支持用户撤销的属性认证密钥协商协议

通信学报

支持用户撤销的属性认证密钥协商协议

李强，冯登国，张立武

中国科学院软件研究所可信计算与信息保障实验室，北京 100190

出版日期:2014-05-25 发布日期:2014-05-15
基金资助:
国家重点基础研究发展计划(“973”计划)基金资助项目(2013CB338003)；国家高技术研究发展计划(“863”计划)基金资助项目(2012AA01A403)；国家自然科学基金资助项目(91118006)

Attribute-based authenticated key agreement protocol supporting revocation

Online:2014-05-25 Published:2014-05-15

摘要/Abstract

摘要： 用户撤销是基于属性的认证密钥协商(ABAKA, attribute-based authenticated key agreement)协议在实际应用中所必需解决的问题。通过将Waters的基于属性的加密方案和Boneh-Gentry-Waters的广播加密方案相结合，提出了一个支持用户撤销的ABAKA协议。该协议能够实现对用户的即时撤销且不需要密钥权威对所有未被撤销的用户私钥进行定期更新。相比于现有的协议，该协议具有较高的通信效率，并能够在标准模型和修改的ABCK模型下可证安全，具有弱的完美前向安全性，并能够抵抗密钥泄露伪装攻击。

Abstract: Revocation is a crucial issue for the practical use of attribute-based authenticated key agreement (ABAKA) protocols. A new ABAKA protocol supporting revocation was proposed. The protocol based on Waters’ ciphertext-policy attribute-based encryption and Boneh-Gentry-Waters’ broadcast encryption was constructed. In the protocol, revocation can be done immediately without affecting any non-revoked users and does not require users to update keys periodically by interacting with the key authority. Compared with the existing ABAKA protocols, the protocol is more efficient in communication complexity. The protocol is provably secure in the standard model and modified ABCK model. The protocol can also provide weak perfect forward secrecy and key compromise impersonation resilience.

李强，冯登国，张立武. 支持用户撤销的属性认证密钥协商协议[J]. 通信学报.