云计算多授权中心CP-ABE代理重加密方案

doi:10.11959/j.issn.2096-109x.2022033

Abstract

Abstract:

Proxy re-encryption allows a proxy to convert a ciphertext related to a certain access policy into another one with a different access policy without uncovering the underlying plaintext, which makes the proxy re-encryption technology to be an important technology for data sharing between users.However, the proxy re-encryption schemes are mostly based on single authority, which have some problems such as single power and performance bottleneck of the authority organization and high computing burden on user’s client.At the same time, most schemes do not have the five basic characteristics of proxy re-encryption: one-way encryption, non-interaction, repeatability, controllability and verifiability.In order to solve these problems, a CP-ABE proxy re-encryption scheme for cloud computing based on multi-authority with repeatability and controllability was proposed.Based on the ciphertext policy attribute encryption scheme, proxy servers of encryption and decryption were introduced to reduce the computing burden on the user’s client, and multi-attribute authorization were set to disperse the authority of the central authority.The proxy re-encryption was improved from multiple aspects.Random factors and ciphertext sub-item set in the re-encryption key can realize one-way encryption and controllability.The re-encryption key was independently generated by the client without the participation of servers, which can support users to share data when the data owner is not online.Encrypting the ciphertext sub-item set in the initial ciphertext many times can achieve repeatability.The verification sub-item set in the initial ciphertext allowed the user to verify whether the outsourcing and re-encryption results were correct.Compared with other schemes, the user’s client computing overhead of the proposed scheme was small, and the user can decrypt the original ciphertext only by performing constant times of exponential operation.Based on q-parallel BDHE assumption, the security analysis showed that the proposed scheme is secure against chosen-ciphertext attack (CCA) under the standard model.

Key words: repeatability, controllability, cloud computing, multi-authority, proxy re-encryption

CLC Number:

TP309

Shang LIU, Yinzhang GUO. Multi-authority based CP-ABE proxy re-encryption scheme for cloud computing[J]. Chinese Journal of Network and Information Security, 2022, 8(3): 176-188.

Figures/Tables 4

方案	加密	原始密文解密	重加密密钥	重加密密文解密
Liang^[5]	$(3 + 4 N_{p}) E_{G} + 2 E_{T}$	$\begin{array}{l} (2 + 3 N_{p}) E_{G} + (1 + N_{p}) E_{T} + \\ (7 + 3 N_{p}) B \end{array}$	$(6 + 4 N_{p} + N_{s}) E_{G} + 2 E_{T}$	$\begin{array}{l} 4 E_{G} + (3 + N_{p}) E_{T} + \\ (3 + 2 N_{p}) B \end{array}$
Liang^[15]	$(5 + 3 N_{p}) E_{G} + E_{T} + sig$	$\begin{array}{l} (1 + 2 N_{p}) E_{G} + N_{p} E_{T} + \\ (10 + 3 N_{p}) B + sig \end{array}$	$\begin{array}{l} (14 + 3 N_{p} + 2 N_{s}) E_{G} + \\ E_{T} + sig \end{array}$	$\begin{array}{l} (2 + 6 N_{p}) E_{G} + E_{T} + \\ (16 + 6 N_{p}) B + 2 sig \end{array}$
Luo^[23]	$(2 + 2 N_{p}) E_{G} + E_{T}$	$N_{p} E_{T} + (1 + 2 N_{p}) B$	$(4 + 2 N_{p}) E_{G} + E_{T}$	$(1 + N_{p}) E_{T} + (1 + 2 N_{p}) B$
Yang^[22]	$(2 + 2 N_{p}) E_{G} + E_{T}$	—	$(4 + 2 N_{p}) E_{G} + E_{T}$	$E_{T}$
Feng^[4]	$(7 + N_{p}) E_{G} + E_{T}$	$3 E_{T}$	$(10 + N_{P}) E_{G} + E_{T}$	$4 E_{T} + B$
Ge^[24]	$(4 + 2 N_{p}) E_{G} + E_{T}$	$(1 + 2 N) B$	$(5 + 3 N_{p}) E_{G} + E_{T}$	$(1 + 2 N) B + E_{G}$
本文方案	$(5 + 2 N_{p}) E_{G} + E_{T}$	$E_{G} + E_{T}$	$(8 + 2 N_{p}) E_{G} + E_{T}$	$2 E_{T} + E_{G} + B$

方案	私钥	原始密文	重加密密文
Liang^[5]	$(2 + N_{S}) \| G \|$	$(3 + 2 N_{p}) \| G \| + 2 k$	$(6 + 4 N_{p}) \| G \| + 4 k$
Liang^[15]	$(3 + N_{S}) \| G \|$	$(4 + 2 N_{p}) \| G \| + \| G_{T} \|+\|sig\|$	$(3 + 2 N_{p}) \| G \| + \| G_{T} \| + \| sig \| + \| sym\|$
Luo^[23]	$(2 + 3 N_{S}) \| G \|$	$(2 +2 N_{p}) \| G \| +\| G_{T} \|$	$(1 +2 N_{p}) \| G \| +2\| G_{T} \|+ N_{s} \| G \|$
Yang^[22]	$(2 +2 N_{s}) \| G \|$	$4 \| G \| +\| G_{T} \|$	$(1 + 2 N_{p}) \| G \| {+2\|G}_{T} \|$
Feng^[4]	$(4 +2 N_{s}) \| G \|$	$(5 +2 N_{p}) \| G \| + \| G_{T} \|$	$(7 +2 N_{p}) \| G \| + 3 \| G_{T} \|$
Ge^[24]	$(2 + N_{s}) \| G \|$	$(3 +2 N_{p}) \| G \|$	$(2 +2 N_{p}) \| G \| + 3 \| G_{T} \|$
本文方案	$(1 + N_{s}) \| G \|$	$(4 +2 N_{p}) \| G \|$	$(5 +2 N_{p}) \| G \| + \| G_{T} \|$

References 26

[1]	张玉清, 王晓菲, 刘雪峰 ,等. 云计算环境安全综述[J]. 软件学报, 2016,27(6): 1328-1348.
	ZHANG Y Q , WANG X F , LIU X F ,et al. Survey on cloud computing security[J]. Journal of Software, 2016,27(6): 1328-1348.
[2]	SUN P J . Privacy protection and data security in cloud computing:a survey,challenges and solutions[J]. IEEE Access, 2019,(99): 1.
[3]	BLAZE M . Divertible protocols and atomic proxy cryptography[J]. EUROCRYPT, 1998: 127-144.
[4]	王悦, 樊凯 . 隐藏访问策略的高效CP-ABE方案[J]. 计算机研究与发展, 2019,56(10): 2151-2159.
	WANG Y , FAN K . Effective CP-ABE with hidden access policy[J]. Journal of Computer Research and Development, 2019,56(10): 2151-2159.
[5]	冯朝胜, 罗王平, 秦志光 ,等. 支持多种特性的基于属性代理重加密方案[J]. 通信学报, 2019,40(6): 177-189.
	FENG CS , LUO W P , QIN Z G ,et al. Attribute-based proxy re-encryption scheme with multiple features[J]. Journal on Communications, 2019,40(6): 177-189.
[6]	LIANG K , FANG L , SUSILO W ,et al. A ciphertext-policy attribute-based proxy re-encryption with chosen-ciphertext security[C]// Proceedings of the 2013 5th International Conference on Intelligent Networking and Collaborative Systems, 2013.
[7]	沈剑, 周天祺, 曹珍富 . 云数据安全保护方法综述[J]. 计算机研究与发展, 2021,58(10): 2079-2098.
	SHEN J , ZHOU T Q , CAO Z F . Protection methods for cloud data security[J]. Journal of Computer Research and Development, 2021,58(10): 2079-2098.
[8]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]// Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP '07). 2007.
[9]	苏铓, 吴槟, 付安民 ,等. 基于代理重加密的云数据访问授权确定性更新方案[J]. 软件学报, 2020,31(5): 1563-1572.
	SU M , WU B , FU A M ,et al. Assured update scheme of authorization for could data access based on proxy re-encryption[J]. Journal of Software, 2020,31(5): 1563-1572.
[10]	牛淑芬, 陈俐霞, 刘文科 ,等. 电子邮件系统中支持关键字搜索的代理重加密方案[J]. 计算机工程, 2020,46(6): 136-143.
	NIU S F , CHEN L X , LIU W K ,et al. Proxy re-encryption scheme supporting keyword search in email system[J]. Computer Engineering, 2020,46(6): 136-143.
[11]	牛淑芬, 刘文科, 陈俐霞 ,等. 基于联盟链的可搜索加密电子病历数据共享方案[J]. 通信学报, 2020,41(8): 204-214.
	NIU S F , LIU W K , CHEN L X ,et al. Electronic medical record data sharing scheme based on searchable encryption via consortium blockchain[J]. Journal on Communications, 2020,41(8): 204-214.
[12]	FUGKEAW S . A lightweight policy update scheme for outsourced personal health records sharing[J]. IEEE Access, 2021,9: 54862-54871.
[13]	LUO F , AL-KUWARI S , WANG F ,et al. Attribute-based proxy re-encryption from standard lattices[J]. Theoretical Computer Science, 2021,865: 52-62.
[14]	江明明, 郭宇燕, 余磊 ,等. 有效的标准模型下格上基于身份的代理重加密[J]. 电子与信息学报, 2019,41(1): 61-66.
	JIANG M M , GUO Y Y , YU L ,et al. Efficient identity-based proxy re-encryption on lattice in the standard model[J]. Journal of Electronics ＆ Information Technology, 2019,41(1): 61-66.
[15]	LIANG X H C Z F , LIN H , ET AL . Attribute based proxy re-encryption with delegating capabilities[C]// Proceedings of the ACM Symposium on Information,Computer and Communications Security. 2009.
[16]	LIANG K , AU M H , LIU J K ,et al. A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing[J]. Future Generation Computer Systems, 2015,52: 95-108.
[17]	KAWAI Y , . Outsourcing the re-encryption key generation:flexible ciphertext-policy attribute-based proxy re-encryption[C]// Information Security Practice and Experience. 2015: 301-315.
[18]	GE C , SUSILO W , FANG L ,et al. A CCA-secure key-policy attribute-based proxy re-encryption in the adaptive corruption model for dropbox data sharing system[J]. Designs Codes ＆ Cryptography, 2018.
[19]	CHASE M , . Multi-authority attribute based encryption[C]// Proceedings of the Lecture Notes in Computer Science. 2007.
[20]	CHEN D , WAN L , WANG C ,et al. A Multi-authority attributebased encryption scheme with pre-decryption[Z]. Seventh International Symposium on Parallel Architectures,Algorithms and Programming (PAAP). 2015: 223-228.
[21]	关志涛, 杨亭亭, 徐茹枝 ,等. 面向云存储的基于属性加密的多授权中心访问控制方案[J]. 通信学报, 2015,36(6): 120-130.
	GUAN Z T , YANG T T , XU R Z ,et al. Multi-authority attribute-based encryption access control model for cloud storage[J]. Journal on Communications, 2015,36(6): 120-130.
[22]	仲红, 崔杰, 朱文龙 ,等. 高效且可验证的多授权机构属性基加密方案[J]. 软件学报, 2018,29(7): 2006-2017.
	ZHONG H , CUI J , ZHU W L ,et al. Efficient and verifiable multi-authority attribute based encryption scheme[J]. Journal of Software, 2018,29(7): 2006-2017.
[23]	杨小东, 杨苗苗, 刘婷婷 ,等. 基于多授权中心属性基加密的多域云访问控制方案[J]. 计算机工程与科学, 2018,40(7): 1192-1198.
	YANG X D , YANG M M , LIU T T ,et al. A multi-domain access control scheme based on multi-authority attribute encryption for cloud storage[J]. Computer Engineering ＆Science, 2018,40(7): 1192-1198.
[24]	罗恩韬, 王国军, 陈淑红 ,等. 移动社交网络中跨域代理重加密朋友发现隐私保护方案研究[J]. 通信学报, 2017,38(10): 81-93.
	LUO E T , WANG G J ,, CHEN S H , et al . Privacy preserving friend discovery cross domain scheme using re-encryption in mobile social networks[J]. Journal on Communications, 2017,38(10): 81-93.
[25]	GE C , SUSILO W , BAEK J ,et al. A verifiable and fair attribute-based proxy re-encryption scheme for data sharing in clouds[J]. IEEE Transactions on Dependable and Secure Computing, 2021:1.
[26]	GUO H , ZHANG Z , XU J ,et al. Accountable proxy re-encryption for secure data sharing[J]. IEEE Transactions on Dependable and Secure Computing, 2021,18(1): 145-159.

Metrics

Recommended 0

No Suggested Reading articles found!

方案	私钥	原始密文	重加密密文
Liang^[5]	$(2 + N_{S}) \| G \|$	$(3 + 2 N_{p}) \| G \| + 2 k$	$(6 + 4 N_{p}) \| G \| + 4 k$
Liang^[15]	$(3 + N_{S}) \| G \|$	$(4 + 2 N_{p}) \| G \| + \| G_{T} \|+\|sig\|$	$(3 + 2 N_{p}) \| G \| + \| G_{T} \| + \| sig \| + \| sym\|$
Luo^[23]	$(2 + 3 N_{S}) \| G \|$	$(2 +2 N_{p}) \| G \| +\| G_{T} \|$	$(1 +2 N_{p}) \| G \| +2\| G_{T} \|+ N_{s} \| G \|$
Yang^[22]	$(2 +2 N_{s}) \| G \|$	$4 \| G \| +\| G_{T} \|$	$(1 + 2 N_{p}) \| G \| {+2\|G}_{T} \|$
Feng^[4]	$(4 +2 N_{s}) \| G \|$	$(5 +2 N_{p}) \| G \| + \| G_{T} \|$	$(7 +2 N_{p}) \| G \| + 3 \| G_{T} \|$
Ge^[24]	$(2 + N_{s}) \| G \|$	$(3 +2 N_{p}) \| G \|$	$(2 +2 N_{p}) \| G \| + 3 \| G_{T} \|$
本文方案	$(1 + N_{s}) \| G \|$	$(4 +2 N_{p}) \| G \|$	$(5 +2 N_{p}) \| G \| + \| G_{T} \|$

Multi-authority based CP-ABE proxy re-encryption scheme for cloud computing

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 4

References 26

Related Articles 15

Metrics

Recommended 0

[1]	Lingshu LI, Jiangxing WU, Wei ZENG, Wenyan LIU. Strategy of container migration and honeypot deployment based on signal game in cloud environment [J]. Chinese Journal of Network and Information Security, 2022, 8(3): 87-96.
[2]	Yi ZHANG, Liqin TIAN, Zenan WU, Wenxing WU. Trust evaluation optimization mechanism for cloud user behavior based on FANP [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 175-182.
[3]	Ying WU,Xuan LI,Biao JIN,Rongrong JIN. Survey on the privacy-preserving content based image retrieval [J]. Chinese Journal of Network and Information Security, 2019, 5(4): 14-28.
[4]	Ying LI, Chunguang MA. Overview of searchable encryption research [J]. Chinese Journal of Network and Information Security, 2018, 4(7): 13-21.
[5]	Mengyang YU,Hui LIN,Youliang TIAN. New cross-layer reputation mechanism for mobile cloud computing [J]. Chinese Journal of Network and Information Security, 2018, 4(3): 51-58.
[6]	Yuanhao WANG,Hongbo LI,Yuzhao CUI,Qingwen GUO,Qiong HUANG. Survey on public key encryption with equality test [J]. Chinese Journal of Network and Information Security, 2018, 4(11): 13-22.
[7]	Jianbiao ZHANG,Yuanxi ZHU,Jun HU,Xiao WANG. Scheme of virtual machine trusted migration in cloud environment [J]. Chinese Journal of Network and Information Security, 2018, 4(1): 6-14.
[8]	Weifeng LI,Weizhong QIANG,Weiming LI,Deqing ZOU. Research on forensics of privacy violations in cloud environment [J]. Chinese Journal of Network and Information Security, 2018, 4(1): 26-35.
[9]	Yuan-zhao GAO,Xue-juan LI,Bing-long LI,Xi-xi WU. Cloud computing forensic model [J]. Chinese Journal of Network and Information Security, 2017, 3(9): 13-23.
[10]	Xing-lan ZHANG,Xiang LIU. Secure efficient and verifiable large linear equations solve outsourcing computing scheme [J]. Chinese Journal of Network and Information Security, 2017, 3(6): 1-7.
[11]	De-yu YUAN,Xiao-juan WANG,Jian-chao WAN. Influence of Internet plus on cyberspace security and the technology development trend in Internet plus era [J]. Chinese Journal of Network and Information Security, 2017, 3(5): 1-9.
[12]	Jiang-yong SHI,Yue-xiang YANG,Wen-hua LI,Sen WANG. Research on SDN-based cloud security application [J]. Chinese Journal of Network and Information Security, 2017, 3(5): 10-25.
[13]	Fei CHEN,Xiao-hong BI,Jing-jing WANG,Yuan LIU. Survey of DDoS defense:challenges and directions [J]. Chinese Journal of Network and Information Security, 2017, 3(10): 16-24.
[14]	Guang SUN,Xiao-ping FAN,Wang-dong JIANG,Hang-jun ZHOU,Sheng-zong LIU,Chun-hong GONG,Jing ZHU. Software watermarking scheme with cloud computing constraints [J]. Chinese Journal of Network and Information Security, 2016, 2(9): 12-21.
[15]	Wei HAO,Xu-an WANG,Xiao-yuan YANG,Li-qiang WU. Asymmetric proxy re-encryption system achievable for office user to securely sharing outsourcing data of mobile terminal [J]. Chinese Journal of Network and Information Security, 2016, 2(9): 49-56.