云存储中基于代理重加密的CP-ABE访问控制方案

针对云存储中基于密文策略的属性加密（CP-ABE）访问控制方案存在用户解密开销较大的问题，提出了一种基于代理重加密的CP-ABE （CP-ABE-BPRE）方案，并对密钥的生成方法进行了改进。此方案包含五个组成部分，分别是可信任密钥授权、数据属主、云服务提供商、代理解密服务器和数据访问者，其中云服务器对数据进行重加密，代理解密服务器完成大部分的解密计算。方案能够有效地降低用户的解密开销，在保证数据细粒度访问控制的同时还支持用户属性的直接撤销，并解决了传统CP-ABE方案中因用户私钥被非法盗取带来的数据泄露问题。与其他CP-ABE方案比较，此方案对访问云数据的用户在解密性能方面具有较好的优势。

CP-ABE access control scheme based on proxy re-encryption in cloud storage

Focused on the large user's decryption overhead of the Ciphertext Policy Attribute-Based Encryption (CP-ABE) access control scheme in cloud storage, a CP-ABE Access Control Scheme Based on Proxy Re-Encryption (CP-ABE-BPRE) was proposed, and the key generation method was improved. Five components were included in this scheme:trusted key authority, data owner, cloud service provider, proxy decryption server and data visitor. The cloud server re-encrypted the data, and the proxy decryption server performed most of the decryption calculation. The proposed scheme reduces the user's decryption overhead effectively,and solves the data leakage problem caused by illegal stealing of the user's private key in the traditional CP-ABE scheme, and the direct revocation of user attributes is provided while the fine-grained access control is ensured in the scheme. A comparison with other CP-ABE schemes demonstrates that this scheme has better decryption performance for users when accessing cloud data.