用户密钥SK 2,生成私钥SK,所述私钥SK={SK 1,SK 2},并发送至所述终端。 Based on the first user key SK 1 and the second user key SK 2 , a private key SK is generated, the private key SK={SK 1 , SK 2 }, and sent to the terminal.
  6. 根据权利要求5所述的系统,其特征在于,所述数据属主用于:The system of claim 5 wherein said data owner is for:
    选择两个随机数s、s 1,s、s 1∈Z p,并计算s 2=(s-s 1)modp; Select two random numbers s, s 1 , s, s 1 ∈Z p , and calculate s 2 = (ss 1 ) modp;
    利用以下公式计算并生成第一密文CT 1和第二外包密钥OSK OESPThe first ciphertext CT 1 and the second outsourcing key OSK OESP are calculated and generated using the following formula:
    Figure PCTCN2018078902-appb-100004
    Figure PCTCN2018078902-appb-100004
    OSK OESP={T,s 1} OSK OESP ={T,s 1 }
    将所述第二外包密钥OSK OESP发送至所述加密服务器; Sending the second outsourcing key OSK OESP to the encryption server;
    其中,α∈Z P,Z P为随机数集合,G 0和G T是两个阶为素数p的循环群,g是群G 0的一个生成元,双线性对e:G 0×G 0→G T,e(g,g)是G T的生成元,h∈G 0,M表示明文信息,T表示访问结构树。 Where α ∈ Z P , Z P is a set of random numbers, G 0 and G T are two cyclic groups of prime p, g is a generator of group G 0 , bilinear pair e: G 0 ×G 0 → G T , e(g, g) is a generator of G T , h ∈ G 0 , M represents plaintext information, and T represents an access tree.
  7. 根据权利要求6所述的系统,其特征在于,所述加密服务器用于:The system of claim 6 wherein said encryption server is for:
    基于所述第二外包密钥OSK OESP生成第二密文CT 2,并发送至所述数据属主; Generating a second ciphertext CT 2 based on the second outsourcing key OSK OESP and transmitting to the data owner;
    所述数据属主用于基于所述第一密文CT 1与第二密文CT 2生成完整的密文CT,并将所述密文CT存储在所述数据共享中心。 The data owner is configured to generate a complete ciphertext CT based on the first ciphertext CT 1 and the second ciphertext CT 2 , and store the ciphertext CT in the data sharing center.
  8. 根据权利要求7所述的系统,其特征在于,所述终端用于:The system of claim 7 wherein said terminal is for:
    从所述数据共享中心中获取所述密文CT,选择一个随机数t,t∈Z P,基于所述私钥SK,利用以下公式计算并生成第三外包密钥OSK ODSP和相应的托管密钥SK DelegateObtaining the ciphertext CT from the data sharing center, selecting a random number t, t ∈ Z P , and calculating and generating a third outsourcing key OSK ODSP and a corresponding escrow key based on the private key SK Key SK Delegate :
    Figure PCTCN2018078902-appb-100005
    Figure PCTCN2018078902-appb-100005
    SK Delegate={t} SK Delegate ={t}
    将所述第三外包密钥OSK ODSP发送至所述解密服务器; Transmitting the third outsourcing key OSK ODSP to the decryption server;
    其中,g是群G 0的一个生成元,h∈G 0,α、β、r、r *∈Z P,Z P为随机数集合,j表示用户属性,S表示属性集合。 Wherein, g is a group G generated element 0, h∈G 0, α, β, r, r * ∈Z P, Z P is a set of random numbers, j represents user attributes, S represents the set of attributes.
  9. 根据权利要求8所述的系统,其特征在于,所述解密服务器用于:The system of claim 8 wherein said decryption server is for:
    获取所述终端中的公钥PK及所述密文CT,基于所述公钥PK、所述密文CT及所述第三外包密钥OSK ODSP,得到中间结果IT 1和IT 2,并发送至所述终端。 Obtaining a public key PK and the ciphertext CT in the terminal, and obtaining intermediate results IT 1 and IT 2 based on the public key PK, the ciphertext CT, and the third outsourcing key OSK ODSP , and sending To the terminal.
  10. 根据权利要求9所述的系统,其特征在于,所述终端还用于:The system of claim 9 wherein said terminal is further configured to:
    基于所述中间结果IT 1和IT 2、所述密文CT及所述托管密钥SK Delegate,利用 以下公式计算得到所述明文信息M: Based on the intermediate results IT 1 and IT 2 , the ciphertext CT, and the escrow key SK Delegate , the plaintext information M is calculated using the following formula:
    Figure PCTCN2018078902-appb-100006
    Figure PCTCN2018078902-appb-100006
    其中,α、s、β、r∈Z P,Z P为随机数集合,G 0和G T是两个阶为素数p的循环群,g是群G 0的一个生成元,双线性对e:G 0×G 0→G T,e(g,g)是G T的生成元,h∈G 0Where α, s, β, r∈Z P , Z P are a set of random numbers, G 0 and G T are two cyclic groups of prime p, g is a generator of group G 0 , bilinear pair e: G 0 × G 0 → G T , e(g, g) is a generator of G T , h ∈ G 0 .
PCT/CN2018/078902 2017-12-27 2018-03-14 Differential security ciphertext protection system WO2019127912A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711440300.1A CN108055130A (en) 2017-12-27 2017-12-27 The ciphertext protection system of differentiation safety
CN201711440300.1 2017-12-27

Publications (1)

Publication Number Publication Date
WO2019127912A1 true WO2019127912A1 (en) 2019-07-04

Family

ID=62128245

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/078902 WO2019127912A1 (en) 2017-12-27 2018-03-14 Differential security ciphertext protection system

Country Status (2)

Country Link
CN (1) CN108055130A (en)
WO (1) WO2019127912A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109104273B (en) * 2018-07-04 2021-03-30 华为技术有限公司 Message processing method and receiving end server
CN112187831B (en) * 2020-10-30 2023-04-25 腾讯科技(深圳)有限公司 Equipment network access method and device, storage medium and electronic equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160055347A1 (en) * 2014-08-19 2016-02-25 Electronics And Telecommunications Research Institute Data access control method in cloud
CN107359986A (en) * 2017-07-03 2017-11-17 暨南大学 The outsourcing encryption and decryption CP ABE methods of user revocation

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160055347A1 (en) * 2014-08-19 2016-02-25 Electronics And Telecommunications Research Institute Data access control method in cloud
CN107359986A (en) * 2017-07-03 2017-11-17 暨南大学 The outsourcing encryption and decryption CP ABE methods of user revocation

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
LIU, LIXIAN: "Research on Outsourced CP.ABE in cloud computing", CHINA DISSERTATION DATABASE, 30 June 2017 (2017-06-30) *
QING, YONG ET AL.: "Outsourcing Encryption and Decryption CP-ABE Scheme with Revocation Storage in Cloud Computing", NETINFO SECURITY, no. 6, 5 July 2017 (2017-07-05) *

Also Published As

Publication number Publication date
CN108055130A (en) 2018-05-18

Similar Documents

Publication Publication Date Title
CN107359986A (en) The outsourcing encryption and decryption CP ABE methods of user revocation
Chen et al. Efficient decentralized attribute-based access control for cloud storage with user revocation
US9058497B2 (en) Cryptographic key management
WO2021190452A1 (en) Lightweight attribute-based signcryption method for cloud and fog-assisted internet of things
CN114039790B (en) Fine-grained cloud storage security access control method based on blockchain
CN110933033B (en) Cross-domain access control method for multiple Internet of things domains in smart city environment
JP6115573B2 (en) Cryptographic system, data storage system, and apparatus and method used therefor
CN106612271A (en) Encryption and access control method for cloud storage
CN113098683B (en) Data encryption method and system based on attributes
CN113434875A (en) Lightweight access method and system based on block chain
Liu et al. Dynamic attribute-based access control in cloud storage systems
Fischer et al. Using attribute-based encryption on iot devices with instant key revocation
Sammy et al. An Efficient Blockchain Based Data Access with Modified Hierarchical Attribute Access Structure with CP‐ABE Using ECC Scheme for Patient Health Record
WO2019127912A1 (en) Differential security ciphertext protection system
CN110611571A (en) Revocable access control method of smart grid system based on fog
Lv et al. A secure and efficient revocation scheme for fine-grained access control in cloud storage
Peng et al. A Secure Signcryption Scheme for Electronic Health Records Sharing in Blockchain.
CN110519040B (en) Anti-quantum computation digital signature method and system based on identity
CN114244567B (en) CP-ABE method for supporting circuit structure in cloud environment
Sethia et al. Attribute revocation in ECC-based CP-ABE scheme for lightweight resource-constrained devices
Braghin et al. Secure and policy-private resource sharing in an online social network
Kumar et al. ASP: advanced security protocol for security and privacy in cloud computing
Ghanbarafjeh et al. Developing a secure architecture for internet of medical things using attribute-based encryption
Porwal et al. A Flexible Secure Key Delegation Mechanism for CP-ABE with Hidden Access Structure
Li et al. Towards privacy-preserving and efficient attribute-based multi-keyword search

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18893806

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18893806

Country of ref document: EP

Kind code of ref document: A1