通信学报 ›› 2018, Vol. 39 ›› Issue (12): 113-133.doi: 10.11959/j.issn.1000-436x.2018279

• 学术论文 • 上一篇    下一篇

基于直接匿名证明的k次属性认证方案

柳欣1,2(),徐秋亮3,张斌1,2,张波4   

  1. 1 山东青年政治学院信息工程学院,山东 济南 250103
    2 山东省高校信息安全与智能控制重点实验室(山东青年政治学院),山东 济南 250103
    3 山东大学软件学院,山东 济南 250101
    4 济南大学信息科学与工程学院,山东 济南 250022
  • 修回日期:2018-09-10 出版日期:2018-12-01 发布日期:2019-01-21
  • 作者简介:柳欣(1978?),男,山东广饶人,博士,山东青年政治学院副教授,主要研究方向为密码学与信息安全。|徐秋亮(1960?),男,山东淄博人,山东大学教授、博士生导师,主要研究方向为密码学与信息安全。|张斌(1975?),男,山东济南人,博士,山东青年政治学院讲师,主要研究方向为密码学与信息安全。|张波(1981?),男,山东德州人,博士,济南大学讲师,主要研究方向为密码学与信息安全。
  • 基金资助:
    国家自然科学基金资助项目(No.61173139);山东省自然科学基金资助项目(No.ZR2015FL023);山东省自然科学基金资助项目(No.ZR2014FL011);山东省自然科学基金资助项目(No.ZR2015FL022);山东省高等学校科学技术计划基金资助项目(No.J17KA081);山东省高等学校科学技术计划基金资助项目(No.J15LN16);山东省高等学校科学技术计划基金资助项目(No.J13LN23);山东青年政治学院博士科研启动经费资助项目(No.14A007)

k-times attribute-based authentication scheme using direct anonymous attestation

Xin LIU1,2(),Qiuliang XU3,Bin ZHANG1,2,Bo ZHANG4   

  1. 1 School of Information Engineering, Shandong Youth University of Political Science, Ji'nan 250013, China
    2 Key Laboratory of Information Security and Intelligent Control in Universities of Shandong (Shandong Youth University of Political Science), Ji'nan 250103, China
    3 Software College, Shandong University, Ji'nan 250101, China
    4 School of Information Science and Engineering, University of Ji'nan, Ji'nan 250022, China
  • Revised:2018-09-10 Online:2018-12-01 Published:2019-01-21
  • Supported by:
    The National Natural Science Foundation of China(No.61173139);Shandong Provincial Natural Science Foundation(No.ZR2015FL023);Shandong Provincial Natural Science Foundation(No.ZR2014FL011);The Project of Shandong Province Higher Educational Science and Technology Program(No.ZR2015FL022);Shandong Provincial Natural Science Foundation(No.J17KA081);Shandong Provincial Natural Science Foundation(No.J15LN16);Shandong Provincial Natural Science Foundation(No.J13LN23);The Doctoral Research Start-up Funding Project of Shandong Youth University of Political Science(No.14A007)

摘要:

当前,已有k次属性认证(简称k-TABA)方案以及相关属性认证方案的主要缺点是认证子协议的运算复杂度依赖于属性认证策略的规模,而且并未考虑成员废除和属性更新问题。基于直接匿名证明、集合成员身份证明和密文策略属性加密技术构造了新的k-TABA方案。为了进一步优化用户端运算效率,首先对底层属性加密方案进行修改,然后利用Green等的密钥绑定技术对解密过程进行外包。该方案不但可部署于可信平台,而且支持可表述性认证策略。此外,该方案满足多个理想性质,诸如注册过程可验证性、成员废除和属性更新等。该方案最显著的性能优势是用户在认证阶段的运算开销为常数。

关键词: 属性认证, 直接匿名证明, 密文策略属性加密, 线性秘密分享, 外包解密

Abstract:

s: At present, the main drawbacks of existing k-times attribute-based authentication (abbreviated to k-TABA) schemes and related attribute-based authentication schemes are that the computation cost of the authentication process depends on the size of the access formula and none of these schemes considers the problems of member revocation and attribute update. A new k-TABA scheme was constructed based on the building blocks of direct anonymous attestation, set membership proof and ciphertext-policy attribute-based encryption. Moreover, in order to reduce user's calculation as much as possible, the underlying attribute-based encryption scheme was modified, and then the main decryption operations were outsourced by using the key binding technique of Green et al. The new scheme can be deployed on a trusted platform and support expressive authentication policies. In addition, it also satisfies several ideal properties, such as registration process verifiability, member revocation, attribute update, and so on. The significant performance advantage of the new scheme is that the computation overhead of the user in the authentication phase is constant.

Key words: attribute-based authentication, direct anonymous attestation, ciphertext-policy attribute-based encryption, linear secret sharing, outsourced decryption

中图分类号: 

No Suggested Reading articles found!