高效可证明安全的基于属性的在线/离线加密机制

doi:10.3969/j.issn.1000-436x.2014.07.013

通信学报 ›› 2014, Vol. 35 ›› Issue (7): 104-112.doi: 10.3969/j.issn.1000-436x.2014.07.013

高效可证明安全的基于属性的在线/离线加密机制

马海英^1,²,曾国荪¹,王占君³,王伟¹

¹ 同济大学计算机科学与技术系，上海 201804
² 南通大学计算机科学与技术学院，江苏南通 226019
³ 南通大学理学院，江苏南通 226007

出版日期:2014-07-25 发布日期:2017-06-24
基金资助:
国家高技术研究发展计划(“863”计划)基金资助项目;国家自然科学基金资助项目;国家自然科学基金资助项目;国家自然科学基金资助项目;国家自然科学基金资助项目;国家自然科学基金资助项目;国家自然科学基金资助项目;国家自然科学基金资助项目;NSFC-微软亚洲研究院联合基金资助项目;上海市优秀学科带头人计划基金资助项目;国家教育部博士点基金资助项目;教育部网络时代科技论文快速共享专项研究课题基金资助项目;上海自然科学基金资助项目;南通市科技计划基金资助项目;南通市科技计划基金资助项目;南通市科技计划基金资助项目;江苏省高校自然科学研究基金资助项目;江苏省高校自然科学研究基金资助项目

Efficient and provably secure attribute-based online/offline encryption schemes

Hai-ying MA^1,²,Guo-sun ZENG¹,GZhan-jun WAN³,Wei WANG¹

¹ Department of Computer Science and Technology, Tongji University, Shanghai 201804, China
² College of Computer Science and Technology, Nantong University, Nantong 226019, China
³ School of Science, Nantong University, Nantong 226007, China

Online:2014-07-25 Published:2017-06-24
Supported by:
The National High Technology Research and Development Program of China(863 Program);The National Natural Science Foundation of China;The National Natural Science Foundation of China;The National Natural Science Foundation of China;The National Natural Science Foundation of China;The National Natural Science Foundation of China;The National Natural Science Foundation of China;The National Natural Science Foundation of China;The Joint of NSFC and Microsoft Asia Research;The Program of Shanghai Subject Chief Scientist;The Ph.D. Programs Foundation of Ministry of Education of China;The Special Fund for Fast Sharing of Science Paper in Net Era by CSTD;Shanghai Natural Science Foundation Program;The Science and Tech-nology Project of Nantong;The Science and Tech-nology Project of Nantong;The Science and Tech-nology Project of Nantong;The Natural Science Foundation of the Jiangsu Higher Education Institutions of China;The Natural Science Foundation of the Jiangsu Higher Education Institutions of China

摘要/Abstract

摘要：

为了提高加密的效率，将在线/离线密码技术引入到ABE中，提出了基于属性的在线/离线加密(ABOOE)机制。ABOOE将加密过程非平凡地分解成离线和在线2个阶段，离线阶段在不知明文和所需属性集合的前提下，对复杂计算进行预处理；在线阶段获知消息和属性集合后，仅需少量简单计算即可生成密文。首先构建出一个CPA安全的ABOOE方案。为了提高ABOOE的安全性，提出基于属性的在线/离线密钥封装机制(ABOOKEM)和一个相应方案，并构造出一种将单向性ABOOKEM转化成CCA安全ABOOE的通用性方法。该方法在不增加计算量的前提下有效提高了ABOOE的安全性。与知名ABE方案相比，所提出的ABOOE极大地提高了ABE中加密的效率，特别适用于计算能力高度受限的终端设备。

关键词: 基于属性加密, 在线/离线, 密钥封装, 轻量级设备, 可证明安全

Abstract:

To improve the encryption efficiency, the online/offline cryptography was extended to ABE and the primitive of attribute-based online/offline encryption (ABOOE) was proposed. The ABOOE non-trivially splited the encryption process into two phases: the offline phase first executed most of heavy computations prior to knowing the message and the attributes' set; and then the online phase only performed light computations to produce the ciphertext once the attrib-utes' set and the message get available. An ABOOE scheme was first constructed with the CPA security. To enhance its security, the primitive of attribute-based online/offline KEM (ABOOKEM) was also introduced and a concrete ABOOKEM scheme was given, and then a generic transformation was proposed to get security against chosen-ciphertext attack (CCA) for ABOOE from any ABOOKEM with one-wayness. This transformation greatly improved the security for ABOOE without increasing the amount of computation. Compared with the famous ABE schemes, the proposed schemes improved the encryption efficiency and get suitable for power-constrained devices.

Key words: attribute-based encryption, online/offline, key encapsulation, lightweight devices, provable security

马海英,曾国荪,王占君,王伟. 高效可证明安全的基于属性的在线/离线加密机制[J]. 通信学报, 2014, 35(7): 104-112.

Hai-ying MA,Guo-sun ZENG,GZhan-jun WAN,Wei WANG. Efficient and provably secure attribute-based online/offline encryption schemes[J]. Journal on Communications, 2014, 35(7): 104-112.

图/表 1

参考文献 24

[1]	SAHAI A , WATERS B . Fuzzy identity based encryption[A]. Proc of the EUROCRYPT[C]. Aarhus, Denmark, 2005. 457-473.
[2]	GOYAL V , PANDEY O , SAHAI A , et al. Attribute-based encryption for fine-grained access control of encrypted data[A]. Proc of the 13th ACM Conference on Computer and Communication Security[C]. Alexandria, Virginia, USA, 2006. 89-98.
[3]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attrib-ute-based encryption[A]. Proc of the 2007 IEEE Symposium on Secu-rity and Privacy[C]. Oakland, California, USA, 2007. 321-334.
[4]	ATTRAPADUNG N , IMAI H . Dual-Policy attribute based encryp-tion[A]. Applied Cryptography and Network Security[C]. Paris, France, 2009. 168-185.
[5]	CHEUNG L , NEWPORT C . Provably secure ciphertext policy ABE[A]. Computer and Communications Security[C]. New York, USA, 2007. 456-465.
[6]	OKAMOTO T , SAHAI A , WATERS B . Attribute-based encryption with non-monotonic access structures[A]. Proc of the 14th ACM Con-ference on Computer and Communication Security[C]. New York, USA, 2007. 195-203.
[7]	王鹏翩，冯登国，张立武 . 一种支持完全细粒度属性撤销的CP-ABE方案[J]. 软件学报， 2012,23(10):2805-2816. WANG P P , FENG D G , ZHANG L W . CP-ABE scheme supporting fully fine-grained attribute revocation[J]. Chinese Journal of Software, 2012,23(10):2805-2816.
[8]	ATTRAPADUNG N , IMAI H , Conjunctive broadcast and attrib-ute-based encryption[A]. Proc of the Pairing-Based Cyptography-Pairing 2009[C]. Palo Alto,USA, 2009. 248-265.
[9]	马海英，曾国荪 . 可追踪并撤销叛徒的属性基加密方案[J]. 计算机学报， 2012,35(9):1845-1855. MA H Y , ZENG G S . An attribute-based encryption scheme for traitor tracing and revocation together[J]. Chinese Journal of Computers, 2012,35(9):1845-1855.
[10]	WANG Y T , CHEN K F , CHEN J H . Attribute-based traitor tracing[J]. Journal of Information Science and Engineering, 2011,27(1):181-195.
[11]	YU S C , REN K , LOU W J , LI J . Defending against key abuse attacks in KP-ABE enabled broadcast system[A]. Pro of the Security and Pri-vacy in Communication Networks[C]. Athens, Greece, 2009. 311-329.
[12]	LI J , REN K , ZHU B , et al. Privacy-aware attribute-based encryp-tion with user accountability[J]. Information Security, 2009,5735:347-362.
[13]	WANG Y T , CHEN K F , LONG Y . Toward accountable authority attrib-ute-based encryption[J]. High Technology Letters, 2013,19(1):82-87.
[14]	BOZOVIC V , SOCEK D , STEINWANDT R , et al. Multi-authority attribute based encryption with honest-but-curious central authority[J]. International Journal of Computer mathematics, 2012,89(1/3):268-283.
[15]	LEWKO A , WATERS B . Decentralizing attribute-based encryp-tion[EB/OL]. , http://eprint.iacr.org/2010/351, 2010.
[16]	LIN H , CAO Z F , LIANG X H , et al. Secure threshold multi-authority attribute based encryption without a central authorit[J]. Progress in Cryptology INDOCRYPT, 2008,5365:426-436.
[17]	YU S S , REN K , LOU W J . FDAC: toward fine-grained distributed data access control in wireless sensor networks[A]. IEEE INFOCOM 2009[C]. Rio de Janeiro, Brazil, 2009. 963-971.
[18]	洪澄，张敏，冯登国 . 面向云存储的高效动态密文访问控制方法[J]. 通信学报， 2011,32(7):125-132. HONG C , ZHANG M , FENG D G . Achieving efficient dynamic cryp-tographic access control in cloud storage[J]. Chinese Journal of Com-munications, 2011,32(7):125-132.
[19]	HUR J . Fine-grained data access control for distributed sensor net-works[J]. Wireless Network, 2011,17(4):1235-1249.
[20]	祁正华，杨庚，任勋益，王卉 . 基于ABE-IBS的无线传感网签名加密一体化方法[J]. 通信学报， 2010,31(4):37-44. QI Z H , YANG G , REN X Y , et al. ABE-IBS based signature- encryp-tion method for WSN[J]. Journal on Communications, 2010,31(4):37-44.
[21]	EVEN S , GOLDREICH O , MACALI S . Online/offline digital signa-tures[A]. Proc of Advances in Cryptology[C]. Santa Barbara, Califor-nia, USA, 1989. 263-275.
[22]	GUO F C , MU Y , CHEN Z D . Identity-based online/offline encryp-tion[A]. Proc of Financial Cryptography and Data Security 2008[C]. Cozumel, Mexico, 2008. 247-261.
[23]	CHOW S SM , LIU J K , ZHOU J Y . Identity-based online/offline key encapsulation and encryption[A]. Proc of ASIACCS'11[C]. Hong Kong, China, 2011. 52-60.
[24]	SAKAI R , KASAHARA M . ID based cryptosystems with pairing on elliptic curve[EB/OL]. , http://eprint.iacr.org/2003/54, 2003.

方案	加密或在线加密	解密	密文长度	安全性
Fuzzy IBE^[1]	(\|ω\|+1)E+M	dE+dM+dP	\|ω\|\|G\|+\| G_T\|	标准模型 IND-SS-CPA
KP-ABE^[2]	(\|ω\|+1)E+M	\|ω\|P+2\|S\|E+(\|S\|+1)M	\|ω\|\|G\|+\|G_T\|	标准模型 IND-SS-CPA
ABOOE-Ⅰ	\|ω\|m_c	(2\|S\|?1)M+\|S\|P +\|S\|E	\|Z_p\|+\|ω\|(2\|G\|+\|Z_p\|)	随机模型 IND-SS-CPA
ABOOE-Ⅱ	\|ω\|m_c	(2\|S\|?1)M+\|S\|P+\|S\|E	2\|Z_p\|+\|ω\|(2\|G\|+\|Z_p\|)	随机模型 IND-SS-CCA

高效可证明安全的基于属性的在线/离线加密机制

Efficient and provably secure attribute-based online/offline encryption schemes

在线阅读

PDF下载

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 1

参考文献 24

相关文章 15

Metrics

推荐阅读 0

[1]	王子园, 杜瑞忠. 边缘环境下基于无证书公钥密码的数据完整性审计方案[J]. 通信学报, 2022, 43(7): 62-72.
[2]	廉欢欢, 侯慧莹, 赵运磊. 后量子基于验证元的三方口令认证密钥交换协议[J]. 通信学报, 2022, 43(4): 95-106.
[3]	尹安琪, 郭渊博, 汪定, 曲彤洲, 陈琳. 可证明安全的抗量子两服务器口令认证密钥交换协议[J]. 通信学报, 2022, 43(3): 14-29.
[4]	郭渊博, 尹安琪. 基于格的口令认证密钥交换协议综述[J]. 通信学报, 2022, 43(12): 172-187.
[5]	刘镇,韩益亮,杨晓元,柳曙光. 基于RLWE的可证明安全无陷门签密方案[J]. 通信学报, 2020, 41(6): 14-25.
[6]	彭长根, 张小玉, 丁红发, 杨善慧. 基于Cocks身份密码体制的高效签密方案[J]. 通信学报, 2020, 41(12): 128-138.
[7]	田有亮,李秋贤,张铎,王琳杰. 可证明安全的理性委托计算协议[J]. 通信学报, 2019, 40(7): 135-143.
[8]	冯朝胜,罗王平,秦志光,袁丁,邹莉萍. 支持多种特性的基于属性代理重加密方案[J]. 通信学报, 2019, 40(6): 177-189.
[9]	丁晟,曹进,李晖. 基于OBDD访问结构的无配对CP-ABE方案[J]. 通信学报, 2019, 40(12): 1-8.
[10]	王彩芬,陈丽. 基于格的用户匿名三方口令认证密钥协商协议[J]. 通信学报, 2018, 39(2): 21-30.
[11]	郑永辉,康元基,顾纯祥,董辉. 环上基于属性的全同态加密体制设计[J]. 通信学报, 2017, 38(4): 55-63.
[12]	孙泽栋,祝跃飞,顾纯祥,郑永辉. 基于RLWE的密钥策略属性加密体制[J]. 通信学报, 2016, 37(Z1): 125-131.
[13]	李昊星,李凤华,宋承根,阎亚龙. 支持身份认证的数据持有性证明方案[J]. 通信学报, 2016, 37(10): 117-127.
[14]	马海英,曾国荪,陈建平,王金华,王占君. 适应性安全的可追踪叛徒的基于属性加密方案[J]. 通信学报, 2016, 37(1): 76-87.
[15]	张宇，杜瑞颖，陈晶，侯健，周庆，王文武. 对一个基于身份签密方案的分析与改[J]. 通信学报, 2015, 36(11): 174-179.