CN104113408A - Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption - Google Patents
Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption Download PDFInfo
- Publication number
- CN104113408A CN104113408A CN201410330696.4A CN201410330696A CN104113408A CN 104113408 A CN104113408 A CN 104113408A CN 201410330696 A CN201410330696 A CN 201410330696A CN 104113408 A CN104113408 A CN 104113408A
- Authority
- CN
- China
- Prior art keywords
- attribute
- prime
- user
- ciphertext
- cloud server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000013475 authorization Methods 0.000 claims abstract description 6
- 239000011159 matrix material Substances 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption. The method is realized by the following steps: a system is established to generate a system public key and a master key; an encipherer constructs an access strategy; the encipherer carries out encryption to generate a ciphertext; an attribute authority center generates a user private key and an authorization private key; a cloud server constructs a path secret key binary tree; the cloud server carries out proxy re-encryption and generates a re-ciphertext to realize the cancel of user attributes; and a decipher carries out decryption to obtain a plaintext. The method helps to reduce the burden of the attribute authority center, and can solve the private key updating problem corresponding to the attribute cancel quickly and efficiently; when one or some attributes of a user is cancelled, access authority for other attributes is still reserved; and the cancelling of one or some attributes of the user does not influence the access authorities of other uses to the cancelled attribute; and the method has the advantages of being capable of cancelling the user attributes in a flexible, timely, fine-grained and efficient manner.
Description
Technical field
The present invention relates to network and information security fields, relate to enciphered data access control technology, be specifically related to a kind of realize that timely user property cancels based on ciphertext policy attribute encryption method.
Background technology
Based on encryption attribute, belong to public-key cryptography scheme, its towards to as if Yi Ge colony, rather than unique user, allows user to utilize attribute to implement message encryption and deciphering, can realize broadcast enciphering and the fine-grained access control of efficient one-to-many.According to ciphertext and key form of expression encryption attribute two classes that are divided into encryption attribute and the ciphertext strategy of key strategy different from application scenarios.Wherein, in the encryption attribute based on ciphertext strategy, private key for user is relevant to attribute, and encipherer formulates access strategy, has determined that the user of which attribute can decipher, and and if only if just can successfully decipher when user property meets ciphertext access strategy.
Along with the development of cloud computing, increasing user is stored in the sensitive data of oneself on third-party server, to reach the object of sharing data.But third-party server is not completely believable, caused thus the worry of user for Information Security.Encryption attribute is a good solution route, and user can be embedded into access strategy in ciphertext and is stored on Cloud Server, and the user who only has attribute to meet access strategy just can successfully decipher the ciphertext on Cloud Server.But in view of user adds frequently or leaves attribute customer group, user property is cancelled with interpolation and compared, in more complicated in execution, realization, difficulty is larger, and user property is cancelled the hot issue that becomes the research of the cryptographic system of encryption attribute.At present existing many methods solve and cancel problem, revocation list can be embedded in ciphertext, to realize user and cancel; Or timing re-encrypted private key completes attribute and cancels; Can also complete and cancel by the mode of acting on behalf of re-encryption and changing system PKI and private key for user simultaneously.But above method all respectively has weak point, cancels cost large, underaction, can not realize timely fine-grained attribute and cancel.
Summary of the invention
For the deficiencies in the prior art, the present invention propose a kind of realize that timely user property cancels based on ciphertext policy attribute encryption method, to reach, reduce attribute authority (aa) central task amount and fine granularity is cancelled the object of user property.Apply key random division and act on behalf of Re-encryption Technology, the work at attribute authority (aa) center is transferred to Cloud Server to be completed, Cloud Server is gathered structure path key binary tree according to attribute user, efficiently quick solution and cancel the private key replacement problem that Attribute Relative is answered.When certain or some attribute of a user is by after cancelling, he will have the access rights of other attributes, the attribute of cancelling certain or certain user does not affect other users for the access rights of this attribute.
To achieve these goals, the following technical scheme of employing of the present invention:
Utilize linear secret technology of sharing that access strategy is embedded in ciphertext; Utilize key random division technology that master key is divided into two parts at random, be respectively used to as user and Cloud Server generation private key for user and authorize private key; Encipherer generates initial ciphertext and sends it to Cloud Server, and Cloud Server utilizes Re-encryption Technology to carry out re-encryption to initial ciphertext and generates heavy ciphertext to reach the object of data sharing and fine granularity access; The burden at attribute authority (aa) center, without linking up as it generates and upgrade private key with deciphering person, has been reduced in attribute authority (aa) center; Cloud Server is gathered structure path key binary tree according to attribute user, the corresponding private key replacement problem of other user properties after can effectively solving user property and cancelling; The ciphertext of the mandate private key of Cloud Server is deciphered the part as validated user key heavy ciphertext together with upgrading private key.Wherein:
Attribute authority (aa) center can generate PKI and master key for system, is responsible for each user assignment attribute and generates private key for user, for Cloud Server generates, authorizes private key, and user's set corresponding to each attribute sent to Cloud Server.
Encipherer formulates access strategy and encrypts the data-message of oneself, and initial ciphertext is sent to Cloud Server.
Cloud Server is responsible for that the ciphertext obtaining from encipherer is carried out to re-encryption there and is generated heavy ciphertext and store for user and share, and is responsible for the access rights that user gathers generation pass key binary tree and control user.
Deciphering person access is stored in the ciphertext on Cloud Server, only has attribute to meet ciphertext access strategy, and does not have the user who cancels in dependency user set could successful decrypting ciphertext.
The concrete implementation step of the technical program is as follows:
Step 1, system made, generation system PKI and master key:
Step 1.1, attribute authority (aa) center input security parameter 1
λ, and select rank be prime number p group G, described security parameter 1
λdetermined the size of described group G;
Step 1.2, defines hash function a: H:{0,1}
*→ G;
Step 1.3, attribute authority (aa) center is in finite field
in the random integer of selecting
calculate α=(α
1+ α
2) modp;
Step 1.4, generation system PKI PK=<G, g, e, e (g, g)
α, g
a> and master key MK=< α
1, α
2, g
α>, wherein e:G * G → G
tfor bilinear map, g is a generator in group G;
Step 1.5, discloses described system PKI, retains described master key.
Step 2, encipherer constructs access strategy:
Note M is the shared generator matrix of the capable n of l row, represents the participant of the capable institute of M i mark with function ρ (i), i=1 wherein ..., l, described access strategy is (M, ρ).
If share a secret value s, choose at random n-1 number
form a n-dimensional vector with s
vector
for l the shared share of s,
be i shared share, it belongs to participant ρ (i); Above-mentioned linear secret sharing scheme has linear reconstruction character: access strategy A, and participant's S set, making S ∈ A is sets of authorizations,
if { λ
ithat the legal of secret s shared, there is constant
make Σ
i ∈ Iw
iλ
i=s.
Step 3, encipherer is encrypted message, generates initial ciphertext, comprises described access strategy in wherein said initial ciphertext:
Step 3.1, encipherer inputs described system PKI PK=<G, g, e, e (g, g)
α, g
a>, described access strategy (M, ρ) and the clear-text message that needs encryption
Step 3.2, selects random number
export initial ciphertext CT=<C, C, { C
i, D
i}
i=1 ..., l> also sends to Cloud Server, wherein
c=g
s,
Step 4, attribute authority (aa) center generates private key for user and authorizes private key:
Step 4.1, described system PKI PK=<G, g, e, e (g, g) are inputted in attribute authority (aa) center
α, g
a> and master key MK=< α
1, α
2, g
α>;
Step 4.2, community set S corresponding to information distribution that attribute authority (aa) center provides according to user, selects random number
for user generates private key for user
wherein
l=g
t,
For generating, Cloud Server authorizes private key
Step 4.3, by safe lane by SK
1and SK
2pass to respectively user and Cloud Server.
Step 5, Cloud Server structure path key binary tree:
Step 5.1, U is gathered by each attribute user corresponding to attribute j ∈ S in attribute authority (aa) center
jsend to Cloud Server, for example user identity ID
1, ID
2, ID
3, ID
4{ 1,2,3}, { 2,3,4}, { 1,3,4}, { 1,2,4}, Cloud Server is gathered U by dependency authority center acquisition attribute user so to have respectively attribute
1={ ID
1, ID
3, ID
4, U
2={ ID
1, ID
2, ID
4, U
3={ ID
1, ID
2, ID
3, U
4={ ID
2, ID
3, ID
4;
Step 5.2, Cloud Server generation pass key binary tree, each member in attribute user set is on the leafy node of described binary tree, and each member has corresponding path key, each leafy node or inner node represent the key of random generation, node u
ihave path key τ
i, path key derives from leafy node to root node, for each attribute customer group U
jall there is corresponding minimum first tree (U of covering
j) can cover the corresponding leafy node of member in all properties customer group, path key is included in minimum covering in unit.
Step 6, Cloud Server is acted on behalf of re-encryption, generates heavy ciphertext, realizes cancelling user property:
Step 6.1, the described initial ciphertext CT=<C of Cloud Server input, C, { C
i, D
i}
i=1 ..., l> and described authorization key
Step 6.2, the different attribute revocation list RL that Cloud Server gives according to attribute authority (aa) center generates two kinds of dissimilar heavy ciphertexts, and wherein RL is attribute revocation list RL
jset
attribute revocation list RL
jcomprised and to each attribute j relevantly in community set cancelled the corresponding relation between user:
If attribute revocation list
representing does not have user's attribute to be cancelled, and Cloud Server is selected random number
generate the heavy ciphertext of I
Wherein,
c=g
s, C'=g
s/k,
If
for revocation list
attribute j' have reversed user, according to Cloud Server, be now all path key binary trees that user generates of not cancelling, Cloud Server is selected random number
generate the heavy ciphertext of II
wherein
c=g
s, C'=g
s/k,
for adopting symmetric encryption method to v
j'the ciphertext of encrypting, tree (U
j') gather U for attribute user
j'the corresponding minimum unit that covers, τ is the described minimum path key covering in unit.
Step 7, deciphering person is decrypted, and draws expressly:
If
do not have user's attribute to be cancelled, deciphering person inputs the heavy ciphertext of described I
With described private key for user
And calculate as follows:
Then the result drawing according to above formula is calculated clear-text message
The clear-text message of finally output deciphering;
If the revocation list of attribute j'
and deciphering person's attribute j' is cancelled, represent that deciphering person is at revocation list RL
x'in, export ⊥;
If the revocation list of attribute j'
and deciphering person's attribute j' is not cancelled, represent that deciphering person is not at revocation list RL
j'in, still there is the authority of access attribute j', deciphering person inputs the heavy ciphertext of described II
with described private key for user
According to the path key deciphering of oneself
obtain v
j', renewal private key is
calculate as follows:
A=Π
i∈IB
i=e(g,g)
ats;
Then calculate clear-text message
The clear-text message of finally output deciphering.
Beneficial effect of the present invention is:
1, utilize linear secret technology of sharing that access strategy is embedded in ciphertext, make undelegated user cannot recover secret value;
2, attribute authority (aa) center is divided into two parts at random by master key, is respectively used to as user and Cloud Server generation private key for user and authorizes private key, and the major part work at attribute authority (aa) center is transferred to Cloud Server and completes, and has reduced the burden at attribute authority (aa) center;
3, Cloud Server is gathered structure path key binary tree according to attribute user, efficiently quick solution and cancel the private key replacement problem that Attribute Relative is answered;
4, the ciphertext of the mandate private key of Cloud Server is using the decrypting ciphertext together with upgrading private key of the part as validated user key;
5, reached in time cancelling certain or some specific users' particular community;
6,, when certain or some attribute of a user is by after cancelling, he will have the access rights of other attributes, the attribute of cancelling certain or certain user does not affect other users for the access rights of this attribute;
7, have flexibly, in time, fine granularity, efficiently cancel user property.
Accompanying drawing explanation
Fig. 1 is method flow diagram of the present invention;
Fig. 2 is system configuration schematic diagram of the present invention;
Fig. 3 is path key binary tree structure schematic diagram of the present invention.
Embodiment
Below with reference to accompanying drawing, the invention will be further described, it should be noted that, the present embodiment be take the technical program and provided detailed execution mode and implementation step as prerequisite, but is not limited to the present embodiment.
As shown in Figure 1, described a kind of mainly comprising the steps: based on ciphertext policy attribute encryption method that timely user property cancels of realizing
Step 1, system made, generation system PKI and master key;
Step 2, encipherer constructs access strategy;
Step 3, encipherer is encrypted message, generates initial ciphertext;
Step 4, attribute authority (aa) center generates private key for user and authorizes private key;
Step 5, Cloud Server structure path key binary tree;
Step 6, Cloud Server is acted on behalf of re-encryption, generates heavy ciphertext, realizes cancelling user property;
Step 7, deciphering person is decrypted, and draws expressly.
Wherein, system of the present invention consists of main bodys such as attribute authority (aa) center, encipherer, Cloud Server, deciphering persons, and the correlation between main body as shown in Figure 2;
The concrete implementing procedure of step 1 is as follows:
Attribute authority (aa) center input security parameter 1
λ, the group G that selection rank are prime number p, security parameter 1
λdetermined the size of group G; Define hash function a: H:{0,1}
*→ G; Random integers are selected at attribute authority (aa) center
calculate α=(α
1+ α
2) modp, wherein symbol modp represents to calculate the remainder of mould p; Generation system PKI PK=<G, g, e, e (g, g)
α, g
a>, master key MK=< α
1, α
2, g
α>, wherein, g ∈ G is for selecting a generator of group G, e:G * G → G
tfor bilinear map; System PKI is open, and master key retains.
E:G * G → G
tbilinear map need meet following character: group G and G that rank are prime number p
t, g is the generator of crowd G, chooses at random
(1) bilinearity: right
have
(2) non-degeneracy:
make e (g, h) ≠ 1; (3) computability: right
mapping e (g, h) can effectively calculate in polynomial time.
The implementing procedure of step 2 is as follows:
Apply linear secret sharing scheme, all participants' shared share forms
on a vector, M is the shared generator matrix of the capable n of l row, note function ρ (i) represents the participant of the capable institute of M i mark, i=1 wherein ..., l, access strategy is (M, ρ);
If share a secret value
choose at random n-1 number
form a n-dimensional vector with s
vector
for l the shared share of s,
be i shared share, it belongs to participant ρ (i), and above-mentioned linear secret sharing scheme has linear reconstruction character: access strategy A, and participant's S set, making S ∈ A is sets of authorizations,
if { λ
ithat the legal of secret s shared, there is constant
make Σ
i ∈ Iw
iλ
i=s.
The implementing procedure of step 3 is as follows:
Encipherer inputs described system PKI PK=<G, g, e, e (g, g)
α, g
a>, described access strategy (M, ρ) and the clear-text message that needs encryption
select random number
export initial ciphertext CT=<C, C, { C
i, D
i}
i=1 ..., l> also sends to Cloud Server, wherein
c=g
s,
The concrete implementation step of step 4 is as follows:
Attribute authority (aa) center input system PKI PK=<G, g, e, e (g, g)
α, g
a> and master key MK=< α
1, α
2, g
α>, community set S corresponding to information distribution providing according to user, selects random number
calculate as follows:
For user generates private key for user
for generating, Cloud Server authorizes private key
by safe lane by SK
1and SK
2pass to respectively user and Cloud Server.
As shown in table 1, according to user ID
icommunity set corresponding to information distribution providing
user identity ID
1there is attribute
user identity ID
2there is attribute
user identity ID
3there is attribute
user identity ID
4there is attribute
Table 1
The concrete implementing procedure of step 5 is as follows:
U is gathered by attribute user corresponding to each attribute j in attribute authority (aa) center
jsend to Cloud Server: user identity ID
1, ID
2, ID
3, ID
4have respectively attribute
Cloud Server obtains attribute user set for U by dependency authority center
1={ ID
1, ID
3, ID
4, U
2={ ID
1, ID
2, ID
4, U
3={ ID
1, ID
2, ID
3, U
4={ ID
2, ID
3, ID
4, specifically as shown in table 2.
Table 2
Cloud Server generation pass key binary tree, each member in attribute user set is on the leafy node of binary tree, and each member has corresponding path key.As shown in Figure 3, user identity ID
i, i=1 ..., 4 respectively corresponding each leafy node, leafy node or inner node all represent the path key of random generation, the path key that node ui has is τ
i, path key derives from leafy node to root node; For user ID
4the path key of storing is RK
4={ τ
7, τ
3, τ
1.For each attribute user, gather U
jall there is corresponding minimum first tree (U of covering
j) can cover the corresponding leafy node of member in all properties user set, path key is included in minimum covering in unit; For example, for attribute user, gather U
2={ ID
1, ID
2, ID
4, so corresponding minimum first tree (U that covers
2)={ τ
2, τ
7, because node u
2, u
7can cover attribute user and gather U
2in all users: ID
1, ID
2, ID
4.Any one is not at U
2user all cannot obtain tree (U
2)={ τ
2, τ
7in any one path key.
The concrete implementing procedure of step 6 is as follows:
Cloud Server is inputted initial ciphertext CT=<C, C, { C
i, D
i}
i=1 ..., l>, wherein ciphertext has comprised access strategy,
c=g
s,
With mandate private key
The different generation of attribute revocation list RL two kinds of dissimilar heavy ciphertexts, wherein attribute revocation list RL that Cloud Server gives according to attribute authority (aa) center
jcomprised the corresponding relation between reversed user relevant to each attribute j in community set, RL is attribute revocation list RL
jset
as shown in table 3, attribute 1,2,3,4 the set of cancelling is respectively
RL
1={ID
1},
RL
3={ID
1,ID
2},
Table 3
If attribute revocation list
do not have user's attribute to be cancelled, Cloud Server is selected random number
calculate as follows:
C=g
s,C'=g
s/k,
Generate the heavy ciphertext of I
If the revocation list of attribute j'
be that attribute j' has reversed user.Cloud Server is all unrevoked user's generation pass key binary trees according to the attribute user set after upgrading, and Cloud Server is selected random number
calculate as follows:
C=g
s,C'=g
s/k,
for adopting symmetric encryption method to v
j'the ciphertext of encrypting, key τ is that the minimum in binary tree covers the path key in unit, generates the heavy ciphertext of II
The concrete implementing procedure of step 7 is as follows:
If
be that attribute is not cancelled, deciphering person ID
iinput the heavy ciphertext of I
With according to private key
Calculate as follows:
The clear-text message of output deciphering;
If the revocation list of attribute j'
deciphering person ID
iattribute j' cancelled ID
i∈ RL
j', export ⊥.Otherwise, deciphering person ID
iattribute j' do not cancelled
i.e. deciphering person ID
ithe authority still with access attribute j', deciphering person ID
iinput the heavy ciphertext of II
and private key for user
deciphering person ID
iattribute do not cancelled, can decipher according to path key
obtain v
j', upgrade the private key of corresponding attribute j'
calculate as follows:
A=Π
i∈IB
i=e(g,g)
ats;
The clear-text message of output deciphering.
For a person skilled in the art, can make various corresponding changes and distortion according to above technical scheme and design, and these all changes and distortion all should be included in the protection range of the claims in the present invention within.
Claims (8)
1. realize that timely user property cancels based on a ciphertext policy attribute encryption method, it is characterized in that, described method comprises the steps:
Step 1, system made, generation system PKI and master key;
Step 2, encipherer constructs access strategy;
Step 3, encipherer is encrypted message, generates initial ciphertext;
Step 4, attribute authority (aa) center generates private key for user and authorizes private key;
Step 5, Cloud Server structure path key binary tree;
Step 6, Cloud Server is acted on behalf of re-encryption, generates heavy ciphertext, realizes cancelling user property;
Step 7, deciphering person is decrypted, and draws expressly.
According to claim 1 a kind of realize that timely user property cancels based on ciphertext policy attribute encryption method, it is characterized in that, the idiographic flow of described step 1 is as follows:
Step 1.1, attribute authority (aa) center input security parameter 1
λ, and select rank be prime number p group G, described security parameter 1
λdetermined the size of described group G;
Step 1.2, defines hash function a: H:{0,1}
*→ G;
Step 1.3, attribute authority (aa) center is in finite field
in the random integer of selecting
calculate α=(α
1+ α
2) modp;
Step 1.4, generation system PKI PK=<G, g, e, e (g, g)
α, g
a> and master key MK=< α
1, α
2, g
α>, wherein e:G * G → G
tfor bilinear map, g is a generator in group G;
Step 1.5, discloses described system PKI, retains described master key.
According to claim 1 a kind of realize that timely user property cancels based on ciphertext policy attribute encryption method, it is characterized in that, the idiographic flow of described step 2 is as follows:
Apply linear secret sharing scheme, all participants' shared share forms
on a vector; Note M is the shared generator matrix of the capable n of l row, represents the participant of the capable institute of M i mark with function ρ (i), i=1 wherein ..., l; Access strategy is (M, ρ); If share a secret value
choose at random n-1 number
form a n-dimensional vector with s
vector
for l the shared share of s,
be i shared share, it belongs to participant ρ (i); Note access strategy A, participant's S set, making S ∈ A is sets of authorizations,
if { λ
ithat the legal of secret s shared, there is constant
make Σ
i ∈ Iw
iλ
i=s.
According to claim 1 a kind of realize that timely user property cancels based on ciphertext policy attribute encryption method, it is characterized in that, the idiographic flow of described step 3 is as follows:
Step 3.1, encipherer inputs described system PKI PK=<G, g, e, e (g, g)
α, g
a>, described access strategy (M, ρ) and the clear-text message that needs encryption
Step 3.2, selects random number
export initial ciphertext CT=<C, C, { C
i, D
i}
i=1 ..., l> also sends to Cloud Server, wherein
c=g
s,
According to claim 1 a kind of realize that timely user property cancels based on ciphertext policy attribute encryption method, it is characterized in that, the idiographic flow of described step 4 is as follows:
Step 4.1, described system PKI PK=<G, g, e, e (g, g) are inputted in attribute authority (aa) center
α, g
a> and master key MK=< α
1, α
2, g
α>;
Step 4.2, community set S corresponding to information distribution that attribute authority (aa) center provides according to user, selects random number
for user generates private key for user
wherein
l=g
t,
For generating, Cloud Server authorizes private key
Step 4.3, by safe lane by SK
1and SK
2pass to respectively user and Cloud Server.
According to claim 1 a kind of realize that timely user property cancels based on ciphertext policy attribute encryption method, it is characterized in that, the idiographic flow of described step 5 is as follows:
Step 5.1, U is gathered by each attribute user corresponding to attribute j ∈ S in attribute authority (aa) center
jsend to Cloud Server;
Step 5.2, Cloud Server generation pass key binary tree, each member in attribute user set is on the leafy node of described binary tree, and each member has corresponding path key.
According to claim 1 a kind of realize that timely user property cancels based on ciphertext policy attribute encryption method, it is characterized in that, the idiographic flow of described step 6 is as follows:
Step 6.1, the described initial ciphertext CT=<C of Cloud Server input, C, { C
i, D
i}
i=1 ..., l> and described authorization key
Step 6.2, the different attribute revocation list RL that Cloud Server gives according to attribute authority (aa) center generates two kinds of dissimilar heavy ciphertexts, and wherein RL is attribute revocation list RL
jset
attribute revocation list RL
jcomprised and to each attribute j relevantly in community set cancelled the corresponding relation between user:
If attribute revocation list
representing does not have user's attribute to be cancelled, and Cloud Server is selected random number
generate the heavy ciphertext of I
Wherein,
c=g
s, C'=g
s/k,
If
for revocation list
attribute j' have reversed user, according to Cloud Server, be now all path key binary trees that user generates of not cancelling, Cloud Server is selected random number
generate the heavy ciphertext of II
wherein
c=g
s, C'=g
s/k,
for adopting symmetric encryption method to v
j'the ciphertext of encrypting, tree (U
j') gather U for attribute user
j'the corresponding minimum unit that covers, τ is the described minimum path key covering in unit.
According to claim 1 a kind of realize that timely user property cancels based on ciphertext policy attribute encryption method, it is characterized in that, described step 7 is carried out in accordance with the following steps:
If
do not have user's attribute to be cancelled deciphering person and input the heavy ciphertext of described I
With described private key for user
And calculate as follows:
Then the result drawing according to above formula is calculated clear-text message
The clear-text message of finally output deciphering;
If the revocation list of attribute j'
and deciphering person's attribute j' is cancelled, represent that deciphering person is at revocation list RL
j'in, export ⊥;
If the revocation list of attribute j'
and deciphering person's attribute j' is not cancelled, represent that deciphering person is not at revocation list RL
j'in, still there is the authority of access attribute j', deciphering person inputs the heavy ciphertext of described II
with described private key for user
According to the path key deciphering of oneself
obtain v
j', renewal private key is
calculate as follows:
A=Π
i∈IB
i=e(g,g)
ats;
Then calculate clear-text message
The clear-text message of finally output deciphering.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410330696.4A CN104113408B (en) | 2014-07-11 | 2014-07-11 | It is a kind of realize the revocation of timely user property based on ciphertext policy ABE encryption method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410330696.4A CN104113408B (en) | 2014-07-11 | 2014-07-11 | It is a kind of realize the revocation of timely user property based on ciphertext policy ABE encryption method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104113408A true CN104113408A (en) | 2014-10-22 |
CN104113408B CN104113408B (en) | 2017-12-08 |
Family
ID=51710047
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410330696.4A Expired - Fee Related CN104113408B (en) | 2014-07-11 | 2014-07-11 | It is a kind of realize the revocation of timely user property based on ciphertext policy ABE encryption method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104113408B (en) |
Cited By (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104320393A (en) * | 2014-10-24 | 2015-01-28 | 西安电子科技大学 | Effective attribute base agent re-encryption method capable of controlling re-encryption |
CN104363215A (en) * | 2014-11-04 | 2015-02-18 | 河海大学 | Encryption method and system based on attributes |
CN105162589A (en) * | 2015-01-11 | 2015-12-16 | 陕西理工学院 | Lattice-based verifiable attribute encryption method |
CN105871551A (en) * | 2016-06-22 | 2016-08-17 | 江苏迪纳数字科技股份有限公司 | User access cancelling control method based on agent re-encryption |
CN106911702A (en) * | 2017-03-08 | 2017-06-30 | 福建师范大学 | Based on the cloud storage block encryption access control method for improving CP ABE |
CN107204973A (en) * | 2017-04-13 | 2017-09-26 | 南京邮电大学 | A kind of dynamic updates the KAC methods of user right |
CN107222310A (en) * | 2017-08-01 | 2017-09-29 | 成都大学 | A kind of parallelization processing method of the Ciphertext policy cloud encryption based on encryption attribute |
CN107251480A (en) * | 2015-02-20 | 2017-10-13 | 三菱电机株式会社 | Data storing device, data update system, data processing method and data processor |
CN107251479A (en) * | 2015-02-20 | 2017-10-13 | 三菱电机株式会社 | Data storing device, data processing method and data processor |
CN107343008A (en) * | 2017-07-17 | 2017-11-10 | 山东超越数控电子有限公司 | A kind of data safety isolation of anti-access module leakage is with sharing implementation method |
CN107566386A (en) * | 2017-09-14 | 2018-01-09 | 上海海事大学 | A kind of voidable attribute base encryption method |
CN107634830A (en) * | 2017-09-13 | 2018-01-26 | 中国人民解放军信息工程大学 | The revocable attribute base encryption method of server- aided, apparatus and system |
CN108063756A (en) * | 2017-11-21 | 2018-05-22 | 阿里巴巴集团控股有限公司 | A kind of key management method, device and equipment |
CN108076028A (en) * | 2016-11-18 | 2018-05-25 | 中兴通讯股份有限公司 | The method, apparatus and system of a kind of encryption attribute |
CN108200181A (en) * | 2018-01-11 | 2018-06-22 | 中国人民解放军战略支援部队信息工程大学 | A kind of revocable attribute-based encryption system and method towards cloud storage |
CN108200066A (en) * | 2018-01-04 | 2018-06-22 | 南京邮电大学 | A kind of logistics big data access control system and method based on encryption attribute |
CN108322447A (en) * | 2018-01-05 | 2018-07-24 | 中电长城网际***应用有限公司 | Data sharing method and system, terminal under cloud environment and Cloud Server |
CN108335108A (en) * | 2018-02-27 | 2018-07-27 | 中国科学院软件研究所 | A kind of two-dimension code safe method of mobile payment and system |
CN108737085A (en) * | 2017-04-25 | 2018-11-02 | 杭州弗兰科信息安全科技有限公司 | A kind of encryption data shared system that key can cancel immediately |
CN108737096A (en) * | 2017-04-25 | 2018-11-02 | 杭州弗兰科信息安全科技有限公司 | A kind of key management system for group communication |
CN108763944A (en) * | 2018-05-31 | 2018-11-06 | 金华航大北斗应用技术有限公司 | Multicenter large attribute Domain Properties base encryption method can be revoked safely in calculating in mist |
CN109889494A (en) * | 2019-01-07 | 2019-06-14 | 南京航空航天大学 | A kind of voidable cloud data safety sharing method |
CN109995795A (en) * | 2019-04-26 | 2019-07-09 | 桂林电子科技大学 | A kind of predicate group encryption method and system for supporting user to be dynamically added |
CN110035067A (en) * | 2019-03-13 | 2019-07-19 | 西安电子科技大学 | The encryption attribute method of efficient data duplicate removal and attribute revocation is supported in cloud storage |
CN110098926A (en) * | 2019-05-06 | 2019-08-06 | 西安交通大学 | One attribute cancelling method |
CN110247761A (en) * | 2019-06-18 | 2019-09-17 | 西安电子科技大学 | The ciphertext policy ABE encryption method of attribute revocation is supported on a kind of lattice |
CN110535873A (en) * | 2019-09-16 | 2019-12-03 | 北京数字认证股份有限公司 | Encryption method, decryption method applied to data collaborative encryption system |
CN111680306A (en) * | 2020-03-31 | 2020-09-18 | 贵州大学 | Attribute-based collaborative access control revocation method |
CN111818039A (en) * | 2020-07-03 | 2020-10-23 | 西安电子科技大学 | Three-factor anonymous user authentication protocol method based on PUF in Internet of things |
CN113098678A (en) * | 2019-12-23 | 2021-07-09 | 中移(苏州)软件技术有限公司 | Information processing method, terminal, center device, server, and storage medium |
CN113194089A (en) * | 2021-04-28 | 2021-07-30 | 四川师范大学 | Attribute-based encryption method for ciphertext strategy supporting attribute revocation |
CN114244579A (en) * | 2021-11-29 | 2022-03-25 | 上海应用技术大学 | Power data privacy protection system and method for user-level revocable attribute encryption |
CN115189974A (en) * | 2022-09-13 | 2022-10-14 | 北京邮电大学 | Multi-organization access control method and device based on block chain |
CN116094845A (en) * | 2023-04-10 | 2023-05-09 | 中国人民解放军国防科技大学 | Efficient revocation conditional proxy re-encryption method and system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103179114A (en) * | 2013-03-15 | 2013-06-26 | 华中科技大学 | Fine-grained access control method for data in cloud storage |
CN103297227A (en) * | 2013-07-02 | 2013-09-11 | 西安电子科技大学 | Attribute-based encryption supporting flexible and direct-revocatory ciphertext policy |
-
2014
- 2014-07-11 CN CN201410330696.4A patent/CN104113408B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103179114A (en) * | 2013-03-15 | 2013-06-26 | 华中科技大学 | Fine-grained access control method for data in cloud storage |
CN103297227A (en) * | 2013-07-02 | 2013-09-11 | 西安电子科技大学 | Attribute-based encryption supporting flexible and direct-revocatory ciphertext policy |
Non-Patent Citations (3)
Title |
---|
TSU-YANG WU ET AL: ""A Revocable ID-based Signcryption Scheme"", 《JOURNAL OF INFORMATION HIDING AND MULTIMEDIA SIGNAL PROCESSING》 * |
刘振华 等: ""可撤销的基于身份的签密方案"", 《四川大学学报( 工程科学版)》 * |
王锦晓 等: ""一种高效属性可撤销的属性基加密方案"", 《计算机应用》 * |
Cited By (55)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104320393A (en) * | 2014-10-24 | 2015-01-28 | 西安电子科技大学 | Effective attribute base agent re-encryption method capable of controlling re-encryption |
CN104320393B (en) * | 2014-10-24 | 2018-04-17 | 西安电子科技大学 | The controllable efficient attribute base proxy re-encryption method of re-encryption |
CN104363215B (en) * | 2014-11-04 | 2017-10-10 | 河海大学 | A kind of encryption method and system based on attribute |
CN104363215A (en) * | 2014-11-04 | 2015-02-18 | 河海大学 | Encryption method and system based on attributes |
CN105162589B (en) * | 2015-01-11 | 2018-08-14 | 陕西理工学院 | It is a kind of to can verify that encryption attribute method based on lattice |
CN105162589A (en) * | 2015-01-11 | 2015-12-16 | 陕西理工学院 | Lattice-based verifiable attribute encryption method |
US10592682B2 (en) | 2015-02-20 | 2020-03-17 | Mitsubishi Electric Corporation | Data storage apparatus, data processing method, and computer readable medium adding a user attribute of a revoked user to an embedded decryption condition while encrypted data remains in an encrypted state |
CN107251480A (en) * | 2015-02-20 | 2017-10-13 | 三菱电机株式会社 | Data storing device, data update system, data processing method and data processor |
CN107251479A (en) * | 2015-02-20 | 2017-10-13 | 三菱电机株式会社 | Data storing device, data processing method and data processor |
CN107251480B (en) * | 2015-02-20 | 2018-07-10 | 三菱电机株式会社 | Data storing device, data update system and data processing method |
CN105871551B (en) * | 2016-06-22 | 2019-08-06 | 江苏迪纳数字科技股份有限公司 | User based on proxy re-encryption cancels access control method |
CN105871551A (en) * | 2016-06-22 | 2016-08-17 | 江苏迪纳数字科技股份有限公司 | User access cancelling control method based on agent re-encryption |
CN108076028A (en) * | 2016-11-18 | 2018-05-25 | 中兴通讯股份有限公司 | The method, apparatus and system of a kind of encryption attribute |
CN106911702B (en) * | 2017-03-08 | 2019-08-02 | 福建师范大学 | Based on the cloud storage block encryption access control method for improving CP-ABE |
CN106911702A (en) * | 2017-03-08 | 2017-06-30 | 福建师范大学 | Based on the cloud storage block encryption access control method for improving CP ABE |
CN107204973A (en) * | 2017-04-13 | 2017-09-26 | 南京邮电大学 | A kind of dynamic updates the KAC methods of user right |
CN108737085A (en) * | 2017-04-25 | 2018-11-02 | 杭州弗兰科信息安全科技有限公司 | A kind of encryption data shared system that key can cancel immediately |
CN108737096A (en) * | 2017-04-25 | 2018-11-02 | 杭州弗兰科信息安全科技有限公司 | A kind of key management system for group communication |
CN107343008A (en) * | 2017-07-17 | 2017-11-10 | 山东超越数控电子有限公司 | A kind of data safety isolation of anti-access module leakage is with sharing implementation method |
CN107222310A (en) * | 2017-08-01 | 2017-09-29 | 成都大学 | A kind of parallelization processing method of the Ciphertext policy cloud encryption based on encryption attribute |
CN107634830A (en) * | 2017-09-13 | 2018-01-26 | 中国人民解放军信息工程大学 | The revocable attribute base encryption method of server- aided, apparatus and system |
CN107634830B (en) * | 2017-09-13 | 2019-10-25 | 中国人民解放军信息工程大学 | The revocable attribute base encryption method of server- aided, apparatus and system |
CN107566386A (en) * | 2017-09-14 | 2018-01-09 | 上海海事大学 | A kind of voidable attribute base encryption method |
US10931651B2 (en) | 2017-11-21 | 2021-02-23 | Advanced New Technologies Co., Ltd. | Key management |
CN108063756A (en) * | 2017-11-21 | 2018-05-22 | 阿里巴巴集团控股有限公司 | A kind of key management method, device and equipment |
CN108200066A (en) * | 2018-01-04 | 2018-06-22 | 南京邮电大学 | A kind of logistics big data access control system and method based on encryption attribute |
CN108322447B (en) * | 2018-01-05 | 2021-12-10 | 中电长城网际***应用有限公司 | Data sharing method and system under cloud environment, terminal and cloud server |
CN108322447A (en) * | 2018-01-05 | 2018-07-24 | 中电长城网际***应用有限公司 | Data sharing method and system, terminal under cloud environment and Cloud Server |
CN108200181B (en) * | 2018-01-11 | 2021-03-19 | 中国人民解放军战略支援部队信息工程大学 | Cloud storage oriented revocable attribute-based encryption system and method |
CN108200181A (en) * | 2018-01-11 | 2018-06-22 | 中国人民解放军战略支援部队信息工程大学 | A kind of revocable attribute-based encryption system and method towards cloud storage |
CN108335108B (en) * | 2018-02-27 | 2021-05-11 | 中国科学院软件研究所 | Two-dimensional code secure mobile payment method and system |
CN108335108A (en) * | 2018-02-27 | 2018-07-27 | 中国科学院软件研究所 | A kind of two-dimension code safe method of mobile payment and system |
CN108763944A (en) * | 2018-05-31 | 2018-11-06 | 金华航大北斗应用技术有限公司 | Multicenter large attribute Domain Properties base encryption method can be revoked safely in calculating in mist |
CN109889494A (en) * | 2019-01-07 | 2019-06-14 | 南京航空航天大学 | A kind of voidable cloud data safety sharing method |
CN110035067B (en) * | 2019-03-13 | 2022-03-25 | 西安电子科技大学 | Attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage |
CN110035067A (en) * | 2019-03-13 | 2019-07-19 | 西安电子科技大学 | The encryption attribute method of efficient data duplicate removal and attribute revocation is supported in cloud storage |
CN109995795A (en) * | 2019-04-26 | 2019-07-09 | 桂林电子科技大学 | A kind of predicate group encryption method and system for supporting user to be dynamically added |
CN109995795B (en) * | 2019-04-26 | 2021-08-27 | 桂林电子科技大学 | Predicate group encryption method and system supporting dynamic joining of user |
CN110098926A (en) * | 2019-05-06 | 2019-08-06 | 西安交通大学 | One attribute cancelling method |
CN110247761B (en) * | 2019-06-18 | 2021-04-20 | 西安电子科技大学 | Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner |
CN110247761A (en) * | 2019-06-18 | 2019-09-17 | 西安电子科技大学 | The ciphertext policy ABE encryption method of attribute revocation is supported on a kind of lattice |
CN110535873B (en) * | 2019-09-16 | 2021-11-05 | 北京数字认证股份有限公司 | Encryption method and decryption method applied to data collaborative encryption system |
CN110535873A (en) * | 2019-09-16 | 2019-12-03 | 北京数字认证股份有限公司 | Encryption method, decryption method applied to data collaborative encryption system |
CN113098678A (en) * | 2019-12-23 | 2021-07-09 | 中移(苏州)软件技术有限公司 | Information processing method, terminal, center device, server, and storage medium |
CN113098678B (en) * | 2019-12-23 | 2022-06-03 | 中移(苏州)软件技术有限公司 | Information processing method, terminal, center device, server, and storage medium |
CN111680306B (en) * | 2020-03-31 | 2023-04-25 | 贵州大学 | Cooperative access control revocation method based on attribute |
CN111680306A (en) * | 2020-03-31 | 2020-09-18 | 贵州大学 | Attribute-based collaborative access control revocation method |
CN111818039B (en) * | 2020-07-03 | 2021-07-20 | 西安电子科技大学 | Three-factor anonymous user authentication protocol method based on PUF in Internet of things |
CN111818039A (en) * | 2020-07-03 | 2020-10-23 | 西安电子科技大学 | Three-factor anonymous user authentication protocol method based on PUF in Internet of things |
CN113194089A (en) * | 2021-04-28 | 2021-07-30 | 四川师范大学 | Attribute-based encryption method for ciphertext strategy supporting attribute revocation |
CN113194089B (en) * | 2021-04-28 | 2022-03-11 | 四川师范大学 | Attribute-based encryption method for ciphertext strategy supporting attribute revocation |
CN114244579A (en) * | 2021-11-29 | 2022-03-25 | 上海应用技术大学 | Power data privacy protection system and method for user-level revocable attribute encryption |
CN115189974B (en) * | 2022-09-13 | 2022-12-09 | 北京邮电大学 | Multi-organization access control method and device based on block chain |
CN115189974A (en) * | 2022-09-13 | 2022-10-14 | 北京邮电大学 | Multi-organization access control method and device based on block chain |
CN116094845A (en) * | 2023-04-10 | 2023-05-09 | 中国人民解放军国防科技大学 | Efficient revocation conditional proxy re-encryption method and system |
Also Published As
Publication number | Publication date |
---|---|
CN104113408B (en) | 2017-12-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104113408A (en) | Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption | |
CN109246096B (en) | Multifunctional fine-grained access control method suitable for cloud storage | |
CN108881314B (en) | Privacy protection method and system based on CP-ABE ciphertext under fog computing environment | |
CN106357395B (en) | A kind of outsourcing access control method and its system towards mist calculating | |
Koo et al. | Secure and efficient data retrieval over encrypted data using attribute-based encryption in cloud storage | |
CN102624522B (en) | A kind of key encryption method based on file attribute | |
CN106375346B (en) | Data guard method based on condition broadcast agent re-encryption under a kind of cloud environment | |
CN104363215B (en) | A kind of encryption method and system based on attribute | |
CN105406967B (en) | A kind of hierarchical attribute encipherment scheme | |
Chen et al. | Efficient decentralized attribute-based access control for cloud storage with user revocation | |
CN105049207B (en) | A kind of broadcast encryption scheme with customized information of identity-based | |
CN103731432A (en) | Multi-user supported searchable encryption system and method | |
CN105933345B (en) | It is a kind of that outsourcing attribute base encryption method can verify that based on linear privacy sharing | |
CN106452735A (en) | Outsourcing attribute encryption method supporting attribute cancellation | |
CN104158880B (en) | User-end cloud data sharing solution | |
JP6115573B2 (en) | Cryptographic system, data storage system, and apparatus and method used therefor | |
CN104022869A (en) | Fine-grained data access control method based on fragmenting of secret keys | |
CN105763528B (en) | The encryption device of diversity person's anonymity under a kind of mixed mechanism | |
CN110190945A (en) | Based on adding close linear regression method for secret protection and system | |
CN108111540A (en) | The hierarchical access control system and method for data sharing are supported in a kind of cloud storage | |
CN105100083A (en) | Attribute-based encryption method and attribute-based encryption system capable of protecting privacy and supporting user Undo | |
CN104320393A (en) | Effective attribute base agent re-encryption method capable of controlling re-encryption | |
CN107426162A (en) | A kind of method based on attribute base encryption Implement Core mutual role help | |
CN105162573A (en) | Attribute encryption method based on multi-linear mapping and achieving strategy of secret key revocation in an authority separating way | |
CN104735070A (en) | Universal data sharing method for heterogeneous encryption clouds |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20171208 |