|
|||||
|
|
| 基于椭圆曲线加密且支持撤销的属性基加密方案 | |
| 引用本文: | 孙京宇,朱家玉,田自强,史国振,关川江.基于椭圆曲线加密且支持撤销的属性基加密方案[J].计算机应用,2022,42(7):2094-2103. |
| 作者姓名: | 孙京宇 朱家玉 田自强 史国振 关川江 |
| 作者单位: | 西安电子科技大学 计算机科学与技术学院, 西安 710071 北京电子科技学院 网络空间安全系, 北京 100070 北京电子科技学院 电子与通信工程系, 北京 100070 西安电子科技大学 通信工程学院, 西安 710071 |
| 基金项目: | 国家重点研发计划项目(2017YFB0801803)~~; |
| 摘 要: | 在云终端用户资源受限的场景中,传统属性基加密方案中存在着计算开销大以及不能实现实时撤销的不足。为了实现云端数据安全高效的共享,提出了一种基于椭圆曲线加密(ECC)算法且支持细粒度撤销的属性基加密方案。该方案使用计算较轻量级的椭圆曲线上的标量乘法代替传统属性基加密方案中计算开销较大的双线性配对,以降低系统中用户在解密时的计算开销,提高系统的效率,使方案更适用于资源受限的云终端用户场景。利用表达能力更强和计算更高效的有序二元决策图(OBDD)结构来描述用户定义的访问策略,以减少嵌入密文中的冗余属性来缩短密文长度。为每个属性建立一个由拥有该属性用户组成的属性组,并为组内每个成员生成唯一的用户属性组密钥。当发生属性撤销时,利用最小子集覆盖技术为组内剩余成员生成新的属性组,实现实时的细粒度属性撤销。安全分析表明,所提方案具有选择明文攻击不可区分性、前向安全性和后向安全性;性能分析表明,所提方案在访问结构表达和计算能力上优于(t,n)门限秘密共享方案和线性秘密共享方案(LSSS),其解密计算效率满足资源受限的云终端用户的需求。 |
| 关 键 词: | 属性基加密 有序二元决策图 属性撤销 云计算 细粒度 椭圆曲线加密算法 |
| 收稿时间: | 2021-04-19 |
| 修稿时间: | 2021-07-02 |
Attribute based encryption scheme based on elliptic curve cryptography and supporting revocation |
|
| Jingyu SUN,Jiayu ZHU,Ziqiang TIAN,Guozhen SHI,Chuanjiang GUAN.Attribute based encryption scheme based on elliptic curve cryptography and supporting revocation[J].journal of Computer Applications,2022,42(7):2094-2103. | |
| Authors: | Jingyu SUN Jiayu ZHU Ziqiang TIAN Guozhen SHI Chuanjiang GUAN |
| Affiliation: | School of Computer Science and Technology,Xidian University,Xi’an Shaanxi 710071,China Department of Cyberspace Security,Beijing Electronic Science and Technology Institute,Beijing 100070,China Department of Electronic and Communication Engineering,Beijing Electronic Science and Technology Institute,Beijing 100070,China School of Communications Engineering,Xidian University,Xi’an Shaanxi 710071,China |
| Abstract: | In view of the scenarios where the resources of cloud terminal users are limited, the traditional attribute based encryption schemes have the disadvantages of high computing cost and being unable to achieve real-time revocation. In order to realize the safe and efficient sharing of cloud data, an attribute based encryption scheme based on Elliptic Curve Cryptography (ECC) algorithm and supporting fine-grained revocation was proposed. In the scheme, the relatively lightweight scalar multiplication on the elliptic curve was used to replace the bilinear pairing with higher computational cost in the traditional attribute based encryption schemes, thereby reducing the computational cost of users during decryption in the system, improving the efficiency of the system and making the scheme more suitable for resource constrained cloud terminal user scenarios. In order to reduce the redundant attributes embedded in the ciphertext to shorten the length of the ciphertext, the more expressive and computationally efficient Ordered Binary Decision Diagram (OBDD) structure was used to describe the user-defined access policy. An attribute group composed of users with the attribute was established for each attribute, and a unique user attribute group key was generated for each member of the group. When the attribute revocation occurred, the minimum subset cover technology was used to generate a new attribute group for the remaining members in the group to realize real-time fine-grained attribute revocation. Security analysis shows that the proposed scheme has the indistinguishability of selective plaintext attacks, forward security and backward security. Performance analysis shows that the proposed scheme outperforms (t,n) threshold secret sharing scheme and Linear Secret Sharing Scheme (LSSS) in terms of access structure expression and computing capability, and has the decryption computational efficiency meeting the need of resource constrained cloud terminal users. |
| Keywords: | attribute based encryption Ordered Binary Decision Diagram (OBDD) attribute revocation cloud computing fine-grained Elliptic Curve Cryptography (ECC) algorithm |
| 点击此处可从《计算机应用》浏览原始摘要信息 | |
| 点击此处可从《计算机应用》下载全文 | |
