多云服务提供者环境下的一种用户密钥撤销方法

密钥信息泄露是互联云服务难题之一，为解决该问题，该文提出一种基于属性环签名的用户密钥撤销方案。该方案以互联云的用户密文访问方法为研究对象，论述了无属性泄露的密文矩阵映射机制，多授权者自主扩展属性集生成密钥，从而令云服务提供者(CSP)无法获得用户完整属性，达到消除属性存储负载的目的。另外，该方案以撤销环与单调张成算法为基础设计用户签名验证撤销机制，令CSP、授权者与用户共同组成属性环，接受CSP定义密文访问结构，用户签名只有通过源CSP验证才能访问密文，授权者撤销部分属性失效用户解密密钥，从而达到权限撤销不影响其它用户访问的目的。该方案以密文策略属性基加密(CP-ABE)与单调张成算法为基础设计多用户组合属性共谋抵抗机制，用以保护属性的机密性。最后，给出该方案通信成本和计算效率的性能分析，用以验证该方法的有效性。

User Key Revocation Method for Multi-cloud Service Providers

Key information leakage is one of the most serious problems in Intercloud service, to solve this problem, a scheme of user key revocation on attribute-based ring signatures is proposed. Focused on user ciphertext access in Intercloud, the mechanism of ciphertext matrixes mapping without attribute leakage is discussed, multi-authority can extend attribute sets for generation key, then full user attributes can not be acquired by Cloud Service Providers (CSP), thus overhead on attribute storage is reduced. In addition, user signature verification revocation based on revocable ring and monotone span programs is designed, which constitutes ring of CSPs, authorities and users. Receiving CSP can define ciphertext access structure, users can access ciphertext through source CSP verifying, and authorities can remove decryption key from attribute-lost users without affecting any other users. The mechanism of collusion resistance with integrating attributes on the basis of Ciphertext-Policy Attribute Base Encryption (CP-ABE) and monotone span programs is discussed, with which user attribute confidentiality can be protected from leakage. Finally, to prove the effectiviness of the proposed model, the performance analysis of communication cost and computational efficiency are verified.