CN116132105B - Internet of vehicles large attribute data sharing system and method based on attribute encryption - Google Patents

Abstract

The invention discloses a large-attribute data sharing system and method of Internet of vehicles based on attribute encryption. Comprising the following steps: the system comprises six parts, namely a system initialization module, a user key generation module, an outsource key generation module, an encryption module, an outsource decryption module and a user decryption module. The system user attributes in the present invention may be of an exponential level, while the length of the system common parameters depends only on the number of system users. In addition, the invention adopts the partially hidden access structure to hide sensitive user attribute values, and only attribute categories can be sent together with ciphertext, thereby effectively avoiding privacy disclosure. The invention realizes dynamic user permission revocation and main calculation task outsourcing to the cloud by using broadcast encryption, and the calculation cost of the user side is relatively low.

Description

Internet of vehicles large attribute data sharing system and method based on attribute encryption

Technical Field

The invention relates to the technical field of Internet of vehicles, in particular to a safety data sharing method between a vehicle-oriented and outsourcing service provider under the Internet of vehicles.

Background

Mature internet of vehicles, such as smart cars, distributed systems and infrastructure (e.g., 5G), the internet, are becoming more popular. The intelligent system based on the Internet of vehicles can bring various advantages of traffic management, remote diagnosis service, automatic driving and the like. Among these remote services, value added service providers can remotely view vehicle data in real time, share and access vehicle status records.

The vehicle status record may include sensitive information such as owner information, vehicle track data, vehicle health data, vehicle geographic location data, and the like. Given the sensitivity it is necessary to establish specific access control mechanisms for these information to protect the confidentiality of the data to be shared. The data access security problem can be effectively solved by the solution of realizing fine granularity access control based on the encryption of the attribute. However, the complex application scene and the large number of user attributes in the internet of vehicles bring new challenges for privacy protection. In the conventional attribute encryption scheme, as the number of user attributes of a system increases, the number and size of common parameters of the system increase, because the system is not suitable for scenes with an excessive number of user attributes. In addition, the access structure and the ciphertext are transmitted together, and anyone can know the corresponding access strategy only by obtaining the ciphertext in the Internet of vehicles. Thus, the vehicle monitoring information is also leaked. Currently, in most attribute encryption systems, once a user passes the authentication of a trusted authority, no one can prevent the user from accessing the vehicle state record by using a corresponding access policy. Once a user is marked as illegitimate or the user's key expires, the user should no longer be able to decrypt the ciphertext, and thus, it is an indispensable requirement to revoke the user's access rights. In addition, many existing attribute encryption schemes consume huge computation costs due to excessive bilinear pairing, however, in the internet of vehicles, resources and devices used by value added service providers are often limited, so the scheme should reduce computation and communication costs as much as possible.

Therefore, the internet of vehicles large-attribute data sharing system and method based on attribute encryption are designed.

CN112671543A is based on a public verifiable outsourcing attribute-based encryption method of a blockchain, not only is a secret key of a malicious user tracked, but also the malicious user is revoked, meanwhile, ciphertext can be updated timely, outsourcing decryption can be publicly verified, and forward security of a mechanism is provided. The invention comprises the following steps: A. initializing a system; B. encrypting; C. generating a secret key; D. decrypting; E. generating an outsourcing key; F. outsourcing conversion; G. outsourcing decryption; H. the user identity is traced back. The CN112671543A method adopts a tree access structure, and the invention adopts a linear access structure, so that the fine granularity access control of the invention has higher flexibility and stronger expression capability.

1. As the number of user attributes of the system increases in the CN112671543a method, the number and size of common parameters of the system increase, which is not suitable for the scenario with an excessive number of user attributes. The invention adopts a new algorithm to realize that the number of attributes can be in an exponential level, and the length of the common parameters only depends on the number of system users.

2. Compared with the CN112671543A, the method has more safety characteristics, not only can the scheme be efficiently suitable for large-attribute scenes, but also the hidden part access structure in the ciphertext transmission process can prevent information from being leaked more, so that the method can be suitable for more complex and richer application scenes compared with the CN 112671543A.

Disclosure of Invention

The present invention is directed to solving the above problems of the prior art. The system and the method for sharing the large-attribute data of the Internet of vehicles based on attribute encryption are provided. The technical scheme of the invention is as follows:

A large-attribute data sharing system and method of Internet of vehicles based on attribute encryption, which comprises the following steps: the system initialization module, the user key generation module, the outsource key generation module, the encryption module, the outsource decryption module and the user decryption module, wherein,

The system initialization module is used for initializing the Internet of vehicles system and the trusted mechanism;

The key generation module is used for registering the user in the system and generating a corresponding session key;

The outsourcing key generation module is used for generating a session key for a third party outsourcing service provider and is responsible for providing outsourcing decryption for the outsourcing service provider;

the encryption module is used for encrypting and converting data transmitted in the Internet of vehicles into ciphertext, and associating an identity set, an access structure, public parameters and plaintext to be encrypted of a user in the encryption process;

The outsource decryption module is used for enabling the outsource service provider to use outsource secret key decryption to enable complex ciphertext to be converted into simple conversion ciphertext;

The user decryption module is used for decrypting and converting ciphertext and obtaining encrypted plaintext by a user in the Internet of vehicles, and the user only needs to execute simple modular exponentiation operation and verify the correctness of an outsourcing calculation result.

Further, the system initialization module is configured to initialize the internet of vehicles system and the trusted mechanism AA, and specifically includes:

The trusted authority selects a complex-order bilinear group that takes the security parameter 1 ^λ as input and defines the output as (N, q ₁,q₂,q₃,q₄,G,G_T, e), where q ₁,q₂,q₃,q₄ is a different prime number, G and G _T are multiplicative cyclic groups and satisfying the order n=q ₁q₂q₃q₄, e being expressed as a bilinear map satisfying g×g→g _T. Note that: g _T＝G_q1×G_q2×G_q3×G_q4, wherein G _q1,G_q2,G_q3,G_q4 are each a multiplication loop group of order q ₁,q₂,q₃,q₄.

The trusted authority selects three random numbers a, alpha, theta epsilon Z _N, wherein Z _N is expressed as an integer ring of order N, four random numbers G, h, u, v epsilon G _q1, one random number A ₃∈G_q3 and two random numbers Z, A ₄∈G_q4, and calculates a common parameter P= hZ, and the common parameter G _i is expressed asWhere i ε [1, m ]. U.m+2, 2m and m is the maximum number of users. The trusted authority uses the key derivation function F _kd and uses the public parameter l _F to represent the derived key length, and selects a one-way anti-collision hash function H: G ₁→{0,1}^t that maps a message or random value to an element. The trusted authority uses SE to represent a symmetric encryption scheme, and finally the trusted authority publishes the main public key/>And master key msk= { α, h, a ₃, θ }.

Further, the key generation module is used for registering vehicles and value-added service providers in the system and generating corresponding keys, and specifically comprises:

The trusted authority generates a corresponding key SK by using the master public key, the master key, the attribute set S of the user and the user identity id, wherein the attribute set S of the user S _i is denoted as the attribute value, and l _s is denoted as the size of the attribute set S. The trusted authority first selects a unique identity id for each user and selects a random number t e Z _N and three random numbers X, X', X _i∈G_q3. The trusted authority then outputs the user key/> Wherein key component parametersKey component parameter K '=g ^t X', key component parameter/>If the user's set of attributes satisfies the access policy, he may decrypt the ciphertext CT using the corresponding key SK to obtain the encrypted plaintext M.

Further, the outsourcing key generating module is configured to generate a session key for a third party outsourcing service provider, and is responsible for providing outsourcing decryption for the outsourcing service provider, and specifically includes:

The trusted institution inputs the user's key SK, selects a random number beta epsilon Z _N, and calculates the parameters of the blind key assembly Blind key component parameter K _T′＝K′^1/β＝(g^tX′)^1/β and blind key component parameterFinally, the trusted authority will generate a blind key/>And sending the generated restoration key RK= (MPK, beta) to a third party outsourced service provider and sending the restoration key RK= (MPK, beta) to a user. Note that the blind key BK cannot decrypt the ciphertext but can convert the ciphertext encrypted by the vehicle into another ciphertext that is convenient for the data user to decrypt using the recovery key RK.

Further, the encryption module is configured to encrypt and convert data transmitted in the internet of vehicles into ciphertext, and specifically includes:

The vehicle runs an encryption algorithm and takes as input the master public key MPK, the plaintext M, the access policy a and the set of user IDs U e {1, …, M }. The sender user selects plaintext M ε G _T, accesses structure A ^* ε (A, ρ, Γ), where A is a matrix of l n, ρ is a mapping algorithm that maps each row A _x of A to an attribute name, and Where Γ is the result set mapped by ρ in the access policy, result set parameter/>Represented as a specific value for each row map. The vehicle then selects a vector v= (s, λ ₂,λ₃,...,λ_n)∈Z_N for constructing a matrix equation, where s represents the secret value of the linear access structure, which is the key parameter of the decryption process, λ _i represents a random value, the vehicle selects a random value ω _x∈Z_N, two random values D _1,x,D_2,x∈G_q4, then calculates the encrypted intermediate parameter key=e (g ₁,g_m)^-s), then runs the key derivation function F _kd(key,l_F)＝k_s||k_d, where K _s and K _d are the parameters generated by the key derivation function F _kd and will serve as the subsequent encryption parameters, and finally calculates the symmetric key for symmetric encryption as K _SE =h (key). Then the sender user outputs the ciphertext ct= (a ^*,C,C_SE,F,C₀,{C_1,x,C_2,x}_1≤x≤l) and uploads the ciphertext to the cloud server, where a ^*,C,C_SE,F,C₀,{C_1,x,C_2,x}_1≤x≤l is the ciphertext component parameter, in the specific values:

C₀＝g^s

C_SE＝SE.Enc(H(e(g₁,g_m)^-s),M)

F＝(g^θ∏_j∈Ug_m+1-j)^u

Further, the outsource decryption module is configured to decrypt, by using an outsource key, a complex ciphertext into a simple transformed ciphertext, and specifically includes:

The outsource service provider can use the blind key BK to help the data consumer to calculate the pairing of most of the exponential operations and bilinear decryption phases, which inputs the master public key MPK, the ciphertext CT, the value added service provider attribute set U, and the blind key BK for the identity id. It first checks from a ^* whether there is a parameter set i= { i:ρ _(i) e a }, where I represents the minimum subset set {1, 2..i } that satisfies a ^*. Then check if there is a constant set Wherein the constant Δ _i should satisfy the expressionIf parameter set I or constant set/>If not, the decryption process is exited and ended, otherwise, the outsource service provider then calculates a transformed ciphertext component parameter T ₁,T₂,T₃, with the following specific values:

The outsource service provider gives the last generated conversion ciphertext CT' = (T ₁,T₂,T₃) to the value added service provider.

Furthermore, the user decryption module is configured to decrypt the conversion ciphertext and obtain encrypted data by a user in the internet of vehicles, and the value added service provider only needs to execute simple modular exponentiation operation and verify the correctness of the outsourcing calculation result, and specifically includes:

The value added service provider inputs the recovery key RK, the ciphertext CT and the conversion ciphertext CT'. If T ₃ +.c, directly terminate the algorithm, otherwise it calculates the decryption parameters key, K _s, and K _d ：key＝(T₁)^β(T₂)＝e(g₁,g_m)^-s、F_dk(key,l_F)＝k_s||k_d. if T ₃ +.c, directly terminate the algorithm, otherwise calculate the symmetric key K _SE =h (key), and the value added service provider can calculate plaintext m=se.dec (H (key), C _SE) by symmetric encryption.

A method for sharing internet of vehicles data based on any one of the systems, comprising the steps of:

a system initialization step: initializing a vehicle networking system and a trusted mechanism, and generating common parameters as follows: And master key msk= { α, h, a ₃, θ };

a key generation step: generating a registration and a corresponding session key of a user in a system, wherein the generated user key is as follows:

and an outsourcing key generation step: generating a session key for a third party outsourcing service provider, which is responsible for providing outsourcing decryption for the outsourcing service provider, wherein the generated outsourcing key is Restoration key rk= (MPK, β);

Encryption: encrypting and converting data transmitted in the Internet of vehicles into ciphertext, wherein in the encryption process, the ciphertext is generated by associating an identity set, an access structure, public parameters and plaintext needing encryption of a user, wherein the generated ciphertext is CT= (A ^*,C,C_SE,F,C₀,{C_1,x,C_2,x}_1≤x≤l);

And (3) outsourcing decryption: the outsource service provider uses the outsource key decryption to convert the complex ciphertext into a simple conversion ciphertext, and the generated conversion ciphertext is CT' = (T ₁,T₂,T₃);

A user decrypting step: in the internet of vehicles, the user decrypts the conversion ciphertext and obtains the encrypted plaintext, the user only needs to execute simple modular exponentiation operation, and verifies the correctness of the outsourcing calculation result, and the generated plaintext is M=SE.Dec (H (key), C _SE.

The invention has the advantages and beneficial effects as follows:

compared with the prior art, the invention has the following four innovative points and beneficial effects:

(1) The attribute encryption scheme of the invention combines large attribute with outsourcing decryption, and the large attribute combines flexible linear access structure to enable fine granularity access control to be more accurate and diversified, and meanwhile, outsourcing decryption reduces the cost of expenditure of a user side, so that a system can be connected into more lightweight devices;

(2) In the traditional attribute encryption, the access structure can expose the attribute of the user, each attribute is divided into an attribute category and an attribute value, and only the sensitive attribute value is hidden, and the attribute name is sent together with the ciphertext, so that a person who acquires the ciphertext cannot acquire sensitive attribute information of the user, privacy leakage is prevented, and safety is enhanced;

(3) The invention realizes large attribute, conceals part of access structure, introduces outsourcing decryption module and encryption module to realize dynamic user authority revocation by adopting broadcast encryption mode. These characteristics allow the invention to adapt to more complex and diverse application scenarios;

(4) The method has good expansibility, high scheme efficiency and low cost, and the privacy protection of the user is further improved.

Drawings

FIG. 1 is a system model diagram of a preferred embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and specifically described below with reference to the drawings in the embodiments of the present invention. The described embodiments are only a few embodiments of the present invention.

The technical scheme for solving the technical problems is as follows:

referring to fig. 1, the embodiment of the present invention is as follows:

The system and the method for sharing the large-attribute data of the Internet of vehicles based on attribute encryption are characterized by comprising the following steps: six parts including system initialization, user key generation, package key generation, encryption, package decryption and user decryption;

The system initialization module is used for initializing the internet of vehicles system and the trusted mechanism;

the key generation module is used for registering the user in the system and generating a corresponding session key;

the outsourcing key generation module is used for generating a session key for a third party outsourcing service provider and is responsible for providing outsourcing decryption for the outsourcing service provider so as to reduce the communication and calculation cost of a user;

The encryption module is used for encrypting and converting data transmitted in the Internet of vehicles into ciphertext, and associating an identity set, an access structure, public parameters and plaintext to be encrypted of a user in the encryption process;

The outsource decryption module is used for enabling the outsource service provider to use outsource secret key decryption to enable complex ciphertext to be converted into simple conversion ciphertext;

The user decryption module is used for decrypting and converting ciphertext and obtaining encrypted plaintext by a user in the Internet of vehicles, and the user only needs to execute simple modular exponentiation operation and verify the correctness of an outsourcing calculation result.

1. In the initial case, the elements of the internet of vehicles system are initialized, and the trusted authority first selects a complex order bilinear group which takes the security parameter 1 ^λ as input and defines the output as (N, q ₁,q₂,q₃,q₄,G,G_T, e), where q ₁,q₂,q₃,q₄ is a different prime number, G and G _T are multiplicative cyclic groups and satisfy the order n=q ₁q₂q₃q₄, e being expressed as satisfying the bilinear map of g×g→g _T. Note that: g _T＝G_q1×G_q2×G_q3×G_q4, wherein G _q1,G_q2,G_q3,G_q4 are each a multiplication loop group of order q ₁,q₂,q₃,q₄.

The trusted authority selects three random numbers a, alpha, theta epsilon Z _N, wherein Z _N is expressed as an integer ring of order N, four random numbers G, h, u, v epsilon G _q1, one random number A ₃∈G_q3 and two random numbers Z, A ₄∈G_q4, and calculates a common parameter P= hZ, and the common parameter G _i is expressed asWhere i ε [1, m ]. U.m+2, 2m and m is the maximum number of users. The trusted authority uses the key derivation function F _kd and uses the public parameter l _F to represent the derived key length, and selects a one-way anti-collision hash function H: G ₁→{0,1}^t that maps a message or random value to an element. The trusted authority uses SE to represent a symmetric encryption scheme, and finally the trusted authority publishes the main public key/>And master key msk= { α, h, a ₃, θ }.

2. The trusted authority generates a corresponding key SK by using the master public key, the master key, the attribute set S of the user and the user identity id, wherein the attribute set S of the userS _i is denoted as the attribute value, and l _s is denoted as the size of the attribute set S. The trusted authority first selects a unique identity id for each user and selects a random number t e Z _N and three random numbers X, X', X _i∈G_q3. The trusted authority then outputs the user key/>Wherein key component parametersKey component parameter K '=g ^t X', key component parameter/>If the user's set of attributes satisfies the access policy, he may decrypt the ciphertext CT using the corresponding key SK to obtain the encrypted plaintext M.

3. The trusted institution inputs the user's key SK, selects a random number beta epsilon Z _N, and calculates the parameters of the blind key assemblyBlind key component parameter K _T′＝K′^1/β＝(g^tX′)^1/β and blind key component parameterFinally, the trusted authority will generate a blind key/>And sending the generated restoration key RK= (MPK, beta) to a third party outsourced service provider and sending the restoration key RK= (MPK, beta) to a user. Note that the blind key BK cannot decrypt the ciphertext but can convert the ciphertext encrypted by the vehicle into another ciphertext that is convenient for the data user to decrypt using the recovery key RK.

4. The vehicle runs an encryption algorithm and takes as input the master public key MPK, the plaintext M, the access policy a and the set of user IDs U e {1, …, M }. The sender user selects plaintext M ε G _T, accesses structure A ^* ε (A, ρ, Γ), where A is a matrix of l n, ρ is a mapping algorithm that maps each row A _x of A to an attribute name, andWhere Γ is the result set mapped by ρ in the access policy, result set parameter/>Represented as a specific value for each row map. The vehicle then selects a vector v= (s, λ ₂,λ₃,...,λ_n)∈Z_N for constructing a matrix equation, where s represents the secret value of the linear access structure, which is the key parameter of the decryption process, λ _i represents a random value, the vehicle selects a random value ω _x∈Z_N, two random values D _1,x,D_2,x∈G_q4, then calculates the encrypted intermediate parameter key=e (g ₁,g_m)^-s), then runs the key derivation function F _kd(key,l_F)＝k_s||k_d, where K _s and K _d are the parameters generated by the key derivation function F _kd and will serve as the subsequent encryption parameters, and finally calculates the symmetric key for symmetric encryption as K _SE =h (key). Then the sender user outputs ciphertext ct= (a ^*,C,C_SE,F,C₀,{C_1,x,C_2,x}_1≤x≤l) and uploads the ciphertext to the cloud server, where a ^*,C,C_SE,F,C₀,{C_1,x,C_2,x}_1≤x≤l is the ciphertext component parameter, in particular values as follows:

C₀＝g^s

C_SE＝SE.Enc(H(e(g₁,g_m)^-s),M)

F＝(g^θ∏_j∈Ug_m+1-j)^u

5. The outsource service provider can use the blind key BK to help the data consumer to calculate the pairing of most of the exponential operations and bilinear decryption phases, which inputs the master public key MPK, the ciphertext CT, the value added service provider attribute set U, and the blind key BK for the identity id. It first checks from a ^* whether there is a parameter set i= { i:ρ _(i) e a }, where I represents the minimum subset set {1, 2..i } that satisfies a ^*. Then check if there is a constant set Wherein the constant Δ _i should satisfy the expressionIf parameter set I or constant set/>If not, the decryption process is exited and ended, otherwise, the outsource service provider then calculates a transformed ciphertext component parameter T ₁,T₂,T₃, with the following specific values:

The outsource service provider gives the last generated conversion ciphertext CT' = (T ₁,T₂,T₃) to the value added service provider.

6. The value added service provider inputs the recovery key RK, the ciphertext CT and the conversion ciphertext CT'. If T ₃ +.c, directly terminate the algorithm, otherwise it calculates the decryption parameters key, K _s, and K _d ：key＝(T₁)β(T₂)＝e(g₁,g_m)^-s、F_dk(key,l_F)＝k_s||k_d. if T ₃ +.c, directly terminate the algorithm, otherwise calculate the symmetric key K _SE =h (key), and the value added service provider can calculate plaintext m=se.dec (H (key), C _SE) by symmetric encryption.

A system initialization step: initializing a vehicle networking system and a trusted mechanism, and generating common parameters as follows: And master key msk= { α, h, a ₃, θ };

a key generation step: generating a registration and a corresponding session key of a user in a system, wherein the generated user key is as follows:

and an outsourcing key generation step: generating a session key for a third party outsourcing service provider, which is responsible for providing outsourcing decryption for the outsourcing service provider, wherein the generated outsourcing key is Restoration key rk= (MPK, β);

Encryption: encrypting and converting data transmitted in the Internet of vehicles into ciphertext, wherein in the encryption process, the ciphertext is generated by associating an identity set, an access structure, public parameters and plaintext needing encryption of a user, wherein the generated ciphertext is CT= (A ^*,C,C_SE,F,C₀,{C_1,x,C_2,x}_1≤x≤l);

And (3) outsourcing decryption: the outsource service provider uses the outsource key decryption to convert the complex ciphertext into a simple conversion ciphertext, and the generated conversion ciphertext is CT' = (T ₁,T₂,T₃);

A user decrypting step: in the internet of vehicles, the user decrypts the conversion ciphertext and obtains the encrypted plaintext, the user only needs to execute simple modular exponentiation operation, and verifies the correctness of the outsourcing calculation result, and the generated plaintext is M=SE.Dec (H (key), C _SE.

The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. One typical implementation is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.

It is intended that the term "comprise," "comprising," or any other variation thereof, is intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.

The above examples should be understood as illustrative only and not limiting the scope of the invention. Various changes and modifications to the present invention may be made by one skilled in the art after reading the teachings herein, and such equivalent changes and modifications are intended to fall within the scope of the invention as defined in the appended claims.

Claims (2)

1. An internet of vehicles big attribute data sharing system based on attribute encryption, which is characterized by comprising: the system initialization module, the user key generation module, the outsource key generation module, the encryption module, the outsource decryption module and the user decryption module, wherein,

The system initialization module is used for initializing the Internet of vehicles system and the trusted mechanism;

The key generation module is used for registering the user in the system and generating a corresponding session key;

The outsourcing key generation module is used for generating a session key for a third party outsourcing service provider and is responsible for providing outsourcing decryption for the outsourcing service provider;

the encryption module is used for encrypting and converting data transmitted in the Internet of vehicles into ciphertext, and associating an identity set, an access structure, public parameters and plaintext to be encrypted of a user in the encryption process;

The outsource decryption module is used for enabling the outsource service provider to use outsource secret key decryption to enable complex ciphertext to be converted into simple conversion ciphertext;

The user decryption module is used for decrypting and converting ciphertext and acquiring encrypted plaintext by a user in the Internet of vehicles, and the user only needs to execute simple modular exponentiation operation and verify the correctness of an outsource calculation result;

The system initialization module is used for initializing the internet of vehicles system and the trusted mechanism, and specifically comprises the following steps:

The trusted authority selects a complex-order bilinear group that takes the security parameter 1 ^λ as input and defines the output as (N, q ₁,q₂,q₃,q₄,G,G_T, e), where q ₁,q₂,q₃,q₄ is a different prime number, G and G _T are multiplicative cyclic groups and the satisfying order n=q ₁q₂q₃q₄, e representing a bilinear map satisfying g×g→g _T; note that: g _T＝G_q1×G_q2×G_q3×G_q4, wherein G _q1,G_q2,G_q3,G_q4 are each a multiplication loop group of order q ₁,q₂,q₃,q₄;

The trusted authority selects three random numbers a, alpha, theta epsilon Z _N, wherein Z _N is expressed as an integer ring of order N, four random numbers G, h, u, v epsilon G _q1, one random number A ₃∈G_q3 and two random numbers Z, A ₄∈G_q4, and calculates a common parameter P= hZ, and the common parameter G _i is expressed as Wherein i is [1, m ]. U.S. (m+2, 2 m) and m is the maximum number of users; the trusted authority uses the key derivation function F _kd and uses the public parameter l _F to represent the derived key length, selecting a one-way anti-collision hash function H: g ₁→{0,1}^t, which can map a message or random value to an element; the trusted authority uses SE to represent a symmetric encryption scheme, and finally the trusted authority publishes the main public key/>And master key msk= { α, h, a ₃, θ };

The key generation module is used for registering vehicles and value-added service providers in the system and generating corresponding keys, and specifically comprises the following steps:

The trusted authority generates a corresponding key SK by using the master public key, the master key, the attribute set S of the user and the user identity id, wherein the attribute set S of the user S _i is denoted as attribute value, and l _s is denoted as the size of the attribute set S; the trusted authority firstly selects a unique identity id for each user and selects a random number t epsilon Z _N and three random numbers X, X', X _i∈G_q3; the trusted authority then outputs the user key/> Wherein key component parameters/>Key component parameter K '=g ^t X', key component parameter/>If the user's set of attributes satisfies the access policy, he may decrypt the ciphertext CT using the corresponding key SK to obtain the encrypted plaintext M;

The outsourcing key generating module is used for generating a session key for a third party outsourcing service provider and is responsible for providing outsourcing decryption for the outsourcing service provider, and specifically comprises the following steps:

The trusted institution inputs the user's key SK, selects a random number beta epsilon Z _N, and calculates the parameters of the blind key assembly Blind key component parameter K _T′＝K′^1/β＝(g^tX′)^1/β and blind key component parameterFinally, the trusted authority will generate a blind key/>Sending to a third party outsourcing service provider, generating a recovery key RK= (PMK, beta) and sending to a user; note that the blind key BK cannot decrypt the ciphertext but can convert the ciphertext encrypted by the vehicle into another ciphertext that is convenient for the data user to decrypt using the recovery key RK;

The encryption module is used for encrypting and converting data transmitted in the Internet of vehicles into ciphertext, and specifically comprises the following steps:

The vehicle runs an encryption algorithm and takes a main public key MPK, a plaintext M, an access strategy A and a user ID set U epsilon {1, …, M } as inputs; the sender user selects plaintext M ε G _T, accesses structure A ^* ε (A, ρ, Γ), where A is a matrix of l n, ρ is a mapping algorithm that maps each row A _x of A to an attribute name, and Where Γ is the result set mapped by ρ in the access policy, result set parameter/>Specific values represented as each row map; the vehicle then selects a vector v= (s, λ ₂,λ₃,...,λ_n)∈Z_N for constructing a matrix equation, where s represents the secret value of the linear access structure, is a key parameter of the decryption process, λ _i is represented as a random value; the vehicle selects a random value ω _x∈Z_N, two random values D _1,x,D_2,x∈G_q4, then calculates an encrypted intermediate parameter key=e (g ₁,g_m)^-s, then runs a key derivation function F _kd(key,I_F)＝k_s||k_d, where K _s and K _d are parameters generated by the key derivation function F _kd and will serve as subsequent encryption parameters, and finally calculates a symmetric key for symmetric encryption as K _SE =h (key), and then the sender user outputs ciphertext ct= (a ^*,C,C_SE,F,C₀,{C_1,x,C_2,x}_1≤x≤l) and uploads the ciphertext to the cloud server, where a ^*,C,C_SE,F,C₀,{C_1,x,C_2,x}_1≤x≤l is a ciphertext component parameter, in particular values as follows:

C₀＝g^s

C_SE＝SE.Enc(H(e(g₁,g_m)^-s)，M)

F＝(g^θ∏_j∈Ug_m+1-j)^u；

the outsource decryption module is used for enabling the outsource service provider to use outsource secret key decryption to enable complex ciphertext to be converted into simple conversion ciphertext, and specifically comprises the following steps:

The outsource service provider can use the blind key BK to help the data user calculate the pairing operation of most exponential operation and bilinear decryption stages, and inputs the main public key MPK, the ciphertext CT, the value added service provider attribute set U and the blind key BK of the identity id; it first checks from a ^* whether there is a parameter set i= { i:ρ _(i) e a }, where I represents the minimum subset set {1, 2..i } that satisfies a ^*; then check if there is a constant set Wherein the constant Δ _i should satisfy the expressionIf parameter set I or constant set/>If not, the decryption process is exited and ended, otherwise, the outsource service provider then calculates a transformed ciphertext component parameter T ₁,T₂,T₃, with the following specific values:

The outsourcing service provider gives the finally generated conversion ciphertext CT' = (T ₁,T₂,T₃) to the value added service provider;

the user decryption module is used for decrypting the conversion ciphertext and obtaining encrypted data by a user in the Internet of vehicles, and a value added service provider only needs to execute simple modular exponentiation operation and verify the correctness of an outsourcing calculation result, and specifically comprises the following steps:

The value added service provider inputs a restoration key RK, a ciphertext CT and a conversion ciphertext CT'; if T ₃ +.c, directly terminate the algorithm, otherwise it calculates the decryption parameters key, K _s, and K _d ：key＝(T₁)^β(T₂)＝e(g₁,g_m)^-s、F_dk(key,l_F)＝k_s||k_d; if T ₃ +.c, directly terminate the algorithm, otherwise calculate the symmetric key K _SE =h (key), and the value added service provider can calculate plaintext m=se.dec (H (key), C _SE) by symmetric encryption.

2. The internet of vehicles large attribute data sharing method based on the system of claim 1, which is characterized by comprising the following steps:

a system initialization step: initializing a vehicle networking system and a trusted mechanism, and generating common parameters as follows: And master key msk= { α, H, a ₃, θ };

a key generation step: generating a registration and a corresponding session key of a user in a system, wherein the generated user key is as follows:

and an outsourcing key generation step: generating a session key for a third party outsourcing service provider, which is responsible for providing outsourcing decryption for the outsourcing service provider, wherein the generated outsourcing key is Restoration key rk= (MPK, β);

encryption: encrypting and converting data transmitted in the Internet of vehicles into ciphertext, wherein in the encryption process, the ciphertext is generated by associating an identity set, an access structure, public parameters and plaintext needing encryption of a user, wherein the generated ciphertext is CT= (A ^*,C,C_SE,F,C₀,{C_1,x,C_2,x}_1≤x≤l);

And (3) outsourcing decryption: the outsource service provider uses the outsource key decryption to convert the complex ciphertext into a simple conversion ciphertext, and the generated conversion ciphertext is CT' = (T ₁,T₂,T₃);

A user decrypting step: in the internet of vehicles, the user decrypts the conversion ciphertext and obtains the encrypted plaintext, the user only needs to execute simple modular exponentiation operation, and verifies the correctness of the outsourcing calculation result, and the generated plaintext is M=SE.Dec (H (key), C _SE.