CN112671543A - Public verifiable outsourcing attribute-based encryption method based on block chain - Google Patents

Public verifiable outsourcing attribute-based encryption method based on block chain Download PDF

Info

Publication number
CN112671543A
CN112671543A CN202011568809.6A CN202011568809A CN112671543A CN 112671543 A CN112671543 A CN 112671543A CN 202011568809 A CN202011568809 A CN 202011568809A CN 112671543 A CN112671543 A CN 112671543A
Authority
CN
China
Prior art keywords
key
user
ciphertext
trusted authority
attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011568809.6A
Other languages
Chinese (zh)
Other versions
CN112671543B (en
Inventor
胡积飞
谢满德
雷希燕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Gongshang University
Original Assignee
Zhejiang Gongshang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Gongshang University filed Critical Zhejiang Gongshang University
Priority to CN202011568809.6A priority Critical patent/CN112671543B/en
Publication of CN112671543A publication Critical patent/CN112671543A/en
Application granted granted Critical
Publication of CN112671543B publication Critical patent/CN112671543B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides a block chain-based publicly verifiable outsourcing attribute-based encryption method, which not only tracks a secret key of a malicious user, but also cancels the malicious user, meanwhile, can update a ciphertext in time, can publicly verify outsourcing decryption, and provides forward security of a mechanism. The invention comprises the following steps: A. initializing a system; B. encrypting; C. generating a secret key; D. decrypting; E. outsourcing key generation; F. outsourcing conversion; G. outsourcing decryption; H. and tracing the identity of the user.

Description

Public verifiable outsourcing attribute-based encryption method based on block chain
Technical Field
The invention relates to a public verifiable outsourcing attribute-based encryption method based on a block chain.
Background
Over the past few decades, with the continued development of the internet of things (IoT), traditional internet of things systems may face challenges in efficiency and system security. First, since the amount of data transmitted between the internet of things device and the conventional cloud server is large, the cloud server suffers from transmission delay and service quality degradation. Second, sensitive data must be encrypted before uploading to the cloud server, and fine-grained access control must be supported when sharing sensitive data. Finally, a malicious cloud server may tamper with sensitive data, thereby preventing the internet of things device from accessing the data correctly.
With respect to the first problem, fog calculation is a suitable technique that can solve the problem well. The fog computing is located between the IoT devices and the traditional centralized cloud infrastructure, and the fog nodes are closer to the IoT devices than the cloud servers. Thus, IoT systems using fog computing may ensure that real-time web applications and devices are enabled with less delay and sufficient computing resources.
In addition, cipher text policy attribute based encryption (CP-ABE), which is a promising encryption primitive, can effectively solve the second problem, and is generally used for implementing fine-grained cryptographic access control of data in the cloud. However, due to the limited storage and computing capabilities of the internet of things devices, the CP-ABE with outsourced decryption function is more suitable for the internet of things scenario. Most existing CP-ABE schemes with outsourced decryption only allow the original decryptor to check if the third party agent has returned the correct translation ciphertext when verifying the decryption result. In this case, once dispute is made about the decryption result, the decryption key must be revealed to the arbiter. Thus, the CP-ABE with outsourced decryption functionality must achieve public verifiability of the decryption result. Also, the conventional CP-ABE still has a problem in that a malicious user may leak its own decryption key to others, and the malicious user does not bear the risk of being traced and revoked.
In view of the above, it is therefore necessary to design a CP-ABE scheme that supports the tracing and revocation of malicious users and that can publicly authenticate the decryption of outsources.
Disclosure of Invention
The invention aims to overcome the defects in the prior art, and provides a reasonably designed block chain-based publicly verifiable outsource attribute-based encryption method, which not only tracks the secret key of a malicious user, but also cancels the malicious user, meanwhile, can update the ciphertext in time, can publicly verify the decryption of the outsource, and provides the forward security of the mechanism.
The technical scheme adopted by the invention for solving the problems is as follows:
a block chain-based publicly verifiable outsourcing attribute-based encryption method is characterized by comprising the following steps: the method comprises the following steps:
A. initializing a system: the trusted authority generates a global public key and a master key according to the security parameters and the whole attribute set, and publishes the global public key and the unfamiliar master key;
B. encryption: the data owner encrypts the message and generates a ciphertext according to the global public key, the access structure and the overlay list;
C. and (3) key generation: the trusted authority generates a decryption key according to the global public key, the identity information of the user and the user attribute set, and sends the decryption key to the data user;
D. and (3) decryption: the user decrypts the ciphertext into a message by using the decryption key;
E. and (3) outsourcing key generation: the user converts the decryption key into a conversion key and a retrieval key according to the decryption key, sends the conversion key to the fog node and stores the retrieval key by the user;
F. and (3) outsourcing conversion: the fog node outsourcing the ciphertext into a conversion ciphertext according to the global public key, the ciphertext and the conversion key, and then sending the conversion ciphertext to a data user;
G. and (3) outsourcing decryption: the user generates a message according to the retrieval key, the ciphertext and the conversion ciphertext;
H. tracing the identity of the user: the trusted authority outputs user identity information or error information according to the global public key, the minimum coverage list and the decryption key;
I. and (3) ciphertext updating: the trusted authority generates an updated ciphertext according to the global public key, the ciphertext and the minimum coverage list; and the trusted authority sends the updated ciphertext to the fog node.
The step A of the invention specifically comprises the following steps:
a1, firstly, the trusted authority receives a whole attribute set U, and selects the order according to an implicit security parameter lambdaTwo multiplication cycle groups with prime number p and generator g
Figure BDA0002861864080000021
And
Figure BDA0002861864080000022
and a bilinear map
Figure BDA0002861864080000023
The trusted authority then initializes an empty user revocation list L and a full binary tree
Figure BDA0002861864080000024
After initialization, the trusted authority assigns the user's identity to the full binary tree
Figure BDA0002861864080000025
On leaf nodes of the binary tree
Figure BDA0002861864080000026
Numbering each node according to a breadth-first search method, wherein the numbering of the root node is 0, and d is used to represent a binary tree
Figure BDA0002861864080000027
So that the maximum number of users is | Num | ═ 2dThe number of nodes of the binary tree is 2| Num | -2, so the number of the last leaf node of the binary tree is 2| Num | -2;
a2, the trusted authority selects two random numbers alpha,
Figure BDA0002861864080000028
wherein
Figure BDA0002861864080000029
Is a p-order integer ring; the trusted authority then likewise selects five random numbers g, u, v, d,
Figure BDA00028618640800000210
a3, for each attribute value i epsilon U, the trusted authority selects a random number
Figure BDA00028618640800000211
Wherein
Figure BDA00028618640800000212
Is a positive integer ring of order p and computes an attribute public key component associated with the attribute value
Figure BDA0002861864080000031
A4, the trusted authority randomly selects an anti-collision hash function
Figure BDA0002861864080000032
The hash function can map a message m or a random message m' to one
Figure BDA0002861864080000033
An element of (a);
a5 for binary tree
Figure BDA0002861864080000034
In each node, the trusted authority randomly selects a random number
Figure BDA0002861864080000035
Then generating a master key component
Figure BDA0002861864080000036
Also concurrently generating a binary tree public key component associated with the user identity
Figure BDA0002861864080000037
A6, selecting a probability encryption scheme (Enc, Dec) by the trusted authority, wherein Enc is an encryption function, and Dec is a decryption function;
a7, the trusted authority publishes the public key PK, and does not publish the master key MSK.
The step B of the invention specifically comprises the following steps:
b1 data owner selects an access structure
Figure BDA00028618640800000316
Where M is an access matrix of order l n, and p is an access matrix capable of converting M into MiMapping algorithm to an attribute, where MiIs the ith row of the access matrix M; the data owner then selects two random secret indices s,
Figure BDA0002861864080000038
and sets two random column vectors v ═ s, v2,...,vn) And v ═ s ', v'2,...,v′n) Wherein
Figure BDA0002861864080000039
Finally, for each MiThe data owner calculates the effective share λ associated with the secret exponents s and si=MiX v and λ'i=Mi×v′;
B2, data owner selects information m to be encrypted and randomly selected information m', and calculates and accesses structure
Figure BDA00028618640800000310
Associated ciphertext component
Figure BDA00028618640800000311
C1=m·e(g,g)αs,C′1=gs,C″1=gas
Figure BDA00028618640800000312
C2=m′·e(g,g)αs′,C′2=gs′And C ″)2=gas′
Figure BDA00028618640800000313
B3、Upon receipt of the latest overlay list cover (L) sent by the trusted authority, the data owner generates the ciphertext component associated with the overlay list cover (L)
Figure BDA00028618640800000314
B4, and finally, the generated ciphertext CT is:
Figure BDA00028618640800000315
b5, once the fog node receives the data owner's ciphertext, the fog node will call an intelligent contract, and after the intelligent contract is generated, the fog node broadcasts the transaction to other fog nodes for consensus verification.
The step C of the invention specifically comprises the following steps:
c1, selecting a random number by credible organization
Figure BDA0002861864080000041
And generating a random number f ═ Enc using a probabilistic encryption scheme with a symmetric key of kk(lx) Wherein l isxIs a leaf node associated with the user identity;
c2, the trusted authority first generates a key component associated with the user property set S: k1=f,
Figure BDA0002861864080000042
K3=gbAnd K4=gab
Figure BDA0002861864080000043
C3, selecting a random number by the trusted authority
Figure BDA0002861864080000044
And generating a key element associated with the user identity uid
Figure BDA0002861864080000045
And
Figure BDA0002861864080000046
where x ∈ path (uid) andgate (l), and path (uid) is the path number between the binary tree from the root node to the leaf node of the associated user uid, then the trusted authority generates the key component associated with the user identity uid:
Figure BDA0002861864080000047
K6=gw
Figure BDA0002861864080000048
c4, the trusted authority generates a key SK and sends the key SK to the data user, wherein:
SK={K1,K2,K3,K4,Ki,K5,K6,K7,K8}。
the step D of the invention specifically comprises the following steps:
d1, find two constants ciAnd c'iCan make two equations
Figure BDA0002861864080000049
The method comprises the following steps that (1) the attribute mapping set I is { I | rho (I) ∈ S };
d2, the data consumer first computes two decryption components:
Figure BDA00028618640800000410
Figure BDA00028618640800000411
d3, the data user then calculates two plaintext blocks m ═ C1/Y′1And m ═ C2/Y′2And determining the ciphertext component
Figure BDA00028618640800000412
And ciphertext verification parameter component uH(m)vH(m′)And d is equal or not, if equal, the message m is returned, and if not, the operation is interrupted.
Step E of the invention specifically comprises the following steps:
e1, selecting a random number z by a user, and generating a conversion key component K'1=K1
Figure BDA00028618640800000413
And
Figure BDA00028618640800000414
K′7=K7,K′8=K8
e2, the user sends the generated transformation key TK to the cloud node, and the user saves the retrieval key RK, wherein:
TK={K′1,K′2,K′3,K′4,K′i,K′5,K′6,K′7,K′8},RK={z}。
in step F of the present invention, the fog node calculates two converted ciphertext components as follows:
Figure BDA0002861864080000051
Figure BDA0002861864080000052
the step G of the invention specifically comprises the following steps:
g1, the user first verifies the information received, if
Figure BDA0002861864080000053
Or W1≠C1Or W2≠C2If the verification is successful, the operation is interrupted, otherwise, the verification is passed;
g2, if the verification is passed, the user computes two plaintext messages:
Figure BDA0002861864080000054
g3, user calculating two verification plaintext components V1=uH(m),V2=vH(m′)And will V1And V2Sending to the fog node, then the fog node calls the intelligent contract, and the intelligent contract is verified
Figure BDA0002861864080000055
And plaintext verification parameter component V1V2d are equal.
Step H of the present invention specifically comprises the following steps:
h1, firstly, the trusted authority firstly judges whether the format of the inputted public key SK is correct, if so, the operation is interrupted;
h2, if the format of the public key SK is correct, the trusted authority searches for lxWhether the user identity uid exists in the minimal coverage list cover (L) or not is judged, if so, the user identity uid is returned, otherwise, a false user identity uid is returned;
h3, the trusted authority updates the latest revocation list L' ═ L utou { uid }.
The steps of the invention specifically comprise the following steps:
i1, selecting a random number by the trusted authority
Figure BDA0002861864080000056
And computing an updated binary tree public key component associated with the user identity
Figure BDA0002861864080000057
I2, the trusted authority calculates the updated ciphertext component:
Figure BDA0002861864080000058
and computes two ciphertext components associated with the overlay list (L) after updating
Figure BDA0002861864080000059
And
Figure BDA00028618640800000510
then an updated ciphertext is generated:
Figure BDA00028618640800000511
i3, the trusted authority then sends the updated ciphertext and the revocation list L' to the fog node, which recalls the intelligent contract to store the latest ciphertext hash.
Compared with the prior art, the invention has the following advantages and effects: 1. the invention combines outsourcing decryption with the block chain, realizes the public verifiability of the outsourcing decryption result on the premise of ensuring that the fog node can not obtain any information about the plaintext, and simultaneously can effectively prevent the cloud server from tampering the ciphertext and the user maliciousness of 35820; 2. the method has the advantages that the malicious users are tracked, revoked and updated in time, the identity information of the users is distributed to leaf nodes in the binary tree, and once the malicious users are tracked, the malicious users are added into a revocation list, so that the malicious users are tracked and revoked; 3. the outer package decryption information is disclosed through a block chain technology, so that the public verifiability of the outer package decryption attribute-based encryption is realized; 4. the delay problem of a traditional centralized cloud server architecture is solved based on a three-layer system architecture of 'Internet of things equipment-fog nodes-cloud servers'; 5. the method can provide higher privacy protection requirements for users, has higher efficiency, and is convenient for the use of mobile equipment with limited bandwidth and resources.
Drawings
FIG. 1 is a schematic diagram of an overview of a binary tree according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail below by way of examples with reference to the accompanying drawings, which are illustrative of the present invention and are not to be construed as limiting the present invention.
In this embodiment, a block chain-based encryption method for publicly verifiable outsourcing attribute bases specifically includes the following steps:
A. initializing a system: the trusted authority generates a global public key PK and a master key MSK according to the implicit security parameter lambda and the overall attribute set U; the method specifically comprises the following steps:
a1, firstly, the trusted authority receives a whole attribute set U, and selects two multiplication cycle groups with the order of prime number p and generation element g according to an implicit safety parameter lambda
Figure BDA0002861864080000061
And
Figure BDA0002861864080000062
and a bilinear map
Figure BDA0002861864080000063
The trusted authority then initializes an empty user revocation list L and a full binary tree
Figure BDA0002861864080000064
After initialization, the trusted authority assigns the user's identity to the full binary tree
Figure BDA0002861864080000065
On leaf nodes of the binary tree
Figure BDA0002861864080000066
Numbering each node according to a breadth-first search method, wherein the numbering of the root node is 0, and d is used to represent a binary tree
Figure BDA0002861864080000067
So that the maximum number of users is | Num | ═ 2dNode of binary treeThe number of points is 2| Num | -2, so the number of the last leaf node of the binary tree is 2| Num | -2;
a2, the trusted authority selects two random numbers alpha,
Figure BDA0002861864080000068
wherein
Figure BDA0002861864080000069
Is a p-order integer ring. The trusted authority then likewise selects five random numbers g, u, v, d,
Figure BDA0002861864080000071
a3, for each attribute value i epsilon U, the trusted authority selects a random number
Figure BDA0002861864080000072
Wherein
Figure BDA0002861864080000073
Is a positive integer ring of order p and computes an attribute public key component associated with the attribute value
Figure BDA0002861864080000074
A4, the trusted authority randomly selects an anti-collision hash function
Figure BDA0002861864080000075
The hash function can map a message m or a random message m' to one
Figure BDA0002861864080000076
An element of (a);
a5 for binary tree
Figure BDA0002861864080000077
In each node, the trusted authority randomly selects a random number
Figure BDA0002861864080000078
Then generating a master key component
Figure BDA0002861864080000079
Also concurrently generating a binary tree public key component associated with the user identity
Figure BDA00028618640800000710
A6, selecting a probability encryption scheme (Enc, Dec) by the trusted authority, wherein Enc is an encryption function and Dec is a decryption function. The scheme is a symmetric encryption scheme, which can map the user identity uid to
Figure BDA00028618640800000711
And returns a different result each time encrypted using the symmetric key k;
a7, trusted authority publishes public key PK, and does not publish master key MSK:
Figure BDA00028618640800000712
Figure BDA00028618640800000713
B. encryption: the data owner accesses the structure according to the global public key PK, message m
Figure BDA00028618640800000714
And an overlay list cover (L), wherein overlay list cover (L) is a set of node numbers of a minimum overlay set associated with user revocation list L, and then encrypts message m and generates ciphertext CT; the method specifically comprises the following steps:
b1 data owner selects an access structure
Figure BDA00028618640800000715
Where M is an access matrix of order l n, and p is an access matrix capable of converting M into MiMapping to a map of attributesRay algorithm, in which MiIs the ith row of the access matrix M; the data owner then selects two random secret indices s,
Figure BDA00028618640800000716
and sets two random column vectors v ═ s, v2,...,vn) And v ═ s ', v'2,...,v′n) Wherein
Figure BDA00028618640800000717
And
Figure BDA00028618640800000718
the part is a selected random number; finally, for each MiThe data owner calculates the effective share λ associated with the secret exponents s and si=MiX v and λ'i=Mi×v′;
B2, data owner selects information m to be encrypted and randomly selected information m', and calculates and accesses structure
Figure BDA00028618640800000719
Associated ciphertext component
Figure BDA0002861864080000081
C1=m·e(g,g)αs,C′1=gs,C″1=gas
Figure BDA0002861864080000082
C2=m′·e(g,g)αs′,C′2=gs′And are and
Figure BDA0002861864080000083
b3, when the data owner receives the latest overlay list cover (L) sent by the trusted authority, the data owner generates the ciphertext component associated with the overlay list cover (L)
Figure BDA0002861864080000084
B4, and finally, the generated ciphertext CT is:
Figure BDA0002861864080000085
b5, once the fog node receives the data owner's ciphertext, the fog node will call an intelligent contract, and after the contract is generated, the fog node broadcasts the transaction to other fog nodes for consensus verification.
C. And (3) key generation: the trusted authority generates a decryption key SK according to the global public key PK, the identity information uid of the user and the user attribute set S; the method specifically comprises the following steps:
c1, selecting a random number by credible organization
Figure BDA0002861864080000086
And generating a random number f ═ Enc using a probabilistic encryption scheme with a symmetric key of kk(lx) Wherein l isxIs a leaf node associated with the user identity;
c2, the trusted authority first generates a key component associated with the property set S: k1=f,
Figure BDA0002861864080000087
K3=gbAnd K4=gab
Figure BDA0002861864080000088
C3, selecting a random number by the trusted authority
Figure BDA0002861864080000089
And generating a key element associated with the user identity uid
Figure BDA00028618640800000810
And
Figure BDA00028618640800000811
where x ∈ path (uid) andgate (l), and path (uid) is the path number between the binary tree from the root node to the leaf node of the associated user uid, then the trusted authority generates the key component associated with the user identity uid:
Figure BDA00028618640800000812
K6=gw
Figure BDA00028618640800000813
c4, the trusted authority generates a key SK and sends the key SK to the data user:
SK={K1,K2,K3,K4,Ki,K5,K6,K7,K8}。
D. and (3) decryption: the user decrypts the ciphertext CT into a message m by using the decryption key SK; the method specifically comprises the following steps:
d1, find two constants ciAnd c'iCan make two equations
Figure BDA00028618640800000814
The method comprises the following steps that (1) the attribute mapping set I is { I | rho (I) ∈ S };
d2, the data consumer first computes two decryption components:
Figure BDA0002861864080000091
Figure BDA0002861864080000092
d3, the data user then calculates two plaintext blocks m ═ C1/Y′1And m ═ C2/Y′2And determining the ciphertext component
Figure BDA0002861864080000093
And ciphertext verification parameter component uH(m)vH(m′)And d is equal or not, if equal, the message m is returned, and if not, the operation is interrupted.
E. And (3) outsourcing key generation: the user converts the decryption key SK into a conversion key TK and a retrieval key RK according to the decryption key SK; the method specifically comprises the following steps:
e1, selecting a random number z by a user, and generating a conversion key component K'1=K1
Figure BDA0002861864080000094
And
Figure BDA0002861864080000095
K′7=K7,K′8=K8
e2, the user sends the generated transformation key TK to the cloud node and the user saves the retrieval key RK:
TK={K′1,K′2,K′3,K′4,K′i,K′5,K′6,K′7,K′8},
RK={z}。
F. and (3) outsourcing conversion: the fog node converts the ciphertext CT outsourced into a conversion ciphertext CT' according to the public key PK, the ciphertext CT and the conversion key TK, and
Figure BDA0002861864080000096
the fog node then sends the converted ciphertext CT' to the data user.
Wherein the fog node computes two transformed ciphertext components:
Figure BDA0002861864080000097
Figure BDA0002861864080000098
G. and (3) outsourcing decryption: the user generates a message m according to the retrieval key RK, the ciphertext CT and the conversion ciphertext CT'; the method specifically comprises the following steps:
g1, the user first verifies the information received, if
Figure BDA0002861864080000099
Or W1≠C1Or W2≠C2If the verification is successful, the operation is interrupted, otherwise, the verification is passed;
g2, if the verification is passed, the user computes two plaintext messages:
Figure BDA00028618640800000910
Figure BDA0002861864080000101
g3, user calculating two verification plaintext components V1=uH(m),V2=vH(m′)And will V1And V2Sending the information to a fog node, then calling an intelligent contract by the fog node, and verifying the intelligent contract
Figure BDA0002861864080000102
And plaintext verification parameter component V1V2d are equal to achieve public verifiability of the algorithm.
H. Tracing the identity of the user: the trusted authority outputs user identity information uid or error information according to the global public key PK, the minimum coverage list cover (L) and the decryption key SK; the method specifically comprises the following steps:
h1, firstly, the trusted authority firstly judges whether the format of the input key SK is correct, and if the format is wrong, the operation is interrupted;
h2, if SK format is correct, trusted authority searches for lxWhether it is in the minimum coverage list cover (l), if it is, returning the user identity uid, otherwise, returning a false user identity uid, wherein the false user identity uid can never be returnedPresent in the system;
h3, the trusted authority updates the latest revocation list L' ═ L utou { uid }.
I. And (3) ciphertext updating: the trusted authority generates an updated ciphertext CT 'according to the global public key PK, the ciphertext CT and the minimum overlay list cover (L'); the method specifically comprises the following steps:
i1, selecting a random number by the trusted authority
Figure BDA0002861864080000103
And computing an updated binary tree public key component associated with the user identity
Figure BDA0002861864080000104
I2, the trusted authority calculates the updated ciphertext component:
Figure BDA0002861864080000105
Figure BDA0002861864080000106
and computes two ciphertext components associated with the overlay list (L) after updating
Figure BDA0002861864080000107
And
Figure BDA0002861864080000108
then an updated ciphertext is generated:
Figure BDA0002861864080000109
i3, the trusted authority then sends the updated ciphertext and the revocation list L' to the fog node, which recalls the intelligent contract to store the latest ciphertext hash.
The entities involved in the invention comprise a trusted authority, a data owner, a fog node, a cloud storage provider, a data user and a block chain.
A trusted authority, considered to be fully trusted, for generating a global public key PK and a master key MSK for a system, which also has a revocation list L of users and a binary tree
Figure BDA0002861864080000111
Meanwhile, the trusted authority only sends the revocation list L and the minimum coverage list cover (L') to the cloud node and the data owner respectively, but does not disclose the whole binary tree, which is beneficial to protecting the privacy of the data user.
And the data user sets an access structure for encrypting the message by himself, encrypts the message by using the system, and uploads the encrypted ciphertext to the fog node.
And the fog node is considered as semi-trusted, maintains a revocation list L of users, when a data user requests to access data, the data user sends the request to the fog node, and after receiving the request, if the data user is not in the revocation list L and the attribute set S is matched with the access structure, the fog node forwards the request to a trusted authority, and finally, the fog node also plays a role in packaging and sending some key information to the block chain.
The cloud storage provider, which is also considered semi-trusted, is responsible for storing the ciphertext from the fog node, and then also stores the ciphertext in the location AdressCTAnd returning to the fog node.
And the data users, each of which has an identity mark uid, communicate data requests and data verification of the data users by sending data description information to the fog node.
And the block chain, wherein the fog node stores information on the block chain through an intelligent contract, such as: hash of the ciphertext, hash of the updated ciphertext, public key, etc.
In addition, it should be noted that the specific embodiments described in the present specification may be different in the components, the shapes of the components, the names of the components, and the like, and the above description is only an illustration of the structure of the present invention. Equivalent or simple changes in the structure, characteristics and principles of the invention are included in the protection scope of the patent. Various modifications, additions and substitutions for the specific embodiments described may be made by those skilled in the art without departing from the scope of the invention as defined in the accompanying claims.

Claims (10)

1. A block chain-based publicly verifiable outsourcing attribute-based encryption method is characterized by comprising the following steps: the method comprises the following steps:
A. initializing a system: the trusted authority generates a global public key and a master key according to the security parameters and the whole attribute set, and publishes the global public key and the unfamiliar master key;
B. encryption: the data owner encrypts the message and generates a ciphertext according to the global public key, the access structure and the overlay list;
C. and (3) key generation: the trusted authority generates a decryption key according to the global public key, the identity information of the user and the user attribute set, and sends the decryption key to the data user;
D. and (3) decryption: the user decrypts the ciphertext into a message by using the decryption key;
E. and (3) outsourcing key generation: the user converts the decryption key into a conversion key and a retrieval key according to the decryption key, sends the conversion key to the fog node and stores the retrieval key by the user;
F. and (3) outsourcing conversion: the fog node outsourcing the ciphertext into a conversion ciphertext according to the global public key, the ciphertext and the conversion key, and then sending the conversion ciphertext to a data user;
G. and (3) outsourcing decryption: the user generates a message according to the retrieval key, the ciphertext and the conversion ciphertext;
H. tracing the identity of the user: the trusted authority outputs user identity information or error information according to the global public key, the minimum coverage list and the decryption key;
I. and (3) ciphertext updating: the trusted authority generates an updated ciphertext according to the global public key, the ciphertext and the minimum coverage list; and the trusted authority sends the updated ciphertext to the fog node.
2. The blockchain-based publicly verifiable outsourced attribute-based encryption method of claim 1, wherein: the step A specifically comprises the following steps:
a1, firstly, the trusted authority receives a whole attribute set U, and selects two multiplication cycle groups with the order of prime number p and generation element g according to an implicit safety parameter lambda
Figure FDA0002861864070000011
And
Figure FDA0002861864070000012
and a bilinear map
Figure FDA0002861864070000013
The trusted authority then initializes an empty user revocation list L and a full binary tree
Figure FDA0002861864070000014
After initialization, the trusted authority assigns the user's identity to the full binary tree
Figure FDA0002861864070000015
On leaf nodes of the binary tree
Figure FDA0002861864070000016
Numbering each node according to a breadth-first search method, wherein the numbering of the root node is 0, and d is used to represent a binary tree
Figure FDA0002861864070000017
So that the maximum number of users is | Num | ═ 2dThe number of nodes of the binary tree is 2| Num | -2, so the number of the last leaf node of the binary tree is 2| Num | -2;
a2, selecting two random numbers by trusted authority
Figure FDA0002861864070000018
Wherein
Figure FDA0002861864070000019
Is a p-order integer ring; the trusted authority then likewise selects five random numbers
Figure FDA00028618640700000110
A3, for each attribute value i epsilon U, the trusted authority selects a random number
Figure FDA0002861864070000021
Wherein
Figure FDA0002861864070000022
Is a positive integer ring of order p and computes an attribute public key component associated with the attribute value
Figure FDA0002861864070000023
A4, the trusted authority randomly selects an anti-collision hash function
Figure FDA0002861864070000024
The hash function can map a message m or a random message m' to one
Figure FDA0002861864070000025
An element of (a);
a5 for binary tree
Figure FDA0002861864070000026
In each node, the trusted authority randomly selects a random number
Figure FDA0002861864070000027
Then generating a master key component
Figure FDA0002861864070000028
Also concurrently generating a binary tree public key component associated with the user identity
Figure FDA0002861864070000029
A6, selecting a probability encryption scheme (Enc, Dec) by the trusted authority, wherein Enc is an encryption function, and Dec is a decryption function;
a7, the trusted authority publishes the public key PK, and does not publish the master key MSK.
3. The blockchain-based publicly verifiable outsourced attribute-based encryption method of claim 1, wherein: the step B specifically comprises the following steps:
b1 data owner selects an access structure
Figure FDA00028618640700000210
Where M is an access matrix of order l n, and p is an access matrix capable of converting M into MiMapping algorithm to an attribute, where MiIs the ith row of the access matrix M; the data owner then selects two random secret indices
Figure FDA00028618640700000211
And two random column vectors upsilon (s, upsilon) are set2,...,υn) And upsilon ' ═ s ', upsilon '2,...,υ′n) Wherein
Figure FDA00028618640700000212
Finally, for each MiData owner calculation and privacyThe significant fraction λ of the correlation of the exponents s and si=MiX v and λ'i=Mi×v′;
B2, data owner selects information m to be encrypted and randomly selected information m', and calculates and accesses structure
Figure FDA00028618640700000213
Associated ciphertext component
Figure FDA00028618640700000214
C1=m·c(g,g)αs,C′1=gs,C″1=gas
Figure FDA00028618640700000215
C2=m′·e(g,g)αs′,C′2=gs′And C ″)2=gαs′
Figure FDA00028618640700000216
B3, when the data owner receives the latest overlay list cover (L) sent by the trusted authority, the data owner generates the ciphertext component associated with the overlay list cover (L)
Figure FDA00028618640700000217
B4, and finally, the generated ciphertext CT is:
Figure FDA00028618640700000218
b5, once the fog node receives the data owner's ciphertext, the fog node will call an intelligent contract, and after the intelligent contract is generated, the fog node broadcasts the transaction to other fog nodes for consensus verification.
4. The blockchain-based publicly verifiable outsourced attribute-based encryption method of claim 1, wherein: the step C specifically comprises the following steps:
c1, selecting a random number by credible organization
Figure FDA0002861864070000031
And generating a random number f ═ Enc using a probabilistic encryption scheme with a symmetric key of kk(lx) Wherein l isxIs a leaf node associated with the user identity;
c2, the trusted authority first generates a key component associated with the user property set S: k1=f,
Figure FDA0002861864070000032
K3=gbAnd K4=gab
Figure FDA0002861864070000033
C3, selecting a random number by the trusted authority
Figure FDA0002861864070000034
And generating a key element associated with the user identity uid
Figure FDA0002861864070000035
And
Figure FDA0002861864070000036
where x ∈ path (uid) andgate (l), and path (uid) is the path number between the binary tree from the root node to the leaf node of the associated user uid, then the trusted authority generates the key component associated with the user identity uid:
Figure FDA00028618640700000313
K6=gw
Figure FDA0002861864070000037
c4, the trusted authority generates a key SK and sends the key SK to the data user, wherein:
SK={K1,K2,K3,K4,Ki,K5,K6,K7,K8}。
5. the blockchain-based publicly verifiable outsourced attribute-based encryption method of claim 1, wherein: the step D specifically comprises the following steps:
d1, find two constants ciAnd c'iCan make two equations
Figure FDA0002861864070000038
Wherein attribute mapping set
Figure FDA0002861864070000039
D2, the data consumer first computes two decryption components:
Figure FDA00028618640700000310
Figure FDA00028618640700000311
d3, the data user then calculates two plaintext blocks m ═ C1/Y′1And m ═ C2/Y′2And determining the ciphertext component
Figure FDA00028618640700000312
And ciphertext verification parameter component uH(m)υH(m′)And d is equal or not, if equal, the message m is returned, and if not, the operation is interrupted.
6. The blockchain-based publicly verifiable outsourced attribute-based encryption method of claim 1, wherein: the step E specifically comprises the following steps:
e1, selecting a random number z by a user, and generating a conversion key component K'1=K1
Figure FDA0002861864070000041
And
Figure FDA0002861864070000047
K′7=K7,K′8=K8
e2, the user sends the generated transformation key TK to the cloud node, and the user saves the retrieval key RK, wherein:
TK={K′1,K′2,K′3,K′4,K′i,K′5,K′6,K′7,K′s},RK={z}。
7. the blockchain-based publicly verifiable outsourced attribute-based encryption method of claim 1, wherein: in step F, the fog node calculates two transform ciphertext components as:
Figure FDA0002861864070000042
Figure FDA0002861864070000043
8. the blockchain-based publicly verifiable outsourced attribute-based encryption method of claim 1, wherein: the step G specifically comprises the following steps:
g1, the user first verifies the information received, if
Figure FDA0002861864070000044
Or W1≠C1Or W2≠C2If the verification is successful, the operation is interrupted, otherwise, the verification is passed;
g2, if the verification is passed, the user computes two plaintext messages:
Figure FDA0002861864070000045
g3, user calculating two verification plaintext components V1=uH(m),V2=vH(m′)And will V1And V2Sending to the fog node, then the fog node calls the intelligent contract, and the intelligent contract is verified
Figure FDA0002861864070000046
And plaintext verification parameter component V1V2d are equal.
9. The blockchain-based publicly verifiable outsourced attribute-based encryption method of claim 1, wherein: the step H specifically comprises the following steps:
h1, firstly, the trusted authority firstly judges whether the format of the inputted public key SK is correct, if so, the operation is interrupted;
h2, if the format of the public key SK is correct, the trusted authority searches for lxWhether the user identity uid exists in the minimal coverage list cover (L) or not is judged, if so, the user identity uid is returned, otherwise, a false user identity uid is returned;
h3, the trusted authority updates the latest revocation list L' ═ L utou { uid }.
10. The blockchain-based publicly verifiable outsourced attribute-based encryption method of claim 1, wherein: the step I specifically comprises the following steps:
i1, selecting a random number by the trusted authority
Figure FDA0002861864070000051
And computing an updated binary tree public key component associated with the user identity
Figure FDA0002861864070000052
I2, the trusted authority calculates the updated ciphertext component:
Figure FDA0002861864070000053
and computes two ciphertext components associated with the overlay list (L) after updating
Figure FDA0002861864070000054
And
Figure FDA0002861864070000055
then an updated ciphertext is generated:
Figure FDA0002861864070000056
i3, the trusted authority then sends the updated ciphertext and the revocation list L' to the fog node, which recalls the intelligent contract to store the latest ciphertext hash.
CN202011568809.6A 2020-12-25 2020-12-25 Public verifiable outsourcing attribute-based encryption method based on block chain Active CN112671543B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011568809.6A CN112671543B (en) 2020-12-25 2020-12-25 Public verifiable outsourcing attribute-based encryption method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011568809.6A CN112671543B (en) 2020-12-25 2020-12-25 Public verifiable outsourcing attribute-based encryption method based on block chain

Publications (2)

Publication Number Publication Date
CN112671543A true CN112671543A (en) 2021-04-16
CN112671543B CN112671543B (en) 2022-06-28

Family

ID=75409705

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011568809.6A Active CN112671543B (en) 2020-12-25 2020-12-25 Public verifiable outsourcing attribute-based encryption method based on block chain

Country Status (1)

Country Link
CN (1) CN112671543B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114143343A (en) * 2021-11-25 2022-03-04 中南财经政法大学 Remote access control system, control method, terminal and medium in fog computing environment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190297063A1 (en) * 2018-03-22 2019-09-26 Cisco Technology, Inc. Iaas-aided access control for information centric networking with internet-of-things
CN110611662A (en) * 2019-08-30 2019-12-24 徐州工业职业技术学院 Attribute-based encryption-based fog collaborative cloud data sharing method
CN110611571A (en) * 2019-09-27 2019-12-24 上海电力大学 Revocable access control method of smart grid system based on fog

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190297063A1 (en) * 2018-03-22 2019-09-26 Cisco Technology, Inc. Iaas-aided access control for information centric networking with internet-of-things
CN110611662A (en) * 2019-08-30 2019-12-24 徐州工业职业技术学院 Attribute-based encryption-based fog collaborative cloud data sharing method
CN110611571A (en) * 2019-09-27 2019-12-24 上海电力大学 Revocable access control method of smart grid system based on fog

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114143343A (en) * 2021-11-25 2022-03-04 中南财经政法大学 Remote access control system, control method, terminal and medium in fog computing environment
CN114143343B (en) * 2021-11-25 2024-04-19 中南财经政法大学 Remote access control system, control method, terminal and medium in fog computing environment

Also Published As

Publication number Publication date
CN112671543B (en) 2022-06-28

Similar Documents

Publication Publication Date Title
US11139951B2 (en) Blockchain system and data processing method for blockchain system
Xue et al. Provable data transfer from provable data possession and deletion in cloud storage
WO2018045568A1 (en) Access control method oriented to cloud storage service platform and system thereof
US10880100B2 (en) Apparatus and method for certificate enrollment
KR20200126321A (en) How to securely execute smart contract actions in a trusted execution environment
Nirmala et al. Data confidentiality and integrity verification using user authenticator scheme in cloud
WO2014114080A1 (en) Method and system for data encryption protection
CN114650137B (en) Decryption outsourcing method and system based on block chain and supporting strategy hiding
Subha et al. Efficient privacy preserving integrity checking model for cloud data storage security
Bhandari et al. A framework for data security and storage in Cloud Computing
CN113434875A (en) Lightweight access method and system based on block chain
CN114244838B (en) Encryption method and system, decryption method, device and equipment for block chain data
Mukundan et al. Replicated Data Integrity Verification in Cloud.
Zhang et al. Efficient Hierarchical and Time‐Sensitive Data Sharing with User Revocation in Mobile Crowdsensing
CN112671543B (en) Public verifiable outsourcing attribute-based encryption method based on block chain
CN117528516A (en) Cross-chain identity management method and system
CN113824713B (en) Key generation method, system and storage medium
Ruj et al. Securing cloud data
CN116248289A (en) Industrial Internet identification analysis access control method based on ciphertext attribute encryption
Ding et al. Secure Multi‐Keyword Search and Access Control over Electronic Health Records in Wireless Body Area Networks
CN111585756B (en) Certificate-free cloud auditing method suitable for multi-copy-multi-cloud situation
CN112671729A (en) Internet of vehicles oriented anonymous key leakage resistant authentication method, system and medium
Wu et al. Verified CSAC-based CP-ABE access control of cloud storage in SWIM
Abraham et al. Proving possession and retrievability within a cloud environment: A comparative survey
CN117648706B (en) Access control method based on block chain and attribute encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant