CN107359986A

CN107359986A - The outsourcing encryption and decryption CP ABE methods of user revocation

Info

Publication number: CN107359986A
Application number: CN201710532044.2A
Authority: CN
Inventors: 王晓明; 方雪锋; 甘庆晴; 吴岱霓; 周思敏
Original assignee: Jinan University
Current assignee: Jinan University
Priority date: 2017-07-03
Filing date: 2017-07-03
Publication date: 2017-11-17

Abstract

The invention discloses a kind of outsourcing encryption and decryption CP ABE methods of user revocation, the data encrypting and deciphering technical field being related under mobile cloud environment, this method further realizes outsourcing cryptographic calculation on the basis of the encryption of existing outsourcing attribute base, mitigates the computational costs of local client encryption.The present invention not only realizes fine-grained access control of the file on Cloud Server, and the succinct cipher key management operation of user, realizes the access rights revocation to disabled user.When there is user to be revoked, validated user mitigates the burden of authorized organization without more new key.Local user only needs simple xor operation renewal ciphertext.Security Proof shows that method proposed by the present invention has non-self-adapting selection plaintext secure under Generalized Bilinear group model.Performance evaluation shows that the present invention more effectively reduces the computations expense of mobile device and can efficiently realize that disabled user cancels, and effectively realizes the access privilege control to user.

Description

The outsourcing encryption and decryption CP-ABE methods of user revocation

Technical field

The present invention relates to attribute base outsourcing encryption and decryption mechanism correlative technology field, and in particular to can under a kind of mobile cloud environment Cancel the outsourcing encryption and decryption CP-ABE methods of user.

Background technology

With the continuous development of mobile cloud computing technology, a kind of emerging Data share model causes people and greatly closed Note.The characteristics of mobile cloud computing is that its terminal device is moveable portable appliance, and its memory space and calculating energy all have Limit.So local data is sent to the storage that data are realized on Cloud Server and shared, cloud service confession by network carrier The on-line storage space that business is provided is answered, there is low cost, the easily advantage of use and high scalability, meet mass data storage Demand, and provide data sharing service, become the major fields of information storage development.

However, while mobile cloud computing brings people's great convenience, new safety problem and challenge are also brought.Due to Under cloud computing environment, Cloud Server is simultaneously non-fully believable, and data are outsourced in cloud by enterprise or individual, it means that enterprise Industry or the personal complete control lost to data, then there have been the safety of data and Privacy Protection.In order to ensure The confidentiality of institute's data storage, user need to use encryption technology, are stored being uploaded after data encryption, only possess decruption key User could decrypt the ciphertext, realize the access to data content, so as to reduce the risk of leaking data, ensure that data Safety.It is effectively used and manages to ensure data resource in valid scope, therefore access control technology will be one Individual indispensable part, ensure that fine-grained authorize of data accesses by access control policy, this is to guarantee data security to deposit The key technology of storage.Because mobile terminal device energy is all limited, the calculating consumption of complexity can not be provided.So for Data on mobile cloud computing platform, how to ensure the safety of data in cloud using encryption technology；How in protection data-privacy On the premise of, effective data sharing is realized, and be reduced as far as the key management cost and security risk of user；How to build A kind of safe fine-granularity access control mechanism is found, only allows the data required for authorized user's successful access, and other are illegal User can not access these data；How mobile terminal encryption and decryption computational costs is reduced；And due in shared cloud computing service Under environment, access privilege frequently changes, i.e., authorized user has dynamic modificability, how to effectively realize user and removes Pin, these all turn into urgent problem to be solved.

2005, Sahai et al. was in document《Fuzzy identity-based encryption》In propose mould first The concept of identity base encryption mechanism is pasted, and constructs first attribute base encipherment scheme, the number being flexibly applied under cloud environment According to sharing, the fine-granularity access control of data is realized.2012, Li et al. was in document《Outsourcing encryption of attribute-based encryption with mapreduce》In propose first attribute base encrypt in outsourcing encrypt Scheme, reduce the calculation cost of user terminal.But the program is only reduction of the calculation cost of encipherer.The same year, Zhou et al. exists Document《Efficient and secure data storage operations for mobile cloud computing》 Propose and realize that outsourcing encryption and decryption calculates under mobile cloud environment, while reduce the calculation cost of encipherer and decryption person.But In this scenario, once there is user's revocation, all legal users are both needed to more new key, bring the key updating of costliness Expense.

The content of the invention

The invention aims to solve drawbacks described above of the prior art, there is provided a kind of to be removed under mobile cloud environment Sell the outsourcing encryption and decryption CP-ABE methods of user.

The purpose of the present invention can be reached by adopting the following technical scheme that：

The outsourcing encryption and decryption CP-ABE methods of user revocation, described outsourcing encryption and decryption CP- under a kind of mobile cloud environment ABE methods comprise the following steps：

Algorithm Setup (1 is established by system^λ), input security parameter 1^λ, output system public key PK and master key MK；

The attribute set S of user, system public key PK and master key are inputted by key schedule KeyGen (PK, S, MK) MK, export the private key SK of user；

By AES Encrypt (PK, M, Λ) to file encryption, input system public key PK, plaintext M and access structure Λ, output ciphertext C.Wherein, the ciphering process of file includes data owner's encryption and encryption server for encrypting, is data first Data clear text is encrypted owner, then gives encryption server ciphertext, and encryption server belongs to ciphertext again Property encryption；

File is decrypted by decipherment algorithm Decrypt (C, SK) authorized user, inputs private key for user SK and its right The ciphertext C answered, if private key for user meets the access strategy output plaintext M of ciphertext, wherein, the decrypting process of file includes outsourcing Decryption and local user's decryption, server progress attribute base is decrypted first and decrypts to obtain CT_DO, then user is to CT_DOCarry out again Decryption, obtains data clear text；

When there is user to be revoked, local user updates encryption file, input system by more new algorithm Update (PK, C) Unite public key PK, ciphertext C output renewal ciphertexts C'.

Further, described system establishes algorithm Setup (1^λ) specific as follows：

If group G₀And G_TRank be prime P, g G₀Generation member；

Bilinear map e:G₀×G₀→G_T, safe hash function H:{0,1}→G₀；

Assuming that system has k user, the attribute space of each user is S={ λ₁,λ₂,…,λ_n}；

Trust authority selects two random number α, β ∈ Z_p, then generating system public key is：PK={ G₀,G_T, g, H, h=g^β,e (g,g)^α, preserve master key MK=(β, g^α)。

Further, described key schedule KeyGen (PK, S, MK) is specific as follows：

For each user U_tRandomly select a random number r_t∈Z_p(t=1,2 ..., k),Choose Random number r_j∈Z_p, j ∈ S, calculate private key：

Select the m of prime number each other₁,m₂,…,m_k(k >=2) are by (SK_t,m_t) by safe lane give each user U_t。

Further, described AES Encrypt (PK, M, Λ) is specific as follows：

It is that data clear text is encrypted data owner first, then gives encryption server, cryptographic services ciphertext Device carries out encryption attribute to ciphertext again,

1)Encrypt_DO(M, κ)：Data owner selects a random number z ∈ Z_p, calculate L=m₁m₂…m_k,Wherein L_i=L/m_i,yi=L_i ^-1mod m_i.Send (CT_DO, X) and give encryption server；

2)Encrypt_ESP(PK,CT_DO,Λ)：Encryption server receives CT_DOAfter call the algorithm to be encrypted again, mistake Journey is as follows：

Each leaf node represents an attribute in access control tree Λ, if k_xIt is the threshold value of each node x in Λ,It is d to randomly choose a rank_x=k_x- 1 multinomial q_xWith a random number s ∈ Z_p, for root node R, make q_R(0) =s, other non-root node x cause

Assuming that Y is the set of all leaf nodes in Λ, then the ciphertext generated is：

Further, described decipherment algorithm Decrypt (C, SK) is specific as follows：

Server progress attribute base is decrypted first to decrypt to obtain CT_DO, then user is to CT_DODecrypted, counted again According in plain text, by inputting private key for user SK, and its corresponding ciphertext C, if user is disabled user, output decryption fails；It is no Then ciphertext can be decrypted using private key for validated user, and calculation expression is as follows：

1) local user selects a random number t ∈ Z_pCalculateAnd the decruption key after blinding

Give decryption server；

2)Decrypt server callsAttribute base decryption is carried out, its Decrypting process is as follows：

Define a recursive algorithmWherein y is the node for setting Λ, when y is leaf node, is held Row is as follows:

Wherein i represents node y attribute；

When y is not leaf node, recursive function is called to all y child nodes zOutput As a result it is F_z；Assuming that S_yIt is to have k_yIndividual y child nodes z set, if this set is not present, function returns to ⊥, otherwise decrypts Process is as follows：

Wherein i=index (z), S_x'={ index (z):z∈S_x,It is for Lagrange Number, if S meets access structure, recursive algorithm returns to A=e (g, g)^rs；

Calculate B=e (C, D ')=e (h^s,g^t(α+r)/β)=e (g, g)^{t r}·^se(g,g)^tαs, the transmission of decryption server A, B, X } give local user；

3)Decrypt_DU(CT′,κ)：After local user receives { A, B, X }, B '=B is calculated first^1/t=e (g, g)^rs·e (g,g)^αs, x_i=X mod m_i,Then decryption restoration goes out data clear text：

Further, described more new algorithm Update (PK, C) is specific as follows：

Such as to cancel user DU_jWhen, data owner selects a random number z ' ∈ Z_p, calculateWherein L_i'= L′/m_i,y_i'=L_i′^-1mod m_i, (R, X ') is sent to ESP by escape way.ESP renewals ciphertext is as follows：

The present invention is had the following advantages relative to prior art and effect：

1) present invention increases a function of supporting user's revocation on the basis of outsourcing encryption and decryption mechanism, proposes that one kind can Cancel the outsourcing decryption CP-ABE methods of user, perfect local cipher and user authority management work(for outsourcing decryption mechanisms Energy.

2) present invention not only reduces the computations expense of local user, and realizes the revocation of user.

3) present invention is updated by local user to ciphertext, realizes the authority revocation to user；It is revoked when there is user When, validated user mitigates the burden of authorized organization without more new key.

4) Security Proof shows, it is bright to prove that proposed method selects for non-self-adapting under Generalized Bilinear group model Wenan is complete.

5) performance evaluation shows, compared with existing program, the present invention needs lower encryption expense in local cipher equipment With, and user cancels efficiency and more increased.

Brief description of the drawings

Fig. 1 is a kind of schematic flow sheet of the outsourcing encryption and decryption CP-ABE schemes of user revocation disclosed by the invention；

Fig. 2 is the outsourcing encryption and decryption CP-ABE scheme system structure charts of user revocation.

Embodiment

To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is Part of the embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.

Embodiment

With the rapid development of network and cloud, mobile cloud computing turns into a kind of emerging service mode, Jin Ergai Become the modes such as the life, study, medical treatment of people.Mobile cloud computing is to dispose multiple light movements on cloud computing platform to set It is standby to realize data sharing.How mobile device information security is ensured；How the encryption and decryption expense of mobile device is reduced；How to realize Access control and revocation function to user；If these problems cannot solve, can not just ensure to move the safety of cloud computing. Therefore, for mobile cloud computing the characteristics of, corresponding safety problem on this basis is studied, establish a kind of effective, safe add Close decryption mechanisms are very necessary and are badly in need of, and have important theory significance and application value.

The present embodiment is directed to problem above, mainly have studied the data encrypting and deciphering mechanism under mobile cloud environment, it is proposed that one The outsourcing encryption and decryption CP-ABE methods of kind user revocation.Demonstrated under Generalized Bilinear group model the scheme of proposition have it is non- Adaptively selected plaintext secure.The inventive method not only have mobile device encryption and decryption expense it is low the characteristics of, and can also to The access rights at family are cancelled, and realize flexibly effectively access control.When there is disabled user to be revoked, validated user without More new key is needed, effectively alleviates the burden of authorized organization.Compared with existing scheme, the present invention not only significantly reduces The encryption and decryption computational costs of mobile device, and the function with user revocation, have effectively achieved to access privilege Control.

With reference to the specific of outsourcing encryption and decryption CP-ABE methods of the Fig. 1 to a kind of user revocation disclosed in the present embodiment Process is described in detail.Comprise the following steps：

S1, algorithm Setup (1 is established by system^λ), input security parameter 1^λ, output system public key PK and master key MK；

In concrete application, the system establishes algorithm Setup (1^λ), if group G₀And G_TRank be prime P, g G₀Generation Member.Bilinear map e:G₀×G₀→G_T, safe hash function H:{0,1}→G₀.Assuming that system has k user, each user Attribute space be S={ λ₁,λ₂,…,λ_n}.Trust authority selects two random number α, β ∈ Z_p, then it is PK to generate system public key ={ G₀,G_T, g, H, h=g^β,e(g,g)^α, master key is MK=(β, g^α)。

S2, the attribute set S by key schedule KeyGen (PK, S, MK) input users, system public key PK and master Key MK, export the private key SK of user；

In concrete application, the key schedule KeyGen (PK, S, MK), a random number r is randomly selected_t∈Z_p(t =1,2 ..., k),Choose random number r_j∈Z_p, calculate private key：

Select the m of prime number each other₁,m₂,…,m_k(k >=2), by (SK_t,m_t) by safe lane give each user U_t。

S3, pass through AES Encrypt (PK, M, Λ), input system public key PK, plaintext M and access structure Λ, output Ciphertext C；

In concrete application, the AES Encrypt (PK, M, Λ), the encryption of data is encrypted by data owner Formed with encryption server for encrypting two parts.It is that data clear text is encrypted data owner first, then ciphertext is given Encryption server, encryption server carry out encryption attribute to ciphertext again.

S31、Encrypt_DO(M, κ)：Data owner selects a random number z ∈ Z_p, calculate L=m₁m₂…m_k,Wherein L_i=L/m_i,y_i=L_i ^-1mod m_i.Send (CT_DO, X) and give encryption server.

S32、Encrypt_ESP(PK,CT_DO,Λ)：Encryption server receives CT_DOAfter call the algorithm to be encrypted again, Process is as follows：

Each leaf node represents an attribute in access control tree Λ, if k_xIt is the threshold value of each node x in Λ.It is d to randomly choose a rank_x=k_x- 1 multinomial q_xWith a random number s ∈ Z_p.For root node R, q is made_R(0) =s, other non-root node x causeAssuming that Y is the set of all leaf nodes in Λ, then give birth to Into ciphertext be：

S4, file decrypted by decipherment algorithm Decrypt (C, SK) authorized user, input private key for user SK, and its correspondingly Ciphertext C, plaintext M is exported if the access strategy that private key for user meets ciphertext, otherwise output decryption failure.

In concrete application, the decipherment algorithm Decrypt (C, SK), decrypting process includes outsourcing decryption and local user solves It is close.Server progress attribute base is decrypted first to decrypt to obtain CT_DO, then user is to CT_DODecrypted again, it is bright to obtain data Text.

S41, local user select a random number t ∈ Z_pCalculateIt is and the decryption after blinding is close Key

Give decryption server.

S42、Decrypt server callsAttribute base decryption is carried out, Its decrypting process is as follows：

Define a recursive algorithmWherein y is the node for setting Λ.When y is leaf node, hold Row is as follows:

Wherein i represents node y attribute.

When y is not leaf node, recursive function is called to all y child nodes zOutput As a result it is F_z.Assuming that S_yIt is to have k_yIndividual y child nodes z set.If this set is not present, function returns to ⊥, otherwise decrypts Process is as follows：

Wherein i=index (z), S_x'={ index (z):z∈S_x,It is for Lagrange Number.If S meets access structure, recursive algorithm returns to A=e (g, g)^rs。

Calculate B=e (C, D ')=e (h^s,g^t(α+r)/β)=e (g, g)^trs·e(g,g)^tαs, the transmission of decryption server A, B, X } give local user.

S43、Decrypt_DU(CT′,κ)：After local user receives { A, B, X }, B '=B is calculated first^1/t=e (g, g)^rs· e(g,g)^αs, x_i=X mod m_i,Then decryption restoration goes out data clear text：

S5, when there is user to be revoked, Cloud Server pass through more new algorithm Update (PK, C) renewal encryption file, input System public key PK, ciphertext C, output renewal ciphertext C'；

When there is user to be revoked, local user updates encryption file.

In concrete application, more new algorithm Update (PK, C)：Such as to cancel user DU_jWhen, data owner selects one Random number z ' ∈ Z_p, calculate Wherein L_i'=L '/m_i,y_i'=L_i′^-1mod m_i.(R, X ') is sent to ESP by escape way.ESP renewals ciphertext is as follows：

Because X ' does not include DU_jM_j, so the user DU cancelled_jZ ' can not be obtained by X ', therefore can not also be obtained Data clear text.

Under mobile cloud environment, realize that the outsourcing encryption and decryption CP-ABE method systems of user revocation are as shown in Figure 2.The figure It is made up of following six entity：Storage server (Storage Service Provider, SSP), encryption server (Encryption Service Provider, ESP), decryption server (Decrypt Service Provider, DSP), number According to owner (Data Owner, DO), user (Data User, DU), trust authority (Trust Authority, TA).

When data owner Alice will utilize a kind of revocable use disclosed by the invention by Cloud Server storage file M The outsourcing encryption and decryption CP-ABE schemes at family, TA runtimes first establish algorithm, obtain systematic parameter PK={ G₀,G_T, g, H, h= g^β,e(g,g)^α, master key is MK=(β, g^α)；Then and by PK externally announce, and MK is preserved by TA is secret.Alice can be transported Row AES Encrypt_DO(M, κ) is encrypted first to file M, and the file after encryption is added plus encryption server is passed to Close server calls algorithm Encrypt_ESP(PK,CT_DO, Λ) and encryption obtains final ciphertext CT again for progress.As user Bob needs to access This document, then TA uses these system public key PK and master key MK, according to user Bob attribute set, calls key schedule KeyGen (PK, S, MK) is that Bob generates a private key SK_Bob,m_Bob.TA is easy to its transmitting SK by safe lane_Bob,m_BobGive Bob.When Bob needs to access file, random number t is selected to blind the private key SK of oneself first_Bob, obtainAnd sendGive Decryption server is decrypted, and obtains ciphertext A=e (g, g)^rs, Bob recovers what key was decrypted to the end by random number t Plaintext M.When needing to cancel user, Alice calls more new algorithm Update (PK, C) to be updated ciphertext.And if only if Bob quilts During revocation, Alice is calculated Wherein L_i'=L '/m_i,y_i'=L_i′^-1mod m_i.(R, X ') is sent to ESP by escape way.ESP updates ciphertext:Then Bob will be unable to that the ciphertext after renewal is decrypted, so as to cancel access rights of the Bob to file Limit.And other users can be accessed normally, and need not more new key.

In summary, the present invention is in order to realize safely and effectively data sharing under mobile cloud environment, in order to meet that user drops The equipment encryption overhead of low local user side finite energy, in the further progress outsourcing in the basis of outsourcing attribute base encryption and decryption Encryption, and increase a function of supporting user's revocation, a kind of outsourcing encryption and decryption CP-ABE methods of user revocation are proposed, it is complete It has been apt to user's dynamic management function for outsourcing encryption and decryption mechanism.The present invention is updated by local user to ciphertext, is realized The authority of user is cancelled, but renewal ciphertext is simple, computing expense is relatively low；When there is user to be revoked, validated user need not More new key, mitigate the burden of trust authority.Security Proof shows, proposed side is proved under Generalized Bilinear group model Method is that non-self-adapting selects plaintext secure.Performance evaluation shows, compared with existing program, the present invention not only ensure that local light The relatively low computational costs of equipment, and efficiency is cancelled with more efficient user, effectively realize the access rights control to user System.

Above-described embodiment is the preferable embodiment of the present invention, but embodiments of the present invention are not by above-described embodiment Limitation, other any Spirit Essences without departing from the present invention with made under principle change, modification, replacement, combine, simplification, Equivalent substitute mode is should be, is included within protection scope of the present invention.

Claims

1. a kind of outsourcing encryption and decryption CP-ABE methods of user revocation, it is characterised in that described outsourcing encryption and decryption CP-ABE Method comprises the following steps：

By key schedule KeyGen (PK, S, MK), the attribute set S, system public key PK and master key MK of user are inputted, Export the private key SK of user；

By AES Encrypt (PK, M, Λ) to file encryption, input system public key PK, plaintext M and access structure Λ, Ciphertext C is exported, wherein, the ciphering process of file includes data owner's encryption and encryption server for encrypting, is that data are gathered around first Data clear text is encrypted the person of having, and then gives encryption server ciphertext, and encryption server carries out attribute to ciphertext again Encryption；

File is decrypted by decipherment algorithm Decrypt (C, SK) authorized user, inputs private key for user SK and its corresponding Ciphertext C, if private key for user meets the access strategy output plaintext M of ciphertext, wherein, the decrypting process of file is decrypted including outsourcing Decrypted with local user, decrypt server progress attribute base first and decrypt to obtain CT_DO, then user is to CT_DOSolved again It is close, obtain data clear text；

When there is user to be revoked, local user updates encryption file by more new algorithm Update (PK, C), and input system is public Key PK, ciphertext C, output renewal ciphertext C'.

2. the outsourcing encryption and decryption CP-ABE methods of user revocation according to claim 1, it is characterised in that described is Algorithm Setup (1 is found in construction in a systematic way^λ) specific as follows：

If group G₀And G_TRank be prime P, g G₀Generation member；

Bilinear map e:G₀×G₀→G_T, safe hash function H:{0,1}→G₀；

Trust authority selects two random number α, β ∈ Z_p, then generating system public key is：PK={ G₀,G_T, g, H, h=g^β,e(g,g )^α, preserve master key：MK=(β, g^α)。

3. the outsourcing encryption and decryption CP-ABE methods of user revocation according to claim 1, it is characterised in that described is close Key generating algorithm KeyGen (PK, S, MK) is specific as follows：

To each user U_tRandomly select a random number r_t∈Z_p(t=1,2 ..., k),Choose with Machine number r_j∈Z_p, calculate private key：

<mrow> <msub> <mi>SK</mi> <mi>t</mi> </msub> <mo>=</mo> <mo><</mo> <mi>D</mi> <mo>=</mo> <msup> <mi>g</mi> <mrow> <mo>(</mo> <mi>&alpha;</mi> <mo>+</mo> <msub> <mi>r</mi> <mi>t</mi> </msub> <mo>)</mo> <mo>/</mo> <mi>&beta;</mi> </mrow> </msup> <mo>,</mo> <mo>&ForAll;</mo> <msub> <mi>&lambda;</mi> <mi>j</mi> </msub> <mo>&Element;</mo> <mi>S</mi> <mo>,</mo> <mrow> <mo>(</mo> <mn>1</mn> <mo>&le;</mo> <mi>j</mi> <mo>&le;</mo> <mi>n</mi> <mo>)</mo> </mrow> <mo>;</mo> </mrow>

<mrow> <msub> <mi>D</mi> <mi>j</mi> </msub> <mo>=</mo> <msup> <mi>g</mi> <msub> <mi>r</mi> <mi>t</mi> </msub> </msup> <mo>&times;</mo> <mi>H</mi> <msup> <mrow> <mo>(</mo> <msub> <mi>&lambda;</mi> <mi>j</mi> </msub> <mo>)</mo> </mrow> <msub> <mi>r</mi> <mi>j</mi> </msub> </msup> <mo>,</mo> <msubsup> <mi>D</mi> <mi>j</mi> <mo>&prime;</mo> </msubsup> <mo>=</mo> <msup> <mi>g</mi> <msub> <mi>r</mi> <mi>j</mi> </msub> </msup> <mo>></mo> </mrow>

4. the outsourcing encryption and decryption CP-ABE methods of user revocation according to claim 1, it is characterised in that described adds Close algorithm Encrypt (PK, M, Λ) is specific as follows：

It is that data clear text is encrypted data owner first, then gives encryption server ciphertext, encryption server is again It is secondary that encryption attribute is carried out to ciphertext,

1)Encrypt_DO(M, κ)：Data owner selects a random number z ∈ Z_p, calculateL =m₁m₂…m_k,Wherein L_i=L/m_i,y_i=L_i ^-1modm_i.Send (CT_DO, X) and give encryption server；

2)Encrypt_ESP(PK,CT_DO,Λ)：Encryption server receives CT_DOAfter call the algorithm to be encrypted again, process is such as Under：

Each leaf node represents an attribute in access control tree Λ, if k_xIt is the threshold value of each node x in Λ, It is d to randomly choose a rank_x=k_x- 1 multinomial q_xWith a random number s ∈ Z_p, for root node R, make q_R(0)=s, it is other Non- root node x causes

<mrow> <mtable> <mtr> <mtd> <mrow> <mi>C</mi> <mi>T</mi> <mo>=</mo> <mo><</mo> <mi>T</mi> <mo>,</mo> <mover> <mi>C</mi> <mo>~</mo> </mover> <mo>=</mo> <msub> <mi>CT</mi> <mrow> <mi>D</mi> <mi>O</mi> </mrow> </msub> <mo>&CenterDot;</mo> <mi>e</mi> <msup> <mrow> <mo>(</mo> <mi>g</mi> <mo>,</mo> <mi>g</mi> <mo>)</mo> </mrow> <mrow> <mi>&alpha;</mi> <mi>s</mi> </mrow> </msup> <mo>,</mo> <mi>C</mi> <mo>=</mo> <msup> <mi>h</mi> <mi>s</mi> </msup> <mo>,</mo> <mo>&ForAll;</mo> <mi>y</mi> <mo>&Element;</mo> <mi>Y</mi> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <mo>:</mo> <msub> <mi>C</mi> <mi>y</mi> </msub> <mo>=</mo> <msup> <mi>g</mi> <mrow> <msub> <mi>q</mi> <mi>y</mi> </msub> <mrow> <mo>(</mo> <mn>0</mn> <mo>)</mo> </mrow> </mrow> </msup> <mo>,</mo> <msubsup> <mi>C</mi> <mi>y</mi> <mo>&prime;</mo> </msubsup> <mo>=</mo> <mi>H</mi> <msup> <mrow> <mo>(</mo> <msub> <mi>&lambda;</mi> <mi>y</mi> </msub> <mo>)</mo> </mrow> <mrow> <msub> <mi>q</mi> <mi>y</mi> </msub> <mrow> <mo>(</mo> <mn>0</mn> <mo>)</mo> </mrow> </mrow> </msup> <mo>></mo> </mrow> </mtd> </mtr> </mtable> <mo>.</mo> </mrow>

5. the outsourcing encryption and decryption CP-ABE methods of user revocation according to claim 1, it is characterised in that described solution Close algorithm Decrypt (C, SK) is specific as follows：

Server progress attribute base is decrypted first to decrypt to obtain CT_DO, then user is to CT_DODecrypted again, it is bright to obtain data Text, by inputting private key for user SK, and its corresponding ciphertext C, if user is illegal user, output decryption failure；Otherwise Ciphertext can be decrypted using private key for validated user, and calculation expression is as follows：

<mrow> <mover> <mrow> <mi>S</mi> <mi>K</mi> </mrow> <mo>~</mo> </mover> <mo>=</mo> <mo><</mo> <msup> <mi>D</mi> <mo>&prime;</mo> </msup> <mo>=</mo> <msup> <mi>g</mi> <mrow> <mi>t</mi> <mrow> <mo>(</mo> <mi>&alpha;</mi> <mo>+</mo> <msub> <mi>r</mi> <mi>t</mi> </msub> <mo>)</mo> </mrow> <mo>/</mo> <mi>&beta;</mi> </mrow> </msup> <mo>,</mo> <mo>&ForAll;</mo> <mi>j</mi> <mo>&Element;</mo> <mi>S</mi> <mo>:</mo> </mrow>

<mrow> <msub> <mi>D</mi> <mi>j</mi> </msub> <mo>=</mo> <msup> <mi>g</mi> <msub> <mi>r</mi> <mi>t</mi> </msub> </msup> <mo>&times;</mo> <mi>H</mi> <msup> <mrow> <mo>(</mo> <mi>j</mi> <mo>)</mo> </mrow> <msub> <mi>r</mi> <mi>j</mi> </msub> </msup> <mo>,</mo> <msubsup> <mi>D</mi> <mi>j</mi> <mo>&prime;</mo> </msubsup> <mo>=</mo> <msup> <mi>g</mi> <msub> <mi>r</mi> <mi>j</mi> </msub> </msup> <mo>></mo> </mrow>

Give decryption server；

2)Decrypt server callsAttribute base decryption is carried out, it is decrypted Process is as follows：

Define a recursive algorithmWherein y is the node for setting Λ, when y is leaf node, is performed as follows:

Wherein i represents node y attribute；

When y is not leaf node, recursive function is called to all y child nodes zOutput result is F_z；Assuming that S_yIt is to have k_yIndividual y child nodes z set, if this set is not present, function returns to ⊥, and otherwise decrypting process is such as Under：

<mrow> <msub> <mi>F</mi> <mi>x</mi> </msub> <mo>=</mo> <munder> <mo>&Pi;</mo> <mrow> <mi>z</mi> <mo>&Element;</mo> <msub> <mi>S</mi> <mi>x</mi> </msub> </mrow> </munder> <msup> <msub> <mi>F</mi> <mi>z</mi> </msub> <msub> <mi>&Delta;</mi> <mrow> <mi>i</mi> <mo>,</mo> <msubsup> <mi>S</mi> <mi>x</mi> <mo>&prime;</mo> </msubsup> <mrow> <mo>(</mo> <mn>0</mn> <mo>)</mo> </mrow> </mrow> </msub> </msup> <mo>=</mo> <munder> <mo>&Pi;</mo> <mrow> <mi>z</mi> <mo>&Element;</mo> <msub> <mi>S</mi> <mi>x</mi> </msub> </mrow> </munder> <msup> <mrow> <mo>(</mo> <mi>e</mi> <msup> <mrow> <mo>(</mo> <mrow> <mi>g</mi> <mo>,</mo> <mi>g</mi> </mrow> <mo>)</mo> </mrow> <mrow> <mi>r</mi> <mo>&CenterDot;</mo> <msub> <mi>q</mi> <mi>z</mi> </msub> <mrow> <mo>(</mo> <mn>0</mn> <mo>)</mo> </mrow> </mrow> </msup> <mo>)</mo> </mrow> <msub> <mi>&Delta;</mi> <mrow> <mi>i</mi> <mo>,</mo> <msubsup> <mi>S</mi> <mi>x</mi> <mo>&prime;</mo> </msubsup> <mrow> <mo>(</mo> <mn>0</mn> <mo>)</mo> </mrow> </mrow> </msub> </msup> </mrow>

<mfenced open = "" close = ""> <mtable> <mtr> <mtd> <mrow> <mo>=</mo> <munder> <mo>&Pi;</mo> <mrow> <mi>z</mi> <mo>&Element;</mo> <msub> <mi>S</mi> <mi>x</mi> </msub> </mrow> </munder> <msup> <mrow> <mo>(</mo> <mi>e</mi> <msup> <mrow> <mo>(</mo> <mrow> <mi>g</mi> <mo>,</mo> <mi>g</mi> </mrow> <mo>)</mo> </mrow> <mrow> <mi>r</mi> <mo>&CenterDot;</mo> <msub> <mi>q</mi> <mrow> <mi>p</mi> <mi>a</mi> <mi>r</mi> <mi>e</mi> <mi>n</mi> <mi>t</mi> <mrow> <mo>(</mo> <mi>z</mi> <mo>)</mo> </mrow> </mrow> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </mrow> </msup> <mo>)</mo> </mrow> <msub> <mi>&Delta;</mi> <mrow> <mi>i</mi> <mo>,</mo> <msubsup> <mi>S</mi> <mi>x</mi> <mo>&prime;</mo> </msubsup> <mrow> <mo>(</mo> <mn>0</mn> <mo>)</mo> </mrow> </mrow> </msub> </msup> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <mo>=</mo> <munder> <mo>&Pi;</mo> <mrow> <mi>z</mi> <mo>&Element;</mo> <msub> <mi>S</mi> <mi>x</mi> </msub> </mrow> </munder> <msup> <mrow> <mo>(</mo> <mi>e</mi> <msup> <mrow> <mo>(</mo> <mrow> <mi>g</mi> <mo>,</mo> <mi>g</mi> </mrow> <mo>)</mo> </mrow> <mrow> <mi>r</mi> <mo>&CenterDot;</mo> <msub> <mi>q</mi> <mi>y</mi> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </mrow> </msup> <mo>)</mo> </mrow> <msub> <mi>&Delta;</mi> <mrow> <mi>i</mi> <mo>,</mo> <msubsup> <mi>S</mi> <mi>x</mi> <mo>&prime;</mo> </msubsup> <mrow> <mo>(</mo> <mn>0</mn> <mo>)</mo> </mrow> </mrow> </msub> </msup> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <mo>=</mo> <mi>e</mi> <msup> <mrow> <mo>(</mo> <mi>g</mi> <mo>,</mo> <mi>g</mi> <mo>)</mo> </mrow> <mrow> <msub> <mi>rq</mi> <mi>x</mi> </msub> <mrow> <mo>(</mo> <mn>0</mn> <mo>)</mo> </mrow> </mrow> </msup> </mrow> </mtd> </mtr> </mtable> </mfenced>

Wherein i=index (z), S '_x={ index (z):z∈S_x,For Lagrange coefficient, such as Fruit S meets access structure, then recursive algorithm returns to A=e (g, g)^rs；

Calculate B=e (C, D ')=e (h^s,g^t(α+r)/β)=e (g, g)^trs·e(g,g)^tαs, decrypt server transmission { A, B, X } and give Local user；

3)Decrypt_DU(CT′,κ)：After local user receives { A, B, X }, B '=B is calculated first^1/t=e (g, g)^rs·e(g,g )^αs, x_i=X mod m_i,Then decryption restoration goes out data clear text：

<mrow> <mi>M</mi> <mo>=</mo> <mi>H</mi> <mrow> <mo>(</mo> <mi>z</mi> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mfrac> <mover> <mi>C</mi> <mo>~</mo> </mover> <mrow> <mo>(</mo> <msup> <mi>B</mi> <mo>&prime;</mo> </msup> <mo>/</mo> <mi>A</mi> <mo>)</mo> </mrow> </mfrac> <mo>.</mo> </mrow>

6. the outsourcing encryption and decryption CP-ABE methods of user revocation according to claim 1, it is characterised in that it is described more New algorithm Update (PK, C) is specific as follows：

Such as to cancel user DU_jWhen, data owner selects a random number z ' ∈ Z_p, calculateWherein L '_i= L′/m_i,(R, X ') is sent to ESP by escape way.ESP renewals ciphertext is as follows：

<mrow> <msubsup> <mi>CT</mi> <mrow> <mi>D</mi> <mi>O</mi> </mrow> <mo>&prime;</mo> </msubsup> <mo>=</mo> <msub> <mi>CT</mi> <mrow> <mi>D</mi> <mi>O</mi> </mrow> </msub> <mo>&CirclePlus;</mo> <mi>R</mi> <mo>.</mo> </mrow> 3