WO2023109056A1 - Attribute-based encryption method and system - Google Patents
Attribute-based encryption method and system Download PDFInfo
- Publication number
- WO2023109056A1 WO2023109056A1 PCT/CN2022/099648 CN2022099648W WO2023109056A1 WO 2023109056 A1 WO2023109056 A1 WO 2023109056A1 CN 2022099648 W CN2022099648 W CN 2022099648W WO 2023109056 A1 WO2023109056 A1 WO 2023109056A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- attribute
- key
- ciphertext
- file
- access control
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 239000011159 matrix material Substances 0.000 claims description 96
- 238000013475 authorization Methods 0.000 claims description 62
- 230000006870 function Effects 0.000 claims description 34
- 230000008569 process Effects 0.000 claims description 17
- 238000013507 mapping Methods 0.000 claims description 15
- 125000004122 cyclic group Chemical group 0.000 claims description 6
- 230000008520 organization Effects 0.000 description 5
- 238000004590 computer program Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
Definitions
- This application relates to the field of information encryption, in particular to an attribute-based encryption method and system.
- This application provides an attribute-based encryption method and system.
- This application provides an attribute-based encryption method, including:
- the key management module is used to generate a symmetric key and an asymmetric key corresponding to each attribute in the authorization attribute set based on the file identifier and the authorization attribute set of the shared file, including:
- ⁇ is a security parameter;
- H represents a hash function, which has a mapping function H: ⁇ 0,1 ⁇ * ⁇ G;
- G is a bilinear group with order q; g 1 ⁇ G;
- G T is a The multiplicative cyclic group of q;
- Z p is an integer cyclic group of order p;
- GkeyGen(ID, S, GP, pk u ) ⁇ PK, SK, sk generate a symmetric key sk and an asymmetric key (PK, SK) corresponding to each attribute in the authorization attribute set
- ID is the file identifier
- S is the authorization attribute set
- PK is the public key of the asymmetric key
- e is a bilinear mapping: G ⁇ G ⁇ G T
- i is the i-th attribute corresponding to the access control matrix, and there are K attributes in total, i ⁇ 1,2,3,...,K ⁇ .
- the public key set of the symmetric key and the asymmetric key returned by the key management module is received, and the shared file is encrypted with the symmetric key to obtain the file ciphertext, and based on the access control matrix and the public key set pair
- the symmetric key performs attribute-based encryption to obtain attribute ciphertext, including:
- the attribute encryption ciphertext is obtained by combining the access control matrix, file ciphertext and attribute ciphertext, including:
- reading the attribute encrypted ciphertext from the cloud storage module includes:
- the target attribute set corresponding to the data user is obtained from the identity providing module based on the identity information of the data user;
- the cloud storage module is allowed to send the attribute encrypted ciphertext to the data user;
- the cloud storage module is not allowed to send the attribute encrypted ciphertext to the data consumer.
- the decryption process of attribute encrypted ciphertext includes:
- the key management module When the data user uses the attribute ciphertext to access the key management module, use the key management module to obtain the target attribute set corresponding to the data user from the identity providing module, and determine the target corresponding to the target attribute set according to the target attribute set and the file identifier collection of private keys;
- Decrypt the symmetric key based on the target private key set and attribute ciphertext and send the decrypted symmetric key to the data user after being encrypted with the public key of the data user, so that the data user can decrypt it with its own private key to obtain Symmetric key, and use the symmetric key to decrypt the ciphertext of the file to obtain the shared file.
- decrypting the symmetric key based on the target private key set and the attribute ciphertext includes:
- K x, id is the derived private key corresponding to the xth attribute of the target attribute set; the target attribute set has K 1 attributes in total, x ⁇ 1,2,3,...,K 1 ⁇ ; id is the user id of the data user;
- ⁇ (x) means mapping the attribute x to the ⁇ (x)th row of the access control matrix A;
- the attribute-based encryption method further includes:
- the attribute-based encryption method further includes:
- the attribute-based encryption method further includes:
- the present application also provides an attribute-based encryption system, comprising:
- the identity provision module is used to register the user's identity information and its corresponding attribute set
- the data owner is used to obtain the attribute set corresponding to the user who is allowed to access the shared file from the identity providing module, and combine the obtained attribute set to obtain the authorization attribute set, and establish an access control matrix matching the authorization attribute set; based on sharing The file identifier and authorization attribute set of the file request a symmetric key and an asymmetric key corresponding to each attribute in the authorization attribute set from the key management module; receive the symmetric key and asymmetric key returned by the key management module
- the key management module is used to generate a symmetric key and an asymmetric key corresponding to each attribute in the authorization attribute set based on the file identification and the authorization attribute set of the shared file, and combine the symmetric key and the asymmetric key
- the set of public keys is returned to the data owner;
- Cloud storage module used to store attribute encrypted ciphertext.
- the identity provisioning module includes:
- the LDAP module is used to register the user's identity information and its corresponding attribute collection through the identity authentication module;
- the key management module includes:
- the attribute discrimination point is used to execute the key management process of the key generated by the key management module
- the key storage module is used to store the key generated by the key management module
- Cloud storage modules include:
- the storage center is used to store attribute encrypted ciphertext.
- FIG. 1 is a flowchart of an attribute-based encryption method according to one or more embodiments
- Fig. 2 is a schematic structural diagram of an attribute-based encryption system according to one or more embodiments
- Fig. 3 is an encryption schematic diagram of an attribute-based encryption system according to one or more embodiments.
- Fig. 4 is a structural block diagram of a computer device according to one or more embodiments.
- the core of this application is to provide an attribute-based encryption method and system, which encrypts shared files before file sharing, and the encryption method involves the corresponding attribute set of users who are allowed to access shared files. Users can successfully decrypt the ciphertext, which greatly reduces the risk of information leakage.
- FIG. 1 is a flow chart of an attribute-based encryption method provided by an embodiment of the present application.
- the attribute-based encryption methods include:
- Step S1 Use the identity providing module to register the user's identity information and its corresponding attribute set in advance.
- both the data owner and the data user use the identity provision module to register the user's identity information (including user name and password) in advance, and register the corresponding attribute set of the user at the same time, so that the identity provision module can verify the legitimacy of the user's attributes .
- Step S2 Obtain the attribute set corresponding to the user who is allowed to access the shared file from the identity providing module, combine the acquired attribute set to obtain an authorization attribute set, and establish an access control matrix matching the authorization attribute set.
- each user has its own corresponding attribute set
- the data owner (the client where the data owner of the shared file is located) combines the attribute sets corresponding to the users who are allowed to access the shared file to obtain the authorized attribute set S, namely
- the attribute set corresponding to a user who is allowed to access the shared file is a subset of the authorization attribute set S, and then an access control matrix A matching the authorization attribute set S is established (the role of the access control matrix A is to control the access user of the shared file).
- Step S3 Request a symmetric key and an asymmetric key corresponding to each attribute in the authorization attribute set from the key management module based on the file identifier and the authorization attribute set of the shared file.
- the data owner requests a symmetric key sk (encryption key and decryption key) from the key management module based on the file identification ID (Identity Document, unique code) and authorization attribute set S of the shared file M pre-shared to the cloud storage module.
- the key is the same) and the asymmetric key corresponding to each attribute in the authorized attribute set S (the asymmetric key includes the public key PK for encryption and the private key SK for decryption, and the public key and private key are different ).
- the key management module After receiving the request from the data owner, the key management module generates a symmetric key sk and an asymmetric key corresponding to each attribute in the authorized attribute set S based on the file identification ID of the shared file and the authorized attribute set S, Then return the generated symmetric key sk and the public key set ⁇ PK ⁇ of all asymmetric keys to the data owner.
- Step S4 Receive the symmetric key and the public key set of the asymmetric key returned by the key management module, and use the symmetric key to encrypt the shared file to obtain the file ciphertext, and based on the access control matrix and the public key set, the symmetric key Perform attribute-based encryption to obtain attribute ciphertext.
- the data owner receives a symmetric key sk returned by the key management module and the public key set ⁇ PK ⁇ of all asymmetric keys, and then uses the symmetric key sk to encrypt the shared file M to obtain the file ciphertext C 1 , And, based on the established access control matrix A and the public key set ⁇ PK ⁇ , perform attribute-based encryption on the symmetric key sk to obtain the attribute ciphertext CT.
- Step S5 Combine the access control matrix, file ciphertext and attribute ciphertext to obtain the attribute encryption ciphertext, and upload the attribute encryption ciphertext to the cloud storage module, so that the cloud storage module only allows users matching the access control matrix to read And decrypt the attribute encrypted ciphertext to obtain the shared file.
- the data owner combines the access control matrix A, file ciphertext C 1 and attribute ciphertext CT to obtain attribute-based encrypted ciphertext C (called attribute-encrypted ciphertext, which can also contain other content), and then encrypts the attribute
- attribute-encrypted ciphertext which can also contain other content
- the ciphertext C is uploaded to the cloud storage module, so that the cloud storage module only allows users matching the access control matrix A to read and decrypt the attribute-encrypted ciphertext C to obtain the shared file M.
- this application encrypts the shared files before file sharing, and the encryption method involves the attribute set corresponding to the users who are allowed to access the shared files.
- the purpose is to realize that only users who are allowed to access the shared files can successfully decrypt the ciphertext, thereby greatly reducing Risk of Information Leakage.
- the key management module is used to generate a symmetric key and an asymmetric key corresponding to each attribute in the authorization attribute set based on the file identifier and the authorization attribute set of the shared file, including:
- ⁇ is a security parameter;
- H represents a hash function, which has a mapping function H: ⁇ 0,1 ⁇ * ⁇ G;
- G is a bilinear group with order q; g 1 ⁇ G;
- G T is a The multiplicative cyclic group of q;
- Z p is an integer cyclic group of order p;
- GkeyGen(ID, S, GP, pk u ) ⁇ PK, SK, sk generate a symmetric key sk and an asymmetric key (PK, SK) corresponding to each attribute in the authorization attribute set
- ID is the file identifier
- S is the authorization attribute set
- PK is the public key of the asymmetric key
- e is a bilinear mapping: G ⁇ G ⁇ G T
- i is the i-th attribute corresponding to the access control matrix, and there are K attributes in total, i ⁇ 1,2,3,...,K ⁇ .
- the process for the data owner to generate a key with the help of the key management module includes: 1) The data owner requests a symmetric key sk from the key management module based on the file identification ID and authorization attribute set S of the shared file M and the authorization An asymmetric key corresponding to each attribute in the attribute set S, and this operation is performed in a trusted execution environment.
- each asymmetric key record is composed of file identification ID, global parameter GP, attribute, and key, and each asymmetric key record is encrypted and stored in the key management module to ensure The security of the key, the key storage of the key management module is shown in Table 1:
- the data owner when it re-encrypts other shared files, it will re-request a symmetric key from the key management module based on the file ID and authorization attribute set of other shared files and one-to-one correspondence with each attribute in the authorization attribute set asymmetric key. Even if two shared files correspond to the same authorization attribute set, they do not have the same key set, which ensures system security, and realizes the fine-grained encryption capability based on attribute encryption, which fully guarantees the security of encrypted files.
- the key set performs attribute-based encryption on the symmetric key to obtain the attribute ciphertext, including:
- the encryption process of the data owner includes: 1) receiving the ciphertext returned by the key management module (the public key set ⁇ PK ⁇ of the symmetric key sk and the asymmetric key), and then based on the private key pair of the data owner The ciphertext returned by the key management module is decrypted to obtain the public key set ⁇ PK ⁇ of the symmetric key sk and the asymmetric key.
- the element is s 1 , and the other elements are random numbers; the subscript ⁇ of y ⁇ (i) and ⁇ ⁇ (i) is an attribute mapping function used to associate the attribute with the row of the access control matrix A, ⁇ (i) Indicates mapping attribute i to row ⁇ (i) of access control matrix A, r i is a random number selected from A i of access control matrix A, r i ⁇ Z p ; ⁇ i , r i , A i
- the subscript i of is the i-th attribute, i ⁇ 1,2,3,...,K ⁇ ; all C 3,i (i ⁇ 1,2,3,...,K ⁇ ) form C 3 ; all C 4,i (i
- the attribute encryption ciphertext is obtained by combining the access control matrix, file ciphertext and attribute ciphertext, including:
- reading attribute encrypted ciphertext from the cloud storage module includes:
- the target attribute set corresponding to the data user is obtained from the identity providing module based on the identity information of the data user;
- the cloud storage module is allowed to send the attribute encrypted ciphertext to the data user
- the cloud storage module is not allowed to send the attribute encryption ciphertext to the data consumer.
- the application obtains the access control matrix in the attribute-encrypted ciphertext, determines that the target attribute set matches the access control matrix, and allows the cloud storage module to send the attribute-encrypted ciphertext to the data user based on the determined result. Further, the application obtains the access control matrix in the attribute encryption ciphertext, determines that the target attribute set does not match the access control matrix, and based on the determined result, the cloud storage module is not allowed to send the attribute encryption ciphertext to the data user.
- the access decision point of the cloud storage module is used to realize: 1) Based on the identity information of the data user, the attribute set corresponding to the data user (called the target attribute) is obtained from the identity providing module gather). 2) Obtain the access control matrix A in the attribute encrypted ciphertext C, and judge whether the target attribute set matches the access control matrix A; if they match, the cloud storage module sends the attribute encrypted ciphertext C to the data user; if they do not match , then the cloud storage module will not send the attribute encrypted ciphertext C to the data user.
- the decryption process of the attribute encrypted ciphertext includes:
- the key management module When the data user uses the attribute ciphertext to access the key management module, use the key management module to obtain the target attribute set corresponding to the data user from the identity providing module, and determine the target corresponding to the target attribute set according to the target attribute set and the file identifier collection of private keys;
- Decrypt the symmetric key based on the target private key set and attribute ciphertext and send the decrypted symmetric key to the data user after being encrypted with the public key of the data user, so that the data user can decrypt it with its own private key to obtain Symmetric key, and use the symmetric key to decrypt the ciphertext of the file to obtain the shared file.
- the data user will use the attribute ciphertext CT to access the key management module, and use the attribute discrimination point of the key management module to realize: 1) Based on the identity of the data user Information obtains the target attribute set corresponding to the data user from the identity providing module, and determines the target private key set corresponding to the target attribute set according to the target attribute set and the file identification ID, and then based on the target private key set and attribute cipher text CT symmetrical encryption key to decrypt (in the trusted execution environment of the key management module), and the decrypted symmetric key is encrypted with the public key of the data user and then sent to the data user, so that the data user can use its own private key Decrypt to obtain the symmetric key sk, and use the symmetric key sk to decrypt the file ciphertext C 1 to obtain the shared file M.
- decrypting the symmetric key based on the target private key set and attribute ciphertext includes:
- K x, id is the derived private key corresponding to the xth attribute of the target attribute set; the target attribute set has K 1 attributes in total, x ⁇ 1,2,3,...,K 1 ⁇ ; id is the user id of the data user;
- ⁇ (x) means mapping the attribute x to the ⁇ (x)th row of the access control matrix A;
- the process of using the key management module to decrypt the symmetric key includes: 1) Obtaining the function according to the derived private key Obtain the derived private key set K id ; among them, ⁇ x , y x are random numbers, ⁇ x , y x ⁇ Z p ; the subscript x of ⁇ x , y x is the xth of the target attribute set corresponding to the data user Attributes, the target attribute set has K 1 attributes in total, x ⁇ 1,2,3,...,K 1 ⁇ ; K x,id is the derived private key corresponding to the xth attribute of the target attribute set; all K x,id (x ⁇ 1,2,3,...,K 1 ⁇ ) constitutes the derived private key set K id ; id is the user id of the data user; H represents the hash function.
- the attribute-based encryption method also includes:
- the application determines that the users who are allowed to access the shared files have changed, and based on the determined result, re-enter the attribute set corresponding to the user who is allowed to access the shared file from the identity provision module, and combine the acquired attribute sets to obtain the authorization attribute set, and the step of establishing an access control matrix matching the set of authorization attributes.
- the first way to revoke the corresponding attribute determine whether the user who is allowed to access the shared file has changed; The combination of attribute sets to obtain the authorization attribute set, and the step of establishing an access control matrix matching the authorization attribute set; if there is no change, then do not re-enter the attribute set corresponding to the user who is allowed to access the shared file from the identity providing module, and combining the obtained attribute sets to obtain an authorization attribute set, and establishing an access control matrix matching the authorization attribute set, so that users who are no longer allowed to access shared files cannot continue to access attribute encrypted ciphertext.
- the application determines that the users who are allowed to access shared files have not changed, and based on the determined result, do not re-enter the attribute set corresponding to the user who is allowed to access shared files obtained from the identity provision module, and combine the acquired attribute sets to obtain An authorization attribute set, and a step of establishing an access control matrix matching the authorization attribute set.
- the attribute-based encryption method also includes:
- the second way to revoke the corresponding attribute when the target user loses access to the shared file, set the asymmetric key corresponding to the attribute set of the target user in the key management module to invalid, so that the target user has no access Attribute encrypted ciphertext.
- the method based on attribute encryption of this application is applied to the system based on attribute encryption as shown in Figure 2.
- the system based on attribute encryption includes multiple organizations and a cloud computing platform; wherein, each organization includes multiple data users, multiple The data owner and an identity providing module; the cloud computing platform includes a unified cloud storage module and multiple key management modules; each key management module corresponds to an organization.
- the identity providing module includes an identity authentication module and an LDAP (Light Directory Access Protocol, Lightweight Directory Access Protocol) module. All users register their identities with the LDAP module through the identity authentication module, and register corresponding set of attributes.
- LDAP Light Directory Access Protocol, Lightweight Directory Access Protocol
- the key management module includes an attribute discrimination point and a key storage module; wherein, the key storage module is used to store the key generated by the key management module; the attribute discrimination point is used to perform key management of the key generated by the key management module Process (including symmetric key decryption process).
- the cloud storage module includes an access decision point and a storage center; wherein, the storage center is used to store the attribute encrypted ciphertext; the access decision point is used to implement the access control process of the attribute encrypted ciphertext (deciding whether to allow users to access the attribute encrypted ciphertext).
- this application has the following beneficial effects: 1) This application makes full use of the organization's own LDAP identity verification system and the key management system in the cloud computing platform to realize an attribute-based encryption system without the need for a trusted authority, Make full use of the existing organizational structure of the cloud computing platform. 2) This application makes full use of the organization's own LDAP authentication system, so each organization operates independently without interfering with each other. LDAP is both the authenticator of the user login system and the trusted provider of user attributes. 3) In the attribute-based encryption method of this application, the access control structure is embedded in the ciphertext, and the key is bound to a set of attributes to effectively implement access control.
- attribute-based encryption method can realize one-to-many secure file access. 4) Use attributes to classify users in a fine-grained manner, and use specific access policies to encrypt data. Only when user attributes meet the access policy can the ciphertext be successfully decrypted. Therefore, attribute-based encryption methods are especially suitable for ensuring user privacy on cloud platforms. Under the premise of protecting the confidentiality of data.
- the present application also provides an attribute-based encryption system, including:
- the identity provision module is used to register the user's identity information and its corresponding attribute set
- the data owner is used to obtain the attribute set corresponding to the user who is allowed to access the shared file from the identity providing module, and combine the obtained attribute set to obtain the authorization attribute set, and establish an access control matrix matching the authorization attribute set; based on sharing The file identifier and authorization attribute set of the file request a symmetric key and an asymmetric key corresponding to each attribute in the authorization attribute set from the key management module; receive the symmetric key and asymmetric key returned by the key management module
- the key management module is used to generate a symmetric key and an asymmetric key corresponding to each attribute in the authorization attribute set based on the file identification and the authorization attribute set of the shared file, and combine the symmetric key and the asymmetric key
- the public key set is returned to the data owner;
- Cloud storage module used to store attribute encrypted ciphertext.
- the identity providing module includes:
- the LDAP module is used to register the user's identity information and its corresponding attribute collection through the identity authentication module;
- the key management module includes:
- the attribute discrimination point is used to execute the key management process of the key generated by the key management module
- the key storage module is used to store the key generated by the key management module
- Cloud storage modules include:
- Access decision point used to execute the access control process of attribute encrypted ciphertext
- the storage center is used to store attribute encrypted ciphertext.
- a computer device provided by the present application may be a server, and its internal structure may be as shown in FIG. 4 .
- the computer device includes a processor, memory, network interface and database connected by a system bus. Wherein, the processor of the computer device is used to provide calculation and control capabilities.
- the memory of the computer device includes a non-volatile storage medium and an internal memory.
- the non-volatile storage medium stores an operating system, computer programs and databases.
- the internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage medium.
- the database of the computer equipment is used to store relevant data of the above-mentioned attribute-based encryption method.
- the network interface of the computer device is used to communicate with an external terminal via a network connection. When the computer program is executed by the processor, the above-mentioned attribute-based encryption method can be realized.
- a computer device provided by the present application includes: a memory and one or more processors, where computer-readable instructions are stored in the memory, and when the computer-readable instructions are executed by the processor, the one or more processors execute any one of the above-mentioned The steps of the above-mentioned attribute-based encryption method in the embodiment.
- the embodiment of the present specification also provides one or more non-volatile storage media storing computer-readable instructions, and when the computer-readable instructions are executed by one or more processors, one or more processors can execute any one of the above-mentioned implementations.
- Nonvolatile memory can include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
- Volatile memory can include random access memory (RAM) or external cache memory.
- RAM random access memory
- RAM is available in many forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Chain Synchlink DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
Disclosed in the present application are an attribute-based encryption method and system. In the present application, a shared file is encrypted before being shared, and the encryption mode involves attribute sets corresponding to users that are allowed to access the shared file, such that only the users that are allowed to access the shared file can successfully decrypt ciphertext, thereby greatly reducing the risk of information leakage.
Description
相关申请的交叉引用Cross References to Related Applications
本申请要求于2021年12月14日提交中国专利局,申请号为202111518960.3,申请名称为“一种基于属性的加密方法及系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application with the application number 202111518960.3 and the application title "An Attribute-Based Encryption Method and System" filed with the China Patent Office on December 14, 2021, the entire contents of which are incorporated herein by reference Applying.
本申请涉及信息加密领域,特别是涉及一种基于属性的加密方法及系统。This application relates to the field of information encryption, in particular to an attribute-based encryption method and system.
随着互联网的高速发展与不断普及,越来越多的敏感信息在互联网第三方站点(如云存储)上进行存储与共享。发明人意识到,目前,这些敏感信息并不是以加密的形式在云存储上进行存储,因此会面临敏感信息泄露的风险,由信息泄露所导致的安全威胁也不断增加。With the rapid development and popularization of the Internet, more and more sensitive information is stored and shared on third-party Internet sites (such as cloud storage). The inventor realizes that at present, these sensitive information are not stored in an encrypted form on cloud storage, so they face the risk of sensitive information leakage, and the security threats caused by information leakage are also increasing.
因此,如何提供一种在共享之前对敏感信息进行加密的方案是本领域的技术人员目前需要解决的问题。Therefore, how to provide a solution for encrypting sensitive information before sharing is a problem that those skilled in the art need to solve at present.
发明内容Contents of the invention
本申请提供一种基于属性的加密方法及系统。This application provides an attribute-based encryption method and system.
本申请提供了一种基于属性的加密方法,包括:This application provides an attribute-based encryption method, including:
预先利用身份提供模块注册用户的身份信息及其对应的属性集合;Use the identity provision module to register the user's identity information and its corresponding attribute set in advance;
从身份提供模块中获取允许访问共享文件的用户对应的属性集合,并将获取的属性集合组合得到授权属性集合,且建立与授权属性集合相匹配的访问控制矩阵;Obtain the attribute set corresponding to the user who is allowed to access the shared file from the identity providing module, combine the acquired attribute set to obtain an authorization attribute set, and establish an access control matrix matching the authorization attribute set;
基于共享文件的文件标识及授权属性集合向密钥管理模块请求一个对称密钥及与授权属性集合中各属性一一对应的非对称密钥;Based on the file identification and authorization attribute set of the shared file, request a symmetric key and an asymmetric key corresponding to each attribute in the authorization attribute set from the key management module;
接收密钥管理模块返回的对称密钥和非对称密钥的公钥集合,并利用对称密钥加密共享文件,得到文件密文,且基于访问控制矩阵和公钥集合对对称密钥进行基于属性的加密,得到属性密文;和Receive the symmetric key and the public key set of the asymmetric key returned by the key management module, and use the symmetric key to encrypt the shared file to obtain the file ciphertext, and based on the access control matrix and the public key set, attribute-based Encryption of to get the attribute ciphertext; and
将访问控制矩阵、文件密文及属性密文组合得到属性加密密文,并将属性加密密文上传至云存储模块,以使云存储模块只允许与访问控制矩阵匹配的用户读取并解密属性加密密文,得到共享文件。Combine the access control matrix, file ciphertext and attribute ciphertext to obtain the attribute encryption ciphertext, and upload the attribute encryption ciphertext to the cloud storage module, so that the cloud storage module only allows users matching the access control matrix to read and decrypt attributes Encrypt the ciphertext to get the shared file.
在一些实施例中,利用密钥管理模块,基于共享文件的文件标识及授权属性集合生成一个对称密钥及与授权属性集合中各属性一一对应的非对称密钥,包括:In some embodiments, the key management module is used to generate a symmetric key and an asymmetric key corresponding to each attribute in the authorization attribute set based on the file identifier and the authorization attribute set of the shared file, including:
根据全局参数设置函数Global Setup(λ)→GP进行全局参数设置,得到全局参数GP={g
1,G,G
T,Z
p,q,p,H};其中,全局参数GP为所有用户提供;λ为安全参数;H表示哈希函数,其具有映射功能H:{0,1}
*→G;G为一个阶为q的双线性群;g
1∈G;G
T为一个阶为q的乘法循环群;Z
p为一个阶为p的整数循环群;
According to the global parameter setting function Global Setup(λ)→GP, the global parameter setting is performed, and the global parameter GP={g 1 ,G,G T ,Z p ,q,p,H} is obtained; among them, the global parameter GP is provided for all users ; λ is a security parameter; H represents a hash function, which has a mapping function H:{0,1} * →G; G is a bilinear group with order q; g 1 ∈ G; G T is a The multiplicative cyclic group of q; Z p is an integer cyclic group of order p;
根据密钥生成函数GkeyGen(ID,S,GP,pk
u)→PK,SK,sk生成一个对称密钥sk及与授权属性集合中各属性一一对应的非对称密钥(PK,SK),以将对称密钥和非对称密钥的公钥集合经共享文件的拥有方公钥pk
u加密后返回;其中,ID为文件标识;S为授权属性集合;PK为非对称密钥的公钥,
e为双线性映射:G×G→G
T;SK为非对称密钥的私钥,SK={α
i,y
i};α
i,y
i为随机数,α
i,y
i∈Z
p;i为访问控制矩阵对应的第i个属性,共有K个属性,i∈{1,2,3,…,K}。
According to the key generation function GkeyGen(ID, S, GP, pk u ) → PK, SK, sk, generate a symmetric key sk and an asymmetric key (PK, SK) corresponding to each attribute in the authorization attribute set, To return the public key set of the symmetric key and the asymmetric key after being encrypted by the owner's public key pk u of the shared file; among them, ID is the file identifier; S is the authorization attribute set; PK is the public key of the asymmetric key , e is a bilinear mapping: G×G→G T ; SK is the private key of an asymmetric key, SK={α i , y i }; α i , y i are random numbers, α i , y i ∈ Z p ; i is the i-th attribute corresponding to the access control matrix, and there are K attributes in total, i∈{1,2,3,...,K}.
在一些实施例中,接收密钥管理模块返回的对称密钥和非对称密钥的公钥集合,并利用对称密钥加密共享文件,得到文件密文,且基于访问控制矩阵和公钥集合对对称密钥进行基于属性的加密,得到属性密文,包括:In some embodiments, the public key set of the symmetric key and the asymmetric key returned by the key management module is received, and the shared file is encrypted with the symmetric key to obtain the file ciphertext, and based on the access control matrix and the public key set pair The symmetric key performs attribute-based encryption to obtain attribute ciphertext, including:
基于共享文件的拥有方私钥对密钥管理模块返回的密文进行解密,得到对称密钥sk和非对称密钥的公钥集合{PK};Decrypt the ciphertext returned by the key management module based on the private key of the owner of the shared file, and obtain the public key set {PK} of the symmetric key sk and the asymmetric key;
利用对称密钥sk加密共享文件,得到文件密文C
1;
Use the symmetric key sk to encrypt the shared file to obtain the file ciphertext C 1 ;
基于访问控制矩阵A和公钥集合{PK}对对称密钥sk进行基于属性的加密,得到属性密文CT={C
2,C
3,C
4,C
5};其中,A为K×L的矩阵,K为矩阵A的行数,L为矩阵A的列数;
所有C
3,i组成C
3;
所有C
4,i组成C
4;
所有C
5,i组成C
5;s
1为随机数,s
1∈Z
p;λ
i=A
i×v;A
i为A的第i行;v为随机向量,v∈Z
P
L;v的第一个元素为s
1,其它元素 为随机数;r
i为一个随机数,r
i∈Z
p;ρ为一个用于将属性与矩阵A的行联系起来的属性映射函数。
Based on the access control matrix A and the public key set {PK}, perform attribute-based encryption on the symmetric key sk, and obtain the attribute ciphertext CT = {C 2 , C 3 , C 4 , C 5 }; where A is K×L The matrix, K is the number of rows of matrix A, L is the number of columns of matrix A; All C 3,i form C 3 ; All C 4,i form C 4 ; All C 5,i form C 5 ; s 1 is a random number, s 1 ∈ Z p ; λ i =A i ×v; A i is the i-th row of A; v is a random vector, v∈ Z P L ; v The first element of is s 1 , and other elements are random numbers; ri is a random number, ri ∈ Z p ; ρ is an attribute mapping function used to associate attributes with rows of matrix A.
在一些实施例中,将访问控制矩阵、文件密文及属性密文组合得到属性加密密文,包括:In some embodiments, the attribute encryption ciphertext is obtained by combining the access control matrix, file ciphertext and attribute ciphertext, including:
基于访问控制矩阵A、文件密文C
1及属性密文CT,得到属性加密密文C={ID,A,ρ,C
1,CT,sign};其中,sign为数字签名。
Based on the access control matrix A, the file ciphertext C 1 and the attribute ciphertext CT, the attribute encrypted ciphertext C={ID,A,ρ,C 1 ,CT,sign} is obtained; where, sign is a digital signature.
在一些实施例中,从云存储模块中读取属性加密密文,包括:In some embodiments, reading the attribute encrypted ciphertext from the cloud storage module includes:
在数据使用方访问云存储模块时,基于数据使用方的身份信息从身份提供模块中获得数据使用方对应的目标属性集合;When the data user accesses the cloud storage module, the target attribute set corresponding to the data user is obtained from the identity providing module based on the identity information of the data user;
获取属性加密密文中的访问控制矩阵;Obtain the access control matrix in the attribute encrypted ciphertext;
在目标属性集合与访问控制矩阵匹配时,允许云存储模块将属性加密密文发送至数据使用方;When the target attribute set matches the access control matrix, the cloud storage module is allowed to send the attribute encrypted ciphertext to the data user;
在目标属性集合与访问控制矩阵不匹配时,不允许云存储模块将属性加密密文发送至数据使用方。When the target attribute set does not match the access control matrix, the cloud storage module is not allowed to send the attribute encrypted ciphertext to the data consumer.
在一些实施例中,属性加密密文的解密过程,包括:In some embodiments, the decryption process of attribute encrypted ciphertext includes:
在数据使用方利用属性密文访问密钥管理模块时,利用密钥管理模块从身份提供模块中获得数据使用方对应的目标属性集合,并根据目标属性集合和文件标识确定目标属性集合对应的目标私钥集合;When the data user uses the attribute ciphertext to access the key management module, use the key management module to obtain the target attribute set corresponding to the data user from the identity providing module, and determine the target corresponding to the target attribute set according to the target attribute set and the file identifier collection of private keys;
基于目标私钥集合和属性密文对对称密钥进行解密,并将解密后的对称密钥经数据使用方的公钥加密后发送至数据使用方,以使数据使用方利用自身私钥解密得到对称密钥,并利用对称密钥解密文件密文,得到共享文件。Decrypt the symmetric key based on the target private key set and attribute ciphertext, and send the decrypted symmetric key to the data user after being encrypted with the public key of the data user, so that the data user can decrypt it with its own private key to obtain Symmetric key, and use the symmetric key to decrypt the ciphertext of the file to obtain the shared file.
在一些实施例中,基于目标私钥集合和属性密文对对称密钥进行解密,包括:In some embodiments, decrypting the symmetric key based on the target private key set and the attribute ciphertext includes:
根据派生私钥求取函数
得到派生私钥集合K
id;其中,K
x,id为目标属性集合的第x个属性对应的派生私钥;目标属性集合共有K
1个属性,x∈{1,2,3,…,K
1};id为数据使用方的用户id;
Find the function based on the derived private key Get the derived private key set K id ; among them, K x, id is the derived private key corresponding to the xth attribute of the target attribute set; the target attribute set has K 1 attributes in total, x∈{1,2,3,...,K 1 }; id is the user id of the data user;
根据数据求取函数find function from data
其中,ρ(x)表示将属性x映射到访问控制矩阵A的第ρ(x)行;Among them, ρ(x) means mapping the attribute x to the ρ(x)th row of the access control matrix A;
在Σ
xc
xA
ρ(x)=(1,0,...,0)下计算常量c
x,并根据
计算
其中,
为正整数;
The constant c x is calculated under Σ x c x A ρ(x) = (1, 0, ..., 0), and according to calculate in, is a positive integer;
根据解密函数
对对称密钥进行解密,得到对称密钥sk。
According to the decryption function Decrypt the symmetric key to get the symmetric key sk.
在一些实施例中,基于属性的加密方法还包括:In some embodiments, the attribute-based encryption method further includes:
在允许访问共享文件的用户发生改变时,重新进入从身份提供模块中获取允许访问共享文件的用户对应的属性集合,并将获取的属性集合组合得到授权属性集合,且建立与授权属性集合相匹配的访问控制矩阵的步骤。When the user who is allowed to access the shared file changes, re-enter the attribute set corresponding to the user who is allowed to access the shared file from the identity providing module, and combine the obtained attribute set to obtain the authorized attribute set, and establish a match with the authorized attribute set The steps of the access control matrix.
在一些实施例中,基于属性的加密方法还包括:In some embodiments, the attribute-based encryption method further includes:
在允许访问所述共享文件的用户未发生改变时,不重新进入从身份提供模块中获取允许访问共享文件的用户对应的属性集合,并将获取的属性集合组合得到授权属性集合,且建立与授权属性集合相匹配的访问控制矩阵的步骤。When the user allowed to access the shared file has not changed, do not re-enter the attribute set corresponding to the user who is allowed to access the shared file from the identity providing module, and combine the acquired attribute set to obtain an authorized attribute set, and establish and authorize The set of attributes matches the steps in the access control matrix.
在一些实施例中,基于属性的加密方法还包括:In some embodiments, the attribute-based encryption method further includes:
在目标用户失去共享文件的访问权时,将密钥管理模块中目标用户的属性集合对应的非对称密钥设置为失效,以使目标用户无权访问属性加密密文。When the target user loses the access right to the shared file, set the asymmetric key corresponding to the attribute set of the target user in the key management module to be invalid, so that the target user has no right to access the attribute encrypted ciphertext.
在一些实施例中,本申请还提供了一种基于属性的加密系统,包括:In some embodiments, the present application also provides an attribute-based encryption system, comprising:
身份提供模块,用于注册用户的身份信息及其对应的属性集合;The identity provision module is used to register the user's identity information and its corresponding attribute set;
数据拥有方,用于从身份提供模块中获取允许访问共享文件的用户对应的属性集合,并将获取的属性集合组合得到授权属性集合,且建立与授权属性集合相匹配的访问控制矩阵;基于共享文件的文件标识及授权属性集合向密钥管理模块请求一个对称密钥及与授权属性集合中各属性一一对应的非对称密钥;接收密钥管理模块返回的对称密钥和非对称密钥的公钥集合,并利用对称密钥加密共享文件,得到文件密文,且基于访问控制矩阵和公钥集合对对称密钥进行基于属性的加密,得到属性密文;将访问控制矩阵、文件密文及属性密文组合得到属性加密密文,并将属性加密密文上传至云存储模块,以使云存储模块只允许与访问控制矩阵匹配的用户读取并解密属性加密密文,得到共享文件;The data owner is used to obtain the attribute set corresponding to the user who is allowed to access the shared file from the identity providing module, and combine the obtained attribute set to obtain the authorization attribute set, and establish an access control matrix matching the authorization attribute set; based on sharing The file identifier and authorization attribute set of the file request a symmetric key and an asymmetric key corresponding to each attribute in the authorization attribute set from the key management module; receive the symmetric key and asymmetric key returned by the key management module The public key set, and use the symmetric key to encrypt the shared file to obtain the file ciphertext, and based on the access control matrix and the public key set, perform attribute-based encryption on the symmetric key to obtain the attribute ciphertext; the access control matrix, file encryption text and attribute ciphertext to obtain attribute encrypted ciphertext, and upload the attribute encrypted ciphertext to the cloud storage module, so that the cloud storage module only allows users matching the access control matrix to read and decrypt the attribute encrypted ciphertext to obtain shared files ;
密钥管理模块,用于基于共享文件的文件标识及授权属性集合生成一个对称密钥及与授权属性集合中各属性一一对应的非对称密钥,并将对称密钥和非对称密钥的公钥集合返回至数据拥有方;和The key management module is used to generate a symmetric key and an asymmetric key corresponding to each attribute in the authorization attribute set based on the file identification and the authorization attribute set of the shared file, and combine the symmetric key and the asymmetric key The set of public keys is returned to the data owner; and
云存储模块,用于存储属性加密密文。Cloud storage module, used to store attribute encrypted ciphertext.
在一些实施例中,身份提供模块包括:In some embodiments, the identity provisioning module includes:
身份认证模块;Identity authentication module;
LDAP模块,用于经身份认证模块注册用户的身份信息及其对应的属性集合;The LDAP module is used to register the user's identity information and its corresponding attribute collection through the identity authentication module;
密钥管理模块包括:The key management module includes:
属性判别点,用于执行密钥管理模块生成的密钥的密钥管理流程;The attribute discrimination point is used to execute the key management process of the key generated by the key management module;
密钥存储模块,用于存储密钥管理模块生成的密钥;The key storage module is used to store the key generated by the key management module;
云存储模块包括:Cloud storage modules include:
访问决策点,用于执行属性加密密文的访问控制流程;和Access decision points for enforcing access control processes for attribute encrypted ciphertexts; and
存储中心,用于存储属性加密密文。The storage center is used to store attribute encrypted ciphertext.
本申请的一个或多个实施例的细节在下面的附图和描述中提出。本申请的其它特征和优点将从说明书、附图以及权利要求书变得明显。The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below. Other features and advantages of the application will be apparent from the description, drawings, and claims.
为了更清楚地说明本申请实施例中的技术方案,下面将对现有技术和实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application, the following will briefly introduce the prior art and the accompanying drawings that need to be used in the embodiments. Obviously, the accompanying drawings in the following description are only some of the present application. Embodiments, for those of ordinary skill in the art, other drawings can also be obtained based on these drawings without any creative effort.
图1为根据一个或多个实施例中一种基于属性的加密方法的流程图;FIG. 1 is a flowchart of an attribute-based encryption method according to one or more embodiments;
图2为根据一个或多个实施例中一种基于属性的加密系统的结构示意图;Fig. 2 is a schematic structural diagram of an attribute-based encryption system according to one or more embodiments;
图3为根据一个或多个实施例中一种基于属性的加密系统的加密示意图;Fig. 3 is an encryption schematic diagram of an attribute-based encryption system according to one or more embodiments;
图4为根据一个或多个实施例中一种计算机设备的结构框图。Fig. 4 is a structural block diagram of a computer device according to one or more embodiments.
本申请的核心是提供一种基于属性的加密方法及系统,在文件共享之前对共享文件进行加密,且加密方式涉及允许访问共享文件的用户对应的属性集合,目的是实现只有允许访问共享文件的用户才能成功解密密文,从而极大地降低了信息泄露的风险。The core of this application is to provide an attribute-based encryption method and system, which encrypts shared files before file sharing, and the encryption method involves the corresponding attribute set of users who are allowed to access shared files. Users can successfully decrypt the ciphertext, which greatly reduces the risk of information leakage.
为使本申请实施例的目的、技术方案和优点更加清楚,下面将结合本申请实施例中 的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application. Obviously, the described embodiments It is a part of the embodiments of this application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.
请参照图1,图1为本申请实施例提供的一种基于属性的加密方法的流程图。Please refer to FIG. 1 , which is a flow chart of an attribute-based encryption method provided by an embodiment of the present application.
该基于属性的加密方法包括:The attribute-based encryption methods include:
步骤S1:预先利用身份提供模块注册用户的身份信息及其对应的属性集合。Step S1: Use the identity providing module to register the user's identity information and its corresponding attribute set in advance.
具体地,无论是数据拥有方还是数据使用方,均提前利用身份提供模块注册用户的身份信息(包括用户名和密码),同时注册用户对应的属性集合,以由身份提供模块验证用户属性的合法性。Specifically, both the data owner and the data user use the identity provision module to register the user's identity information (including user name and password) in advance, and register the corresponding attribute set of the user at the same time, so that the identity provision module can verify the legitimacy of the user's attributes .
步骤S2:从身份提供模块中获取允许访问共享文件的用户对应的属性集合,并将获取的属性集合组合得到授权属性集合,且建立与授权属性集合相匹配的访问控制矩阵。Step S2: Obtain the attribute set corresponding to the user who is allowed to access the shared file from the identity providing module, combine the acquired attribute set to obtain an authorization attribute set, and establish an access control matrix matching the authorization attribute set.
具体地,每个用户都有各自对应的属性集合,数据拥有方(共享文件的数据拥有者所在的客户端)将允许访问共享文件的用户对应的属性集合组合起来,得到授权属性集合S,即允许访问共享文件的一用户对应的属性集合为授权属性集合S的子集,然后建立与授权属性集合S相匹配的访问控制矩阵A(访问控制矩阵A的作用是控制共享文件的访问用户)。Specifically, each user has its own corresponding attribute set, and the data owner (the client where the data owner of the shared file is located) combines the attribute sets corresponding to the users who are allowed to access the shared file to obtain the authorized attribute set S, namely The attribute set corresponding to a user who is allowed to access the shared file is a subset of the authorization attribute set S, and then an access control matrix A matching the authorization attribute set S is established (the role of the access control matrix A is to control the access user of the shared file).
步骤S3:基于共享文件的文件标识及授权属性集合向密钥管理模块请求一个对称密钥及与授权属性集合中各属性一一对应的非对称密钥。Step S3: Request a symmetric key and an asymmetric key corresponding to each attribute in the authorization attribute set from the key management module based on the file identifier and the authorization attribute set of the shared file.
具体地,数据拥有方基于预共享至云存储模块的共享文件M的文件标识ID(Identity Document,唯一编码)及授权属性集合S向密钥管理模块请求一个对称密钥sk(加密密钥和解密密钥相同)及与授权属性集合S中各属性一一对应的非对称密钥(非对称密钥包括用于加密的公钥PK和用于解密的私钥SK,公钥和私钥不相同)。密钥管理模块在接收到数据拥有方的请求后,基于共享文件的文件标识ID及授权属性集合S生成一个对称密钥sk及与授权属性集合S中各属性一一对应的非对称密钥,然后将生成的一个对称密钥sk和所有非对称密钥的公钥集合{PK}返回至数据拥有方。Specifically, the data owner requests a symmetric key sk (encryption key and decryption key) from the key management module based on the file identification ID (Identity Document, unique code) and authorization attribute set S of the shared file M pre-shared to the cloud storage module. The key is the same) and the asymmetric key corresponding to each attribute in the authorized attribute set S (the asymmetric key includes the public key PK for encryption and the private key SK for decryption, and the public key and private key are different ). After receiving the request from the data owner, the key management module generates a symmetric key sk and an asymmetric key corresponding to each attribute in the authorized attribute set S based on the file identification ID of the shared file and the authorized attribute set S, Then return the generated symmetric key sk and the public key set {PK} of all asymmetric keys to the data owner.
步骤S4:接收密钥管理模块返回的对称密钥和非对称密钥的公钥集合,并利用对称密钥加密共享文件,得到文件密文,且基于访问控制矩阵和公钥集合对对称密钥进行基于属性的加密,得到属性密文。Step S4: Receive the symmetric key and the public key set of the asymmetric key returned by the key management module, and use the symmetric key to encrypt the shared file to obtain the file ciphertext, and based on the access control matrix and the public key set, the symmetric key Perform attribute-based encryption to obtain attribute ciphertext.
具体地,数据拥有方接收密钥管理模块返回的一个对称密钥sk和所有非对称密钥的公钥集合{PK},然后利用对称密钥sk加密共享文件M,得到文件密文C
1,并且,基于建 立的访问控制矩阵A和公钥集合{PK}对对称密钥sk进行基于属性的加密,得到属性密文CT。
Specifically, the data owner receives a symmetric key sk returned by the key management module and the public key set {PK} of all asymmetric keys, and then uses the symmetric key sk to encrypt the shared file M to obtain the file ciphertext C 1 , And, based on the established access control matrix A and the public key set {PK}, perform attribute-based encryption on the symmetric key sk to obtain the attribute ciphertext CT.
步骤S5:将访问控制矩阵、文件密文及属性密文组合得到属性加密密文,并将属性加密密文上传至云存储模块,以使云存储模块只允许与访问控制矩阵匹配的用户读取并解密属性加密密文,得到共享文件。Step S5: Combine the access control matrix, file ciphertext and attribute ciphertext to obtain the attribute encryption ciphertext, and upload the attribute encryption ciphertext to the cloud storage module, so that the cloud storage module only allows users matching the access control matrix to read And decrypt the attribute encrypted ciphertext to obtain the shared file.
具体地,数据拥有方将访问控制矩阵A、文件密文C
1及属性密文CT组合得到基于属性加密的密文C(称为属性加密密文,还可包含其它内容),然后将属性加密密文C上传至云存储模块,目的是使云存储模块只允许与访问控制矩阵A匹配的用户读取并解密属性加密密文C,得到共享文件M。
Specifically, the data owner combines the access control matrix A, file ciphertext C 1 and attribute ciphertext CT to obtain attribute-based encrypted ciphertext C (called attribute-encrypted ciphertext, which can also contain other content), and then encrypts the attribute The ciphertext C is uploaded to the cloud storage module, so that the cloud storage module only allows users matching the access control matrix A to read and decrypt the attribute-encrypted ciphertext C to obtain the shared file M.
可见,本申请在文件共享之前对共享文件进行加密,且加密方式涉及允许访问共享文件的用户对应的属性集合,目的是实现只有允许访问共享文件的用户才能成功解密密文,从而极大地降低了信息泄露的风险。It can be seen that this application encrypts the shared files before file sharing, and the encryption method involves the attribute set corresponding to the users who are allowed to access the shared files. The purpose is to realize that only users who are allowed to access the shared files can successfully decrypt the ciphertext, thereby greatly reducing Risk of Information Leakage.
在上述实施例的基础上:On the basis of above-mentioned embodiment:
作为一种可选的实施例,利用密钥管理模块,基于共享文件的文件标识及授权属性集合生成一个对称密钥及与授权属性集合中各属性一一对应的非对称密钥,包括:As an optional embodiment, the key management module is used to generate a symmetric key and an asymmetric key corresponding to each attribute in the authorization attribute set based on the file identifier and the authorization attribute set of the shared file, including:
根据全局参数设置函数Global Setup(λ)→GP进行全局参数设置,得到全局参数GP={g
1,G,G
T,Z
p,q,p,H};其中,全局参数GP为所有用户提供;λ为安全参数;H表示哈希函数,其具有映射功能H:{0,1}
*→G;G为一个阶为q的双线性群;g
1∈G;G
T为一个阶为q的乘法循环群;Z
p为一个阶为p的整数循环群;
According to the global parameter setting function Global Setup(λ)→GP, the global parameter setting is performed, and the global parameter GP={g 1 ,G,G T ,Z p ,q,p,H} is obtained; among them, the global parameter GP is provided for all users ; λ is a security parameter; H represents a hash function, which has a mapping function H:{0,1} * →G; G is a bilinear group with order q; g 1 ∈ G; G T is a The multiplicative cyclic group of q; Z p is an integer cyclic group of order p;
根据密钥生成函数GkeyGen(ID,S,GP,pk
u)→PK,SK,sk生成一个对称密钥sk及与授权属性集合中各属性一一对应的非对称密钥(PK,SK),以将对称密钥和非对称密钥的公钥集合经共享文件的拥有方公钥pk
u加密后返回;其中,ID为文件标识;S为授权属性集合;PK为非对称密钥的公钥,
e为双线性映射:G×G→G
T;SK为非对称密钥的私钥,SK={α
i,y
i};α
i,y
i为随机数,α
i,y
i∈Z
p;i为访问控制矩阵对应的第i个属性,共有K个属性,i∈{1,2,3,…,K}。
According to the key generation function GkeyGen(ID, S, GP, pk u ) → PK, SK, sk, generate a symmetric key sk and an asymmetric key (PK, SK) corresponding to each attribute in the authorization attribute set, To return the public key set of the symmetric key and the asymmetric key after being encrypted by the owner's public key pk u of the shared file; among them, ID is the file identifier; S is the authorization attribute set; PK is the public key of the asymmetric key , e is a bilinear mapping: G×G→G T ; SK is the private key of an asymmetric key, SK={α i , y i }; α i , y i are random numbers, α i , y i ∈ Z p ; i is the i-th attribute corresponding to the access control matrix, and there are K attributes in total, i∈{1,2,3,...,K}.
具体地,数据拥有方借助密钥管理模块生成密钥的过程包括:1)数据拥有方基于共享文件M的文件标识ID及授权属性集合S向密钥管理模块请求一个对称密钥sk及与授权属性集合S中各属性一一对应的非对称密钥,此操作在可信执行环境中进行。2)密钥管理模块在接收到数据拥有方的请求后,根据全局参数设置函数Global Setup(λ)→GP进行全局参数设置,得到全局参数GP={g
1,G,G
T,Z
p,q,p,H},并将全局参数GP返回至数据拥有方,也提供给其它用户(需要说明的是,全局参数可以采用密钥管理模块现有公开的全局参数,不必重新生成全局参数,以减少密钥管理模块生成全局参数的负载)。3)密钥管理模块根据密钥生成函数GkeyGen(ID,S,GP,pk
u)→PK,SK,sk生成一个对称密钥sk及与授权属性集合S中各属性一一对应的非对称密钥(PK,SK),以将对称密钥sk和非对称密钥的公钥集合{PK}经数据拥有方的公钥pk
u加密后由安全通道返回至数据拥有方;其中,
SK={α
i,y
i};e为双线性映射:G×G→G
T,如e(g
1,g
1)
αi=(g
1×g
1)
αi;α
i,y
i为随机数,α
i,y
i∈Z
p;α
i,y
i的下角标i为访问控制矩阵对应的第i个属性,访问控制矩阵共对应K个属性,i∈{1,2,3,…,K}。
Specifically, the process for the data owner to generate a key with the help of the key management module includes: 1) The data owner requests a symmetric key sk from the key management module based on the file identification ID and authorization attribute set S of the shared file M and the authorization An asymmetric key corresponding to each attribute in the attribute set S, and this operation is performed in a trusted execution environment. 2) After receiving the request from the data owner, the key management module sets the global parameters according to the global parameter setting function Global Setup(λ)→GP, and obtains the global parameters GP={g 1 ,G,G T ,Z p , q,p,H}, and return the global parameter GP to the data owner, and also provide it to other users (it should be noted that the global parameter can use the existing public global parameter of the key management module, and it is not necessary to regenerate the global parameter. to reduce the load on the key management module to generate global parameters). 3) The key management module generates a symmetric key sk and an asymmetric key corresponding to each attribute in the authorization attribute set S according to the key generation function GkeyGen(ID,S,GP,pk u )→PK,SK,sk key (PK, SK), so that the public key set {PK} of the symmetric key sk and the asymmetric key is encrypted by the public key pk u of the data owner, and then returned to the data owner through a secure channel; among them, SK={α i ,y i }; e is a bilinear mapping: G×G→G T , such as e(g 1 , g 1 ) αi =(g 1 ×g 1 ) αi ; α i ,y i is Random numbers, α i , y i ∈ Z p ; the subscript i of α i , y i is the i-th attribute corresponding to the access control matrix, and the access control matrix corresponds to K attributes in total, i∈{1,2,3, …, K}.
另外,在密钥管理模块中,每一条非对称密钥记录由文件标识ID、全局参数GP、属性、密钥组成,每一条非对称密钥记录均加密存储在密钥管理模块中,以保证密钥的安全性,密钥管理模块的密钥存储如表1所示:In addition, in the key management module, each asymmetric key record is composed of file identification ID, global parameter GP, attribute, and key, and each asymmetric key record is encrypted and stored in the key management module to ensure The security of the key, the key storage of the key management module is shown in Table 1:
表1Table 1
需要说明的是,当数据拥有方再次加密其它共享文件时,会基于其它共享文件的文件标识及授权属性集合向密钥管理模块重新请求一个对称密钥及与授权属性集合中各属性一一对应的非对称密钥。即使两个共享文件对应相同的授权属性集合,也不具有相同的密钥集合,保证系统安全性,且实现了基于属性加密的细粒度加密能力,充分保证加密文件的安全性。It should be noted that when the data owner re-encrypts other shared files, it will re-request a symmetric key from the key management module based on the file ID and authorization attribute set of other shared files and one-to-one correspondence with each attribute in the authorization attribute set asymmetric key. Even if two shared files correspond to the same authorization attribute set, they do not have the same key set, which ensures system security, and realizes the fine-grained encryption capability based on attribute encryption, which fully guarantees the security of encrypted files.
作为一种可选的实施例,接收密钥管理模块返回的对称密钥和非对称密钥的公钥集合,并利用对称密钥加密共享文件,得到文件密文,且基于访问控制矩阵和公钥集合对对称密钥进行基于属性的加密,得到属性密文,包括:As an optional embodiment, receive the public key set of the symmetric key and the asymmetric key returned by the key management module, and use the symmetric key to encrypt the shared file to obtain the file ciphertext, and based on the access control matrix and public key The key set performs attribute-based encryption on the symmetric key to obtain the attribute ciphertext, including:
基于共享文件的拥有方私钥对密钥管理模块返回的密文进行解密,得到对称密钥sk和非对称密钥的公钥集合{PK};Decrypt the ciphertext returned by the key management module based on the private key of the owner of the shared file, and obtain the public key set {PK} of the symmetric key sk and the asymmetric key;
利用对称密钥sk加密共享文件,得到文件密文C
1;
Use the symmetric key sk to encrypt the shared file to obtain the file ciphertext C 1 ;
基于访问控制矩阵A和公钥集合{PK}对对称密钥sk进行基于属性的加密,得到属性密文CT={C
2,C
3,C
4,C
5};其中,A为K×L的矩阵,K为矩阵A的行数,L为矩阵A的列数;
所有C
3,i组成C
3;
所有C
4,i组成C
4;
所有C
5,i组成C
5;s
1为随机数,s
1∈Z
p;λ
i=A
i×v;A
i为A的第i行;v为随机向量,v∈Z
P
L;v的第一个元素为s
1,其它元素为随机数;r
i为一个随机数,r
i∈Z
p;ρ为一个用于将属性与矩阵A的行联系起来的属性映射函数。
Based on the access control matrix A and the public key set {PK}, perform attribute-based encryption on the symmetric key sk, and obtain the attribute ciphertext CT = {C 2 , C 3 , C 4 , C 5 }; where A is K×L The matrix, K is the number of rows of matrix A, L is the number of columns of matrix A; All C 3,i form C 3 ; All C 4,i form C 4 ; All C 5,i form C 5 ; s 1 is a random number, s 1 ∈ Z p ; λ i =A i ×v; A i is the i-th row of A; v is a random vector, v∈ Z P L ; v The first element of is s 1 , and other elements are random numbers; ri is a random number, ri ∈ Z p ; ρ is an attribute mapping function used to associate attributes with rows of matrix A.
具体地,数据拥有方的加密过程包括:1)接收密钥管理模块返回的密文(对称密钥sk和非对称密钥的公钥集合{PK}),然后基于数据拥有方的私钥对密钥管理模块返回的密文进行解密,得到对称密钥sk和非对称密钥的公钥集合{PK}。2)利用对称密钥sk加密 共享文件M,得到文件密文C
1=Enc
sk(M);其中,Enc
sk为加密函数,加密密钥为sk;然后基于访问控制矩阵A和公钥集合{PK}对对称密钥sk进行基于属性的加密,得到属性密文CT={C
2,C
3,C
4,C
5};其中,访问控制矩阵A为K×L的矩阵,K为矩阵A的行数,L为矩阵A的列数;
Specifically, the encryption process of the data owner includes: 1) receiving the ciphertext returned by the key management module (the public key set {PK} of the symmetric key sk and the asymmetric key), and then based on the private key pair of the data owner The ciphertext returned by the key management module is decrypted to obtain the public key set {PK} of the symmetric key sk and the asymmetric key. 2) Use the symmetric key sk to encrypt the shared file M, and obtain the file ciphertext C 1 =Enc sk (M); where, Enc sk is an encryption function, and the encryption key is sk; then based on the access control matrix A and the public key set{ PK} performs attribute-based encryption on the symmetric key sk to obtain the attribute ciphertext CT={C 2 , C 3 , C 4 , C 5 }; where, the access control matrix A is a K×L matrix, and K is the matrix A The number of rows, L is the number of columns of matrix A;
作为一种可选的实施例,将访问控制矩阵、文件密文及属性密文组合得到属性加密密文,包括:As an optional embodiment, the attribute encryption ciphertext is obtained by combining the access control matrix, file ciphertext and attribute ciphertext, including:
基于访问控制矩阵A、文件密文C
1及属性密文CT,得到属性加密密文C={ID,A,ρ,C
1,CT,sign};其中,sign为数字签名。
Based on the access control matrix A, the file ciphertext C 1 and the attribute ciphertext CT, the attribute encrypted ciphertext C={ID,A,ρ,C 1 ,CT,sign} is obtained; where, sign is a digital signature.
具体地,数据拥有方基于访问控制矩阵A、文件密文C
1及属性密文CT,最终得到的属性加密密文可为:C={ID,A,ρ,C
1,CT,sign},其中,sign为数字签名,数字签名是只有信息的发送方才能产生的别人无法伪造的一段数字串,这段数字串同时也是对信息的发送方发送信息真实性的一个有效证明。
Specifically, based on the access control matrix A, the file ciphertext C 1 and the attribute ciphertext CT, the data owner finally obtains the attribute encryption ciphertext as: C={ID,A,ρ,C 1 ,CT,sign}, Among them, sign is a digital signature, and a digital signature is a digital string that only the sender of the message can generate and cannot be forged by others. This digital string is also an effective proof of the authenticity of the message sent by the sender of the message.
作为一种可选的实施例,从云存储模块中读取属性加密密文,包括:As an optional embodiment, reading attribute encrypted ciphertext from the cloud storage module includes:
在数据使用方访问云存储模块时,基于数据使用方的身份信息从身份提供模块中获得数据使用方对应的目标属性集合;When the data user accesses the cloud storage module, the target attribute set corresponding to the data user is obtained from the identity providing module based on the identity information of the data user;
获取属性加密密文中的访问控制矩阵,并判断目标属性集合与访问控制矩阵是否匹配;Obtain the access control matrix in the attribute encrypted ciphertext, and judge whether the target attribute set matches the access control matrix;
若是,则允许云存储模块将属性加密密文发送至数据使用方;If so, the cloud storage module is allowed to send the attribute encrypted ciphertext to the data user;
若否,则不允许云存储模块将属性加密密文发送至数据使用方。If not, the cloud storage module is not allowed to send the attribute encryption ciphertext to the data consumer.
具体地,本申请获取属性加密密文中的访问控制矩阵,确定目标属性集合与访问控制矩阵匹配,基于该确定了的结果允许云存储模块将属性加密密文发送至数据使用方。进一步的,本申请获取属性加密密文中的访问控制矩阵,确定目标属性集合与访问控制矩阵不匹配,基于该确定了的结果不允许云存储模块将属性加密密文发送至数据使用方。Specifically, the application obtains the access control matrix in the attribute-encrypted ciphertext, determines that the target attribute set matches the access control matrix, and allows the cloud storage module to send the attribute-encrypted ciphertext to the data user based on the determined result. Further, the application obtains the access control matrix in the attribute encryption ciphertext, determines that the target attribute set does not match the access control matrix, and based on the determined result, the cloud storage module is not allowed to send the attribute encryption ciphertext to the data user.
具体地,在数据使用方访问云存储模块时,利用云存储模块的访问决策点实现:1)基于数据使用方的身份信息从身份提供模块中获得数据使用方对应的属性集合(称为目标属性集合)。2)获取属性加密密文C中的访问控制矩阵A,并判断目标属性集合与访问控制矩阵A是否匹配;若匹配,则云存储模块将属性加密密文C发送至数据使用方;若不匹配,则云存储模块不将属性加密密文C发送至数据使用方。Specifically, when the data user accesses the cloud storage module, the access decision point of the cloud storage module is used to realize: 1) Based on the identity information of the data user, the attribute set corresponding to the data user (called the target attribute) is obtained from the identity providing module gather). 2) Obtain the access control matrix A in the attribute encrypted ciphertext C, and judge whether the target attribute set matches the access control matrix A; if they match, the cloud storage module sends the attribute encrypted ciphertext C to the data user; if they do not match , then the cloud storage module will not send the attribute encrypted ciphertext C to the data user.
作为一种可选的实施例,属性加密密文的解密过程,包括:As an optional embodiment, the decryption process of the attribute encrypted ciphertext includes:
在数据使用方利用属性密文访问密钥管理模块时,利用密钥管理模块从身份提供模块中获得数据使用方对应的目标属性集合,并根据目标属性集合和文件标识确定目标属性集合对应的目标私钥集合;When the data user uses the attribute ciphertext to access the key management module, use the key management module to obtain the target attribute set corresponding to the data user from the identity providing module, and determine the target corresponding to the target attribute set according to the target attribute set and the file identifier collection of private keys;
基于目标私钥集合和属性密文对对称密钥进行解密,并将解密后的对称密钥经数据使用方的公钥加密后发送至数据使用方,以使数据使用方利用自身私钥解密得到对称密钥,并利用对称密钥解密文件密文,得到共享文件。Decrypt the symmetric key based on the target private key set and attribute ciphertext, and send the decrypted symmetric key to the data user after being encrypted with the public key of the data user, so that the data user can decrypt it with its own private key to obtain Symmetric key, and use the symmetric key to decrypt the ciphertext of the file to obtain the shared file.
具体地,在数据使用方接收到属性加密密文C后,数据使用方会利用属性密文CT访问密钥管理模块,利用密钥管理模块的属性判别点实现:1)基于数据使用方的身份信息从身份提供模块中获得数据使用方对应的目标属性集合,并根据目标属性集合和文件标识ID确定目标属性集合对应的目标私钥集合,然后基于目标私钥集合和属性密文CT对对称密钥进行解密(在密钥管理模块的可信执行环境中进行),并将解密后的对称密钥经数据使用方的公钥加密后发送至数据使用方,以使数据使用方利用自身私钥解密得到对称密钥sk,并利用对称密钥sk解密文件密文C
1,得到共享文件M。
Specifically, after the data user receives the attribute encrypted ciphertext C, the data user will use the attribute ciphertext CT to access the key management module, and use the attribute discrimination point of the key management module to realize: 1) Based on the identity of the data user Information obtains the target attribute set corresponding to the data user from the identity providing module, and determines the target private key set corresponding to the target attribute set according to the target attribute set and the file identification ID, and then based on the target private key set and attribute cipher text CT symmetrical encryption key to decrypt (in the trusted execution environment of the key management module), and the decrypted symmetric key is encrypted with the public key of the data user and then sent to the data user, so that the data user can use its own private key Decrypt to obtain the symmetric key sk, and use the symmetric key sk to decrypt the file ciphertext C 1 to obtain the shared file M.
作为一种可选的实施例,基于目标私钥集合和属性密文对对称密钥进行解密,包括:As an optional embodiment, decrypting the symmetric key based on the target private key set and attribute ciphertext includes:
根据派生私钥求取函数
得到派生私钥集合K
id;其中,K
x,id为目标属性集合的第x个属性对应的派生私钥;目标属性集合共有K
1个属性,x∈{1,2,3,…,K
1};id为数据使用方的用户id;
Find the function based on the derived private key Get the derived private key set K id ; among them, K x, id is the derived private key corresponding to the xth attribute of the target attribute set; the target attribute set has K 1 attributes in total, x∈{1,2,3,...,K 1 }; id is the user id of the data user;
根据数据求取函数find function from data
其中,ρ(x)表示将属性x映射到访问控制矩阵A的第ρ(x)行;Among them, ρ(x) means mapping the attribute x to the ρ(x)th row of the access control matrix A;
在Σ
xc
xA
ρ(x)=(1,0,...,0)下计算常量c
x,并根据
计算
其中,
为正整数;
The constant c x is calculated under Σ x c x A ρ(x) = (1, 0, ..., 0), and according to calculate in, is a positive integer;
根据解密函数
对对称密钥进行解密,得到对称密钥sk。
According to the decryption function Decrypt the symmetric key to get the symmetric key sk.
具体地,利用密钥管理模块解密对称密钥的过程包括:1)根据派生私钥求取函数
得到派生私钥集合K
id;其中,α
x,y
x为随机数,α
x,y
x∈Z
p;α
x,y
x的下角标x为数据使用方对应的目标属性集合的第x个属性,目标属性集合共有K
1个属性,x∈{1,2,3,…,K
1};K
x,id为目标属性集合的第x个属性对应的派生私钥;所有K
x,id(x∈{1,2,3,…,K
1})组成派生私钥集合K
id;id为数据使用方的用户id;H表示哈希函数。2)根据数据求取函数
计算
其中,ρ(x)表示将属性x映射到访问控制矩阵A的第ρ(x)行;
λ
ρ(x)=A
ρ(x)×V,A
ρ(x)为访问控制矩阵A的第ρ(x)行。3)在Σ
xc
xA
ρ(x)=(1,0,...,0)下计算常量c
x,并根据
计算
其中,c
x为正整数。4)根据解密函数
对对称密钥进行解密,得到对称密钥sk,则可利用对称密钥sk解密文件密文C
1,获得共享文件M=Dec
sk(C
1);其中,Dec
sk为解密函数,解密密钥为sk。
Specifically, the process of using the key management module to decrypt the symmetric key includes: 1) Obtaining the function according to the derived private key Obtain the derived private key set K id ; among them, α x , y x are random numbers, α x , y x ∈ Z p ; the subscript x of α x , y x is the xth of the target attribute set corresponding to the data user Attributes, the target attribute set has K 1 attributes in total, x∈{1,2,3,…,K 1 }; K x,id is the derived private key corresponding to the xth attribute of the target attribute set; all K x,id (x∈{1,2,3,...,K 1 }) constitutes the derived private key set K id ; id is the user id of the data user; H represents the hash function. 2) Find the function based on the data calculate Among them, ρ(x) means mapping the attribute x to the ρ(x)th row of the access control matrix A; λ ρ(x) =A ρ(x) ×V, A ρ(x) is the ρ(x)th row of the access control matrix A. 3) Calculate the constant c x under Σ x c x A ρ(x) = (1, 0, ..., 0), and according to calculate Wherein, c x is a positive integer. 4) According to the decryption function Decrypt the symmetric key to obtain the symmetric key sk, then use the symmetric key sk to decrypt the file ciphertext C 1 to obtain the shared file M=Dec sk (C 1 ); where, Dec sk is the decryption function, and the decryption key for sk.
作为一种可选的实施例,基于属性的加密方法还包括:As an optional embodiment, the attribute-based encryption method also includes:
判断允许访问共享文件的用户是否发生改变;Determine whether the user allowed to access the shared file has changed;
若是,则重新进入从身份提供模块中获取允许访问共享文件的用户对应的属性集合,并将获取的属性集合组合得到授权属性集合,且建立与授权属性集合相匹配的访问控制矩阵的步骤。If yes, then re-enter the steps of obtaining from the identity providing module the attribute sets corresponding to users who are allowed to access shared files, combining the acquired attribute sets to obtain an authorization attribute set, and establishing an access control matrix matching the authorization attribute set.
具体地,本申请确定允许访问共享文件的用户发生改变,基于该确定了的结果重新进入从身份提供模块中获取允许访问共享文件的用户对应的属性集合,并将获取的属性集合组合得到授权属性集合,且建立与授权属性集合相匹配的访问控制矩阵的步骤。Specifically, the application determines that the users who are allowed to access the shared files have changed, and based on the determined result, re-enter the attribute set corresponding to the user who is allowed to access the shared file from the identity provision module, and combine the acquired attribute sets to obtain the authorization attribute set, and the step of establishing an access control matrix matching the set of authorization attributes.
进一步地,第一种撤销相应属性的方式:判断允许访问共享文件的用户是否发生改变;若发生改变,则重新进入从身份提供模块中获取允许访问共享文件的用户对应的属性集合,并将获取的属性集合组合得到授权属性集合,且建立与授权属性集合相匹配的访问控制矩阵的步骤;若未发生改变,则不重新进入从身份提供模块中获取允许访问共享文件的用户对应的属性集合,并将获取的属性集合组合得到授权属性集合,且建立与授权属性集合相匹配的访问控制矩阵的步骤,使得不再允许访问共享文件的用户不能继续访问属性加密密文。具体地,本申请确定允许访问共享文件的用户未发生改变,基于该确定了的结果 不重新进入从身份提供模块中获取允许访问共享文件的用户对应的属性集合,并将获取的属性集合组合得到授权属性集合,且建立与授权属性集合相匹配的访问控制矩阵的步骤。Further, the first way to revoke the corresponding attribute: determine whether the user who is allowed to access the shared file has changed; The combination of attribute sets to obtain the authorization attribute set, and the step of establishing an access control matrix matching the authorization attribute set; if there is no change, then do not re-enter the attribute set corresponding to the user who is allowed to access the shared file from the identity providing module, and combining the obtained attribute sets to obtain an authorization attribute set, and establishing an access control matrix matching the authorization attribute set, so that users who are no longer allowed to access shared files cannot continue to access attribute encrypted ciphertext. Specifically, the application determines that the users who are allowed to access shared files have not changed, and based on the determined result, do not re-enter the attribute set corresponding to the user who is allowed to access shared files obtained from the identity provision module, and combine the acquired attribute sets to obtain An authorization attribute set, and a step of establishing an access control matrix matching the authorization attribute set.
作为一种可选的实施例,基于属性的加密方法还包括:As an optional embodiment, the attribute-based encryption method also includes:
在目标用户失去共享文件的访问权时,将密钥管理模块中目标用户的属性集合对应的非对称密钥设置为失效,以使目标用户无权访问属性加密密文。When the target user loses the access right to the shared file, set the asymmetric key corresponding to the attribute set of the target user in the key management module to be invalid, so that the target user has no right to access the attribute encrypted ciphertext.
进一步地,第二种撤销相应属性的方式:在目标用户失去共享文件的访问权时,将密钥管理模块中目标用户的属性集合对应的非对称密钥设置为失效,以使目标用户无权访问属性加密密文。Further, the second way to revoke the corresponding attribute: when the target user loses access to the shared file, set the asymmetric key corresponding to the attribute set of the target user in the key management module to invalid, so that the target user has no access Attribute encrypted ciphertext.
需要说明的是,上述两种撤销相应属性的方式择一选择即可,本申请在此不做特别的限定。It should be noted that it is sufficient to choose one of the above two ways of revoking the corresponding attribute, and this application does not make any special limitation here.
本申请基于属性加密的方法应用于如图2所示的基于属性加密的系统,基于属性加密的系统包括多个组织和一个云计算平台;其中,每个组织包含多个数据使用方、多个数据拥有方及一个身份提供模块;云计算平台包含统一的云存储模块、多个密钥管理模块;其中,每个密钥管理模块对应一个组织。具体地,如图3所示,身份提供模块包括身份认证模块和LDAP(Light Directory Access Protocol,轻量级目录访问协议)模块,所有用户均经过身份认证模块向LDAP模块进行身份注册,同时注册相应的属性集合。密钥管理模块包括属性判别点和密钥存储模块;其中,密钥存储模块用于存储密钥管理模块生成的密钥;属性判别点用于执行密钥管理模块生成的密钥的密钥管理流程(包含对称密钥解密流程)。云存储模块包括访问决策点和存储中心;其中,存储中心用于存储属性加密密文;访问决策点用于执行属性加密密文的访问控制流程(决定允不允许用户访问属性加密密文)。The method based on attribute encryption of this application is applied to the system based on attribute encryption as shown in Figure 2. The system based on attribute encryption includes multiple organizations and a cloud computing platform; wherein, each organization includes multiple data users, multiple The data owner and an identity providing module; the cloud computing platform includes a unified cloud storage module and multiple key management modules; each key management module corresponds to an organization. Specifically, as shown in Figure 3, the identity providing module includes an identity authentication module and an LDAP (Light Directory Access Protocol, Lightweight Directory Access Protocol) module. All users register their identities with the LDAP module through the identity authentication module, and register corresponding set of attributes. The key management module includes an attribute discrimination point and a key storage module; wherein, the key storage module is used to store the key generated by the key management module; the attribute discrimination point is used to perform key management of the key generated by the key management module Process (including symmetric key decryption process). The cloud storage module includes an access decision point and a storage center; wherein, the storage center is used to store the attribute encrypted ciphertext; the access decision point is used to implement the access control process of the attribute encrypted ciphertext (deciding whether to allow users to access the attribute encrypted ciphertext).
综上,本申请具有如下有益效果:1)本申请充分利用组织自身的LDAP身份验证系统和云计算平台中的密钥管理系统,实现了基于属性的加密系统,不需要可信的权威机构,充分利用了云计算平台的现有组织架构。2)本申请充分利用组织自身具有的LDAP身份验证系统,因此每个组织互不干扰,独立运行。LDAP既是用户登录系统的验证者,又是用户属性的可信提供者。3)在本申请基于属性的加密方法中,访问控制结构被嵌入到密文中,而密钥被绑定一组属性中,有效的实现访问控制。由于不同的用户可能有部分相同的属性,所以基于属性的加密方法可以实现一对多的安全的文件访问。4)利用属性对用户进行细粒度划分,并使用特定访问策略对数据进行加密,只有用户属性满足访问策略,才能成功解密密文,因此,基于属性的加密方法特别适用于在保证云平台用户隐私的前提下,对数据进行机密性保护。In summary, this application has the following beneficial effects: 1) This application makes full use of the organization's own LDAP identity verification system and the key management system in the cloud computing platform to realize an attribute-based encryption system without the need for a trusted authority, Make full use of the existing organizational structure of the cloud computing platform. 2) This application makes full use of the organization's own LDAP authentication system, so each organization operates independently without interfering with each other. LDAP is both the authenticator of the user login system and the trusted provider of user attributes. 3) In the attribute-based encryption method of this application, the access control structure is embedded in the ciphertext, and the key is bound to a set of attributes to effectively implement access control. Since different users may have some of the same attributes, the attribute-based encryption method can realize one-to-many secure file access. 4) Use attributes to classify users in a fine-grained manner, and use specific access policies to encrypt data. Only when user attributes meet the access policy can the ciphertext be successfully decrypted. Therefore, attribute-based encryption methods are especially suitable for ensuring user privacy on cloud platforms. Under the premise of protecting the confidentiality of data.
本申请还提供了一种基于属性的加密系统,包括:The present application also provides an attribute-based encryption system, including:
身份提供模块,用于注册用户的身份信息及其对应的属性集合;The identity provision module is used to register the user's identity information and its corresponding attribute set;
数据拥有方,用于从身份提供模块中获取允许访问共享文件的用户对应的属性集合,并将获取的属性集合组合得到授权属性集合,且建立与授权属性集合相匹配的访问控制矩阵;基于共享文件的文件标识及授权属性集合向密钥管理模块请求一个对称密钥及与授权属性集合中各属性一一对应的非对称密钥;接收密钥管理模块返回的对称密钥和非对称密钥的公钥集合,并利用对称密钥加密共享文件,得到文件密文,且基于访问控制矩阵和公钥集合对对称密钥进行基于属性的加密,得到属性密文;将访问控制矩阵、文件密文及属性密文组合得到属性加密密文,并将属性加密密文上传至云存储模块,以使云存储模块只允许与访问控制矩阵匹配的用户读取并解密属性加密密文,得到共享文件;The data owner is used to obtain the attribute set corresponding to the user who is allowed to access the shared file from the identity providing module, and combine the obtained attribute set to obtain the authorization attribute set, and establish an access control matrix matching the authorization attribute set; based on sharing The file identifier and authorization attribute set of the file request a symmetric key and an asymmetric key corresponding to each attribute in the authorization attribute set from the key management module; receive the symmetric key and asymmetric key returned by the key management module The public key set, and use the symmetric key to encrypt the shared file to obtain the file ciphertext, and based on the access control matrix and the public key set, perform attribute-based encryption on the symmetric key to obtain the attribute ciphertext; the access control matrix, file encryption text and attribute ciphertext to obtain attribute encrypted ciphertext, and upload the attribute encrypted ciphertext to the cloud storage module, so that the cloud storage module only allows users matching the access control matrix to read and decrypt the attribute encrypted ciphertext to obtain shared files ;
密钥管理模块,用于基于共享文件的文件标识及授权属性集合生成一个对称密钥及与授权属性集合中各属性一一对应的非对称密钥,并将对称密钥和非对称密钥的公钥集合返回至数据拥有方;The key management module is used to generate a symmetric key and an asymmetric key corresponding to each attribute in the authorization attribute set based on the file identification and the authorization attribute set of the shared file, and combine the symmetric key and the asymmetric key The public key set is returned to the data owner;
云存储模块,用于存储属性加密密文。Cloud storage module, used to store attribute encrypted ciphertext.
作为一种可选的实施例,身份提供模块包括:As an optional embodiment, the identity providing module includes:
身份认证模块;Identity authentication module;
LDAP模块,用于经身份认证模块注册用户的身份信息及其对应的属性集合;The LDAP module is used to register the user's identity information and its corresponding attribute collection through the identity authentication module;
密钥管理模块包括:The key management module includes:
属性判别点,用于执行密钥管理模块生成的密钥的密钥管理流程;The attribute discrimination point is used to execute the key management process of the key generated by the key management module;
密钥存储模块,用于存储密钥管理模块生成的密钥;The key storage module is used to store the key generated by the key management module;
云存储模块包括:Cloud storage modules include:
访问决策点,用于执行属性加密密文的访问控制流程;Access decision point, used to execute the access control process of attribute encrypted ciphertext;
存储中心,用于存储属性加密密文。The storage center is used to store attribute encrypted ciphertext.
本申请提供的基于属性的加密系统的介绍请参考上述基于属性的加密方法的实施例,本申请在此不再赘述。For the introduction of the attribute-based encryption system provided in this application, please refer to the above-mentioned embodiment of the attribute-based encryption method, and the present application will not repeat it here.
本申请提供的一种计算机设备,该计算机设备可以是服务器,其内部结构图可以如图4所示。该计算机设备包括通过系统总线连接的处理器、存储器、网络接口和数据库。其中,该计算机设备的处理器用于提供计算和控制能力。该计算机设备的存储器包括非易失性存储介质、内存储器。该非易失性存储介质存储有操作系统、计算机程序和数据库。该内存储器为非易失性存储介质中的操作系统和计算机程序的运行提供环境。该计算机设 备的数据库用于存储上述的基于属性的加密方法的相关数据。该计算机设备的网络接口用于与外部的终端通过网络连接通信。该计算机程序被处理器执行时以实现上述的基于属性的加密方法。A computer device provided by the present application may be a server, and its internal structure may be as shown in FIG. 4 . The computer device includes a processor, memory, network interface and database connected by a system bus. Wherein, the processor of the computer device is used to provide calculation and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs and databases. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage medium. The database of the computer equipment is used to store relevant data of the above-mentioned attribute-based encryption method. The network interface of the computer device is used to communicate with an external terminal via a network connection. When the computer program is executed by the processor, the above-mentioned attribute-based encryption method can be realized.
本申请提供的一种计算机设备,包括:存储器和一个或多个处理器,存储器中储存有计算机可读指令,计算机可读指令被处理器执行时,使得一个或多个处理器执行上述任意一个实施例中上述的基于属性的加密方法的步骤。A computer device provided by the present application includes: a memory and one or more processors, where computer-readable instructions are stored in the memory, and when the computer-readable instructions are executed by the processor, the one or more processors execute any one of the above-mentioned The steps of the above-mentioned attribute-based encryption method in the embodiment.
本说明书实施例还提供一个或多个存储有计算机可读指令的非易失性存储介质,计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行上述任意一个实施例中上述的基于属性的加密方法的步骤。The embodiment of the present specification also provides one or more non-volatile storage media storing computer-readable instructions, and when the computer-readable instructions are executed by one or more processors, one or more processors can execute any one of the above-mentioned implementations. The steps of the attribute-based encryption method described above in the example.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机可读指令来指令相关的硬件来完成,的计算机可读指令可存储于一非易失性计算机可读取存储介质中,该计算机可读指令在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above-mentioned embodiments can be completed by instructing related hardware through computer-readable instructions, and the computer-readable instructions can be stored in a non-volatile computer-readable When the computer-readable instructions are executed, the computer-readable instructions may include the processes of the embodiments of the above-mentioned methods. Wherein, any references to memory, storage, database or other media used in the various embodiments provided in the present application may include non-volatile and/or volatile memory. Nonvolatile memory can include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory can include random access memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in many forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Chain Synchlink DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
以上实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,只要这些技术特征的组合不存在矛盾,都应当认为是本说明书记载的范围。The technical features of the above embodiments can be combined arbitrarily. To make the description concise, all possible combinations of the technical features in the above embodiments are not described. However, as long as there is no contradiction in the combination of these technical features, they should be It is considered to be within the range described in this specification.
以上实施例仅表达了本申请的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对发明专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本申请构思的前提下,还可以做出若干变形和改进,这些都属于本申请的保护范围。因此,本申请专利的保护范围应以所附权利要求为准。The above examples only express several implementation modes of the present application, and the description thereof is relatively specific and detailed, but should not be construed as limiting the scope of the patent for the invention. It should be noted that those skilled in the art can make several modifications and improvements without departing from the concept of the present application, and these all belong to the protection scope of the present application. Therefore, the scope of protection of the patent application should be based on the appended claims.
Claims (14)
- 一种基于属性的加密方法,其特征在于,包括:An attribute-based encryption method, characterized in that it comprises:预先利用身份提供模块注册用户的身份信息及其对应的属性集合;Use the identity provision module to register the user's identity information and its corresponding attribute set in advance;从所述身份提供模块中获取允许访问共享文件的用户对应的属性集合,并将获取的属性集合组合得到授权属性集合,且建立与所述授权属性集合相匹配的访问控制矩阵;Obtain from the identity providing module the attribute set corresponding to the user who is allowed to access the shared file, combine the acquired attribute set to obtain an authorization attribute set, and establish an access control matrix matching the authorization attribute set;基于所述共享文件的文件标识及所述授权属性集合向密钥管理模块请求一个对称密钥及与所述授权属性集合中各属性一一对应的非对称密钥;Requesting a symmetric key and an asymmetric key corresponding to each attribute in the authorization attribute set from the key management module based on the file identifier of the shared file and the authorization attribute set;接收所述密钥管理模块返回的所述对称密钥和所述非对称密钥的公钥集合,并利用所述对称密钥加密所述共享文件,得到文件密文,且基于所述访问控制矩阵和所述公钥集合对所述对称密钥进行基于属性的加密,得到属性密文;和receiving the public key set of the symmetric key and the asymmetric key returned by the key management module, and encrypting the shared file with the symmetric key to obtain file ciphertext, and based on the access control The matrix and the set of public keys perform attribute-based encryption on the symmetric key to obtain attribute ciphertext; and将所述访问控制矩阵、所述文件密文及所述属性密文组合得到属性加密密文,并将所述属性加密密文上传至云存储模块,以使所述云存储模块只允许与所述访问控制矩阵匹配的用户读取并解密所述属性加密密文,得到所述共享文件。Combining the access control matrix, the file ciphertext, and the attribute ciphertext to obtain attribute encryption ciphertext, and uploading the attribute encryption ciphertext to the cloud storage module, so that the cloud storage module only allows The user who matches the access control matrix reads and decrypts the attribute encrypted ciphertext to obtain the shared file.
- 如权利要求1所述的基于属性的加密方法,其特征在于,利用所述密钥管理模块,基于所述共享文件的文件标识及所述授权属性集合生成一个对称密钥及与所述授权属性集合中各属性一一对应的非对称密钥,包括:The attribute-based encryption method according to claim 1, characterized in that, using the key management module, a symmetric key is generated based on the file identifier of the shared file and the authorization attribute set and is related to the authorization attribute An asymmetric key corresponding to each attribute in the collection, including:根据全局参数设置函数Global Setup(λ)→GP进行全局参数设置,得到全局参数GP={g 1,G,G T,Z p,q,p,H};其中,所述全局参数GP为所有用户提供;λ为安全参数;H表示哈希函数,其具有映射功能H:{0,1} *→G;G为一个阶为q的双线性群;g 1∈G;G T为一个阶为q的乘法循环群;Z p为一个阶为p的整数循环群;和 Perform global parameter setting according to the global parameter setting function Global Setup(λ)→GP, and obtain the global parameter GP={g 1 ,G,G T ,Z p ,q,p,H}; wherein, the global parameter GP is all Provided by the user; λ is a security parameter; H represents a hash function, which has a mapping function H:{0,1} * →G; G is a bilinear group with order q; g 1 ∈ G; G T is a a multiplicative cyclic group of order q; Z p is an integer cyclic group of order p; and根据密钥生成函数GkeyGen(ID,S,GP,pk u)→PK,SK,sk生成一个对称密钥sk及与所述授权属性集合中各属性一一对应的非对称密钥(PK,SK),以将所述对称密钥和所述非对称密钥的公钥集合经所述共享文件的拥有方公钥pk u加密后返回;其中,ID为所述文件标识;S为所述授权属性集合;PK为所述非对称密钥的公钥,e为双线性映射:G×G→G T;SK为所述非对称密钥的私钥,SK={α i,y i};α i,y i为随机数,α i,y i∈Z p;i为所述访问控制矩阵对应的第i个属性,共有K个属性,i∈{1,2,3,…,K}。 According to the key generation function GkeyGen(ID, S, GP, pk u ) → PK, SK, sk, generate a symmetric key sk and an asymmetric key (PK, SK ), to return the public key set of the symmetric key and the asymmetric key after being encrypted by the owner public key pk u of the shared file; wherein, ID is the file identifier; S is the authorization attribute set; PK is the public key of the asymmetric key,
e is a bilinear mapping: G×G→G T ; SK is the private key of the asymmetric key, SK={α i , y i }; α i , y i are random numbers, α i , y i ∈Z p ; i is the i-th attribute corresponding to the access control matrix, there are K attributes in total, i∈{1,2,3,...,K}. - 如权利要求2所述的基于属性的加密方法,其特征在于,接收所述密钥管理模块返回的所述对称密钥和所述非对称密钥的公钥集合,并利用所述对称密钥加密所述共享文件,得到文件密文,且基于所述访问控制矩阵和所述公钥集合对所述对称密钥进行基于属性的加密,得到属性密文,包括:The attribute-based encryption method according to claim 2, wherein the public key set of the symmetric key and the asymmetric key returned by the key management module is received, and the symmetric key is used to Encrypting the shared file to obtain file ciphertext, and performing attribute-based encryption on the symmetric key based on the access control matrix and the public key set to obtain attribute ciphertext, including:基于所述共享文件的拥有方私钥对所述密钥管理模块返回的密文进行解密,得到所述对称密钥sk和所述非对称密钥的公钥集合{PK};Decrypt the ciphertext returned by the key management module based on the private key of the owner of the shared file to obtain the public key set {PK} of the symmetric key sk and the asymmetric key;利用所述对称密钥sk加密所述共享文件,得到文件密文C 1;和 Using the symmetric key sk to encrypt the shared file to obtain file ciphertext C1 ; and基于所述访问控制矩阵A和所述公钥集合{PK}对所述对称密钥sk进行基于属性的加密,得到属性密文CT={C 2,C 3,C 4,C 5};其中,A为K×L的矩阵,K为矩阵A的行数,L为矩阵A的列数;所有C 3,i组成C 3;
所有C 4,i组成C 4;
所有C 5,i组成C 5;s 1为随机数,s 1∈Z p;λ i=A i×v;A i为A的第i行;v为随机向量,v∈Z P L;v的第一个元素为s 1,其它元素为随机数;r i为一个随机数,r i∈Z p;ρ为一个用于将属性与矩阵A的行联系起来的属性映射函数。 Perform attribute-based encryption on the symmetric key sk based on the access control matrix A and the public key set {PK} to obtain attribute ciphertext CT={C 2 , C 3 , C 4 , C 5 }; where , A is a K×L matrix, K is the number of rows of matrix A, and L is the number of columns of matrix A;
All C 3,i form C 3 ;All C 4,i form C 4 ;All C 5,i form C 5 ; s 1 is a random number, s 1 ∈ Z p ; λ i =A i ×v; A i is the i-th row of A; v is a random vector, v∈ Z P L ; v The first element of is s 1 , and other elements are random numbers; ri is a random number, ri ∈ Z p ; ρ is an attribute mapping function used to associate attributes with rows of matrix A. - 如权利要求3所述的基于属性的加密方法,其特征在于,将所述访问控制矩阵、所述文件密文及所述属性密文组合得到属性加密密文,包括:The attribute-based encryption method according to claim 3, wherein the combination of the access control matrix, the file ciphertext and the attribute ciphertext to obtain the attribute encryption ciphertext comprises:基于所述访问控制矩阵A、所述文件密文C 1及所述属性密文CT,得到属性加密密文C={ID,A,ρ,C 1,CT,sign};其中,sign为数字签名。 Based on the access control matrix A, the file ciphertext C 1 and the attribute ciphertext CT, the attribute encrypted ciphertext C={ID,A,ρ,C 1 ,CT,sign}; where sign is a number sign.
- 如权利要求4所述的基于属性的加密方法,其特征在于,从所述云存储模块中读取所述属性加密密文,包括:The attribute-based encryption method according to claim 4, wherein reading the attribute-encrypted ciphertext from the cloud storage module comprises:在数据使用方访问所述云存储模块时,基于所述数据使用方的身份信息从所述身份提供模块中获得所述数据使用方对应的目标属性集合;When a data user accesses the cloud storage module, obtain a target attribute set corresponding to the data user from the identity providing module based on the identity information of the data user;获取所述属性加密密文中的访问控制矩阵;Obtain the access control matrix in the attribute encrypted ciphertext;在所述目标属性集合与所述访问控制矩阵匹配时,允许所述云存储模块将所述属性加密密文发送至所述数据使用方;和When the target attribute set matches the access control matrix, allowing the cloud storage module to send the attribute encrypted ciphertext to the data consumer; and在所述目标属性集合与所述访问控制矩阵不匹配时,不允许所述云存储模块将所述属性加密密文发送至所述数据使用方。When the target attribute set does not match the access control matrix, the cloud storage module is not allowed to send the attribute encrypted ciphertext to the data user.
- 如权利要求5所述的基于属性的加密方法,其特征在于,所述属性加密密文的解密过程,包括:The attribute-based encryption method according to claim 5, wherein the decryption process of the attribute-encrypted ciphertext comprises:在所述数据使用方利用所述属性密文访问所述密钥管理模块时,利用所述密钥管理模块从所述身份提供模块中获得所述数据使用方对应的目标属性集合,并根据所述目标属性集合和所述文件标识确定所述目标属性集合对应的目标私钥集合;和When the data user uses the attribute ciphertext to access the key management module, use the key management module to obtain the target attribute set corresponding to the data user from the identity providing module, and according to the The target attribute set and the file identifier determine the target private key set corresponding to the target attribute set; and基于所述目标私钥集合和所述属性密文对所述对称密钥进行解密,并将解密后的对称密钥经所述数据使用方的公钥加密后发送至所述数据使用方,以使所述数据使用方利用自身私钥解密得到所述对称密钥,并利用所述对称密钥解密所述文件密文,得到所述共享文件。Decrypt the symmetric key based on the target private key set and the attribute ciphertext, and send the decrypted symmetric key to the data user after being encrypted with the public key of the data user, so as to The data user is made to use its own private key to decrypt to obtain the symmetric key, and to use the symmetric key to decrypt the file ciphertext to obtain the shared file.
- 如权利要求6所述的基于属性的加密方法,其特征在于,基于所述目标私钥集合和所述属性密文对所述对称密钥进行解密,包括:The attribute-based encryption method according to claim 6, wherein decrypting the symmetric key based on the target private key set and the attribute ciphertext comprises:根据派生私钥求取函数得到派生私钥集合K id;其中,K x,id为所述目标属性集合的第x个属性对应的派生私钥;所述目标属性集合共有K 1个属性,x∈{1,2,3,…,K 1};id为所述数据使用方的用户id; Find the function based on the derived private key
Obtain the derived private key set K id ; wherein, K x, id is the derived private key corresponding to the xth attribute of the target attribute set; the target attribute set has a total of K 1 attributes, and x∈{1,2,3 ,...,K 1 }; id is the user id of the data user;根据数据求取函数计算
其中,ρ(x)表示将属性x映射到所述访问控制矩阵A的第ρ(x)行; find function from data
calculateWherein, ρ(x) represents that the attribute x is mapped to the ρ(x) row of the access control matrix A;在∑ xc xA ρ(x)=(1,0,..,0)下计算常量c x,并根据计算
其中,
为正整数;和 The constant c x is calculated under ∑ x c x A ρ(x) = (1, 0, .., 0), and according to
calculatein,is a positive integer; and根据解密函数对所述对称密钥进行解密,得到所述对称密钥sk。 According to the decryption function
The symmetric key is decrypted to obtain the symmetric key sk. - 如权利要求1-7任一项所述的基于属性的加密方法,其特征在于,所述基于属性的加密方法还包括:The attribute-based encryption method according to any one of claims 1-7, wherein the attribute-based encryption method further comprises:在允许访问所述共享文件的用户发生改变时,重新进入从所述身份提供模块中获取允许访问共享文件的用户对应的属性集合,并将获取的属性集合组合得到授权属性集合,且建立与所述授权属性集合相匹配的访问控制矩阵的步骤。When the user who is allowed to access the shared file changes, re-enter the attribute set corresponding to the user who is allowed to access the shared file from the identity providing module, combine the acquired attribute set to obtain an authorization attribute set, and establish a Steps to match the access control matrix with the set of authorization attributes described above.
- 如权利要求8所述的基于属性的加密方法,其特征在于,所述基于属性的加密方法还包括:The attribute-based encryption method according to claim 8, wherein the attribute-based encryption method further comprises:在允许访问所述共享文件的用户未发生改变时,不重新进入从身份提供模块中获取允许访问共享文件的用户对应的属性集合,并将获取的属性集合组合得到授权属性集合,且建立与授权属性集合相匹配的访问控制矩阵的步骤。When the user allowed to access the shared file has not changed, do not re-enter the attribute set corresponding to the user who is allowed to access the shared file from the identity providing module, and combine the acquired attribute set to obtain an authorized attribute set, and establish and authorize The set of attributes matches the steps in the access control matrix.
- 如权利要求1-7任一项所述的基于属性的加密方法,其特征在于,所述基于属性的加密方法还包括:The attribute-based encryption method according to any one of claims 1-7, wherein the attribute-based encryption method further comprises:在目标用户失去所述共享文件的访问权时,将所述密钥管理模块中所述目标用户的属性集合对应的非对称密钥设置为失效,以使所述目标用户无权访问所述属性加密密文。When the target user loses the access right to the shared file, set the asymmetric key corresponding to the attribute set of the target user in the key management module to be invalid, so that the target user has no right to access the attribute encryption ciphertext.
- 一种基于属性的加密系统,其特征在于,包括:An attribute-based encryption system, characterized in that it comprises:身份提供模块,用于注册用户的身份信息及其对应的属性集合;The identity provision module is used to register the user's identity information and its corresponding attribute set;数据拥有方,用于从所述身份提供模块中获取允许访问共享文件的用户对应的属性集合,并将获取的属性集合组合得到授权属性集合,且建立与所述授权属性集合相匹配的访问控制矩阵;基于所述共享文件的文件标识及所述授权属性集合向密钥管理模块请求一个对称密钥及与所述授权属性集合中各属性一一对应的非对称密钥;接收所述密钥管理模块返回的所述对称密钥和所述非对称密钥的公钥集合,并利用所述对称密钥加密所述共享文件,得到文件密文,且基于所述访问控制矩阵和所述公钥集合对所述对称密钥进行基于属性的加密,得到属性密文;将所述访问控制矩阵、所述文件密文及所述属性密文组合得到属性加密密文,并将所述属性加密密文上传至云存储模块,以使所述云存储模块只允许与所述访问控制矩阵匹配的用户读取并解密所述属性加密密文,得到所述共享文件;The data owner is used to acquire from the identity providing module the attribute set corresponding to the user who is allowed to access the shared file, combine the acquired attribute set to obtain an authorization attribute set, and establish an access control matching the authorization attribute set Matrix; request a symmetric key and an asymmetric key corresponding to each attribute in the authorization attribute set from the key management module based on the file identifier of the shared file and the authorization attribute set; receive the key The management module returns the public key set of the symmetric key and the asymmetric key, and encrypts the shared file with the symmetric key to obtain file ciphertext, and based on the access control matrix and the public key The key set performs attribute-based encryption on the symmetric key to obtain attribute ciphertext; combine the access control matrix, the file ciphertext and the attribute ciphertext to obtain attribute encryption ciphertext, and encrypt the attribute The ciphertext is uploaded to the cloud storage module, so that the cloud storage module only allows users matching the access control matrix to read and decrypt the attribute encrypted ciphertext to obtain the shared file;所述密钥管理模块,用于基于所述共享文件的文件标识及所述授权属性集合生成一个对称密钥及与所述授权属性集合中各属性一一对应的非对称密钥,并将所述对称密钥和所述非对称密钥的公钥集合返回至所述数据拥有方;和The key management module is configured to generate a symmetric key and an asymmetric key corresponding to each attribute in the authorization attribute set based on the file identifier of the shared file and the authorization attribute set, and generate the the set of public keys for said symmetric key and said asymmetric key are returned to said data owner; and所述云存储模块,用于存储所述属性加密密文。The cloud storage module is used to store the attribute encryption ciphertext.
- 如权利要求11所述的基于属性的加密系统,其特征在于,所述身份提供模块包括:The attribute-based encryption system according to claim 11, wherein the identity providing module comprises:身份认证模块;Identity authentication module;LDAP模块,用于经所述身份认证模块注册用户的身份信息及其对应的属性集合;The LDAP module is used to register the user's identity information and its corresponding attribute set through the identity authentication module;所述密钥管理模块包括:The key management module includes:属性判别点,用于执行所述密钥管理模块生成的密钥的密钥管理流程;An attribute discrimination point, used to execute the key management process of the key generated by the key management module;密钥存储模块,用于存储所述密钥管理模块生成的密钥;a key storage module, configured to store the key generated by the key management module;所述云存储模块包括:The cloud storage module includes:访问决策点,用于执行所述属性加密密文的访问控制流程;和an access decision point for enforcing the access control process for said attribute encrypted ciphertext; and存储中心,用于存储所述属性加密密文。The storage center is used to store the attribute encrypted ciphertext.
- 一种计算机设备,包括存储器及一个或多个处理器,存储器中储存有计算机可读指令,计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行如权利要求1-10任一所述方法的步骤。A computer device, comprising a memory and one or more processors, wherein computer readable instructions are stored in the memory, and when the computer readable instructions are executed by the one or more processors, the one or more processors are executed as claimed in claim 1 - 10 the steps of any of said methods.
- 一个或多个存储有计算机可读指令的非易失性计算机可读存储介质,计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行如权利要求1-10任一所述方法的步骤。One or more non-volatile computer-readable storage media storing computer-readable instructions, when the computer-readable instructions are executed by one or more processors, the one or more processors perform any of claims 1-10 A step of said method.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111518960.3A CN113918981B (en) | 2021-12-14 | 2021-12-14 | Attribute-based encryption method and system |
| CN202111518960.3 | 2021-12-14 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2023109056A1 true WO2023109056A1 (en) | 2023-06-22 |
Family
ID=79249006
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/CN2022/099648 WO2023109056A1 (en) | 2021-12-14 | 2022-06-19 | Attribute-based encryption method and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN113918981B (en) |
| WO (1) | WO2023109056A1 (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117081803A (en) * | 2023-08-17 | 2023-11-17 | 云南财经大学 | Internet of things ciphertext access control method based on blockchain |
| CN117270936A (en) * | 2023-10-10 | 2023-12-22 | 武汉碧涯科技有限公司 | Cloud platform operation and maintenance method and system |
| CN117714211A (en) * | 2024-02-04 | 2024-03-15 | 杭州海康威视数字技术股份有限公司 | Attribute encryption method, system and device supporting data integrity audit |
| CN117725619A (en) * | 2024-02-06 | 2024-03-19 | 北京电科智芯科技有限公司 | Data sharing method, device, computer equipment, chip and readable storage medium |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113918981B (en) * | 2021-12-14 | 2022-03-08 | 苏州浪潮智能科技有限公司 | Attribute-based encryption method and system |
| CN114465790B (en) * | 2022-01-24 | 2024-08-27 | 蚂蚁区块链科技(上海)有限公司 | Method, device and equipment for processing IP content library service |
| CN114363858A (en) * | 2022-03-21 | 2022-04-15 | 苏州浪潮智能科技有限公司 | Conversation and registration method, system and related components of cellular internet of vehicles cooperative communication |
| CN114844632A (en) * | 2022-04-26 | 2022-08-02 | 维沃移动通信有限公司 | Data transmission method and device and electronic equipment |
| CN117454434B (en) * | 2023-12-22 | 2024-02-23 | 北京天润基业科技发展股份有限公司 | Database attribute statistics method and system based on secret sharing and electronic equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2010244432A (en) * | 2009-04-08 | 2010-10-28 | Nippon Telegr & Teleph Corp <Ntt> | File sharing system, shared file server device, file sharing method, access control method of shared file server device, and programs thereof |
| CN104468664A (en) * | 2013-09-18 | 2015-03-25 | 中兴通讯股份有限公司 | Method and device for uploading files to cloud storage system, and method and device for downloading files from cloud storage system |
| CN110636500A (en) * | 2019-08-27 | 2019-12-31 | 西安电子科技大学 | Access control system and method supporting cross-domain data sharing and wireless communication system |
| CN113761594A (en) * | 2021-09-09 | 2021-12-07 | 安徽师范大学 | Three-party authenticable key agreement and data sharing method based on identity |
| CN113918981A (en) * | 2021-12-14 | 2022-01-11 | 苏州浪潮智能科技有限公司 | Attribute-based encryption method and system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106612169A (en) * | 2016-05-25 | 2017-05-03 | 四川用联信息技术有限公司 | Safe data sharing method in cloud environment |
| CN113132103B (en) * | 2021-03-11 | 2022-07-12 | 西安电子科技大学 | Data cross-domain security sharing system and method |
-
2021
- 2021-12-14 CN CN202111518960.3A patent/CN113918981B/en active Active
-
2022
- 2022-06-19 WO PCT/CN2022/099648 patent/WO2023109056A1/en unknown
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2010244432A (en) * | 2009-04-08 | 2010-10-28 | Nippon Telegr & Teleph Corp <Ntt> | File sharing system, shared file server device, file sharing method, access control method of shared file server device, and programs thereof |
| CN104468664A (en) * | 2013-09-18 | 2015-03-25 | 中兴通讯股份有限公司 | Method and device for uploading files to cloud storage system, and method and device for downloading files from cloud storage system |
| CN110636500A (en) * | 2019-08-27 | 2019-12-31 | 西安电子科技大学 | Access control system and method supporting cross-domain data sharing and wireless communication system |
| CN113761594A (en) * | 2021-09-09 | 2021-12-07 | 安徽师范大学 | Three-party authenticable key agreement and data sharing method based on identity |
| CN113918981A (en) * | 2021-12-14 | 2022-01-11 | 苏州浪潮智能科技有限公司 | Attribute-based encryption method and system |
Non-Patent Citations (1)
| Title |
|---|
| LIANG CAI, TU GUOQING, LIU MENGJUN: "Fine-grained Home File Security Sharing Scheme Based on Attribute Encryption", COMPUTER ENGINEERING, vol. 44, no. 4, 15 April 2018 (2018-04-15), pages 206 - 211, XP093071401 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117081803A (en) * | 2023-08-17 | 2023-11-17 | 云南财经大学 | Internet of things ciphertext access control method based on blockchain |
| CN117270936A (en) * | 2023-10-10 | 2023-12-22 | 武汉碧涯科技有限公司 | Cloud platform operation and maintenance method and system |
| CN117270936B (en) * | 2023-10-10 | 2024-03-19 | 武汉碧涯科技有限公司 | Cloud platform operation and maintenance method and system |
| CN117714211A (en) * | 2024-02-04 | 2024-03-15 | 杭州海康威视数字技术股份有限公司 | Attribute encryption method, system and device supporting data integrity audit |
| CN117714211B (en) * | 2024-02-04 | 2024-04-30 | 杭州海康威视数字技术股份有限公司 | Attribute encryption method, system and device supporting data integrity audit |
| CN117725619A (en) * | 2024-02-06 | 2024-03-19 | 北京电科智芯科技有限公司 | Data sharing method, device, computer equipment, chip and readable storage medium |
| CN117725619B (en) * | 2024-02-06 | 2024-05-07 | 北京电科智芯科技有限公司 | Data sharing method, device, computer equipment, chip and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113918981A (en) | 2022-01-11 |
| CN113918981B (en) | 2022-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2023109056A1 (en) | Attribute-based encryption method and system | |
| US10673626B2 (en) | Threshold secret share authentication proof and secure blockchain voting with hardware security modules | |
| CN109040045B (en) | Cloud storage access control method based on ciphertext policy attribute-based encryption | |
| KR102025409B1 (en) | Data access management system based on blockchain and method thereof | |
| Yan et al. | Deduplication on encrypted big data in cloud | |
| Yan et al. | Heterogeneous data storage management with deduplication in cloud computing | |
| Gao et al. | Blockchain based IIoT data sharing framework for SDN-enabled pervasive edge computing | |
| CN114039790B (en) | Fine-grained cloud storage security access control method based on blockchain | |
| US20170142082A1 (en) | System and method for secure deposit and recovery of secret data | |
| US20150067330A1 (en) | Method and system for network data access | |
| US20140112470A1 (en) | Method and system for key generation, backup, and migration based on trusted computing | |
| US11604888B2 (en) | Digital storage and data transport system | |
| CN113645195A (en) | Ciphertext access control system and method based on CP-ABE and SM4 | |
| Tu et al. | A secure, efficient and verifiable multimedia data sharing scheme in fog networking system | |
| CN115567247A (en) | Decentralized multi-authority privacy protection data access control method and system | |
| WO2023226308A1 (en) | File sharing methods, file sharing system, electronic device and readable storage medium | |
| Rizvi et al. | A trusted third-party (TTP) based encryption scheme for ensuring data confidentiality in cloud environment | |
| Saha et al. | A cloud security framework for a data centric WSN application | |
| Athena et al. | An identity attribute–based encryption using elliptic curve digital signature for patient health record maintenance | |
| Mahalakshmi et al. | Effectuation of secure authorized deduplication in hybrid cloud | |
| TW202213147A (en) | Distributed anonymized compliant encryption management system | |
| CN114762291A (en) | Method, computer program and data sharing system for sharing user specific data of a user | |
| Hussien et al. | Scheme for ensuring data security on cloud data storage in a semi-trusted third party auditor | |
| CN106790100B (en) | Data storage and access control method based on asymmetric cryptographic algorithm | |
| Mahmoud et al. | A robust cryptographic‐based system for secure data sharing in cloud environments |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 22905822 Country of ref document: EP Kind code of ref document: A1 |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |