支持多种特性的基于属性代理重加密方案

doi:10.11959/j.issn.1000-436x.2019127

通信学报 ›› 2019, Vol. 40 ›› Issue (6): 177-189.doi: 10.11959/j.issn.1000-436x.2019127

支持多种特性的基于属性代理重加密方案

冯朝胜^1,²,罗王平¹,秦志光²,袁丁¹,邹莉萍¹

¹ 四川师范大学计算机科学学院，四川成都 610101
² 电子科技大学网络与数据安全四川省重点实验室，四川成都 610054

修回日期:2019-05-19 出版日期:2019-06-25 发布日期:2019-07-04
作者简介:冯朝胜（1971- ），男，四川广元人，博士，四川师范大学教授、硕士生导师，主要研究方向为云计算、隐私保护、数据安全。|罗王平（1993- ），男，四川广安人，四川师范大学硕士生，主要研究方向为云计算与大数据安全。|秦志光（1956- ），男，四川荣昌人，博士，电子科技大学教授、博士生导师，主要研究方向为信息安全、分布式计算。|袁丁（1967- ），男，四川宜宾人，四川师范大学教授、硕士生导师，主要研究方向为密码学、信息安全。|邹莉萍（1994- ），女，四川乐山人，四川师范大学硕士生，主要研究方向为云计算与大数据安全。
基金资助:
国家科技支撑计划基金资助项目(2014BAH11F02);国家自然科学基金资助项目(61373163);网络与数据安全四川省重点实验室课题基金资助项目(NDS2019-1);川师研[2018]3号-38

Attribute-based proxy re-encryption scheme with multiple features

FENG Chaosheng^1,²,LUO Wangping¹,QIN Zhiguang²,YUAN Ding¹,ZOU Liping¹

¹ School of Computer Science,Sichuan Normal University,Chengdu 610101,China
² Network and Data Security Key Laboratory of Sichuan Province,University of Electronic Science and Technology of China,Chengdu 610054,China

Revised:2019-05-19 Online:2019-06-25 Published:2019-07-04
Supported by:
The National Key Technology R ＆ D Program of the Ministry of Science and Technology of China(2014BAH11F02);The National Natural Science Foundation of China(61373163);Project of Network and Data Security Key Laboratory of Sichuan Province(NDS2019-1);The Postgraduate Excellent Paper Cultivation Foundation of Sichuan Normal University

摘要/Abstract

摘要：

一个理想的代理重加密方案通常具有单向性、非交互性、可重复性、可控性和可验证性，然而目前的方案普遍只满足其中的2个或3个，在一定程度上降低了实用性。为此，提出了一种支持5种特性的密文策略基于属性代理重加密（CP-ABPRE）方案。在所提方案中，云代理服务器只能利用重加密密钥重加密委托者指定的密文，抵御了满足重加密共享策略的用户与代理之间的共谋攻击；将多数加解密工作外包给云服务器，减轻了用户客户端的计算负担。安全分析表明，所提方案能抵御针对性选择明文攻击。

关键词: 基于属性加密, 代理重加密, 外包加密, 外包解密, 选择明文安全

Abstract:

A ideal proxy re-encryption scheme has five features,such as one-way encryption,non-interaction,repeatability,controllability and verifiability.The existing schemes,however,have only two or three of the five features,which reduces the utility of them to some extent.For this,a new ciphertext-policy attribute-based proxy re-encryption (CP-ABPRE) scheme with the above five features was proposed.In the proposed scheme,the cloud proxy server could only re-encrypt the ciphertext specified by the delegator by using the re-encryption key,and resist the collusion attack between the user and the proxy satisfying the re-encryption sharing policy.Most of encryption and decryption were outsourced to cloud servers so that it reduced the computing burden on the user’s client.The security analysis show that the proposed scheme resists the selective chosen plaintext attack (SCPA).

Key words: attribute-based encryption, proxy re-encryption, outsourcing encryption, outsourcing decryption, chosen plaintext security

中图分类号:

TP309

冯朝胜,罗王平,秦志光,袁丁,邹莉萍. 支持多种特性的基于属性代理重加密方案[J]. 通信学报, 2019, 40(6): 177-189.

FENG Chaosheng,LUO Wangping,QIN Zhiguang,YUAN Ding,ZOU Liping. Attribute-based proxy re-encryption scheme with multiple features[J]. Journal on Communications, 2019, 40(6): 177-189.

图/表 8

表1

图1

表2

表3

图2

图3

图4

图5

参考文献 33

[1]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]// The 2007 IEEE Symposium on Security and Privacy. IEEE, 2007: 321-334.
[2]	冯朝胜, 秦志光, 袁丁 . 云数据安全存储技术[J]. 计算机学报, 2015,38(1): 150-163.
	FENG C S , QIN Z G , YUAN D . Techniques of secure storage for cloud data[J]. Chinese Journal of Computers, 2015,38(1): 150-163.
[3]	冯朝胜, 秦志光, 袁丁 ,等. 云计算环境下访问控制关键技术[J]. 电子学报, 2015,43(2): 312-319.
	FENG C S , QIN Z G , YUAN D ,et al. Key techniques of access control for cloud computing[J]. Acta Electronica Sinica, 2015,43(2): 312-319.
[4]	ATENIESE G , FU K , GREEN M ,et al. Improved proxy re-encryption schemes with applications to secure distributed storage[J]. ACM Transactions on Information and System Security, 2006,9(1): 1-30.
[5]	GREEN M , ATENIESE G . Identity-based proxy re-encryption[C]// The 5th International Conference on Applied Cryptography and Network Security. Springer, 2007: 288-306.
[6]	THORBEK R , . Linear integer secret sharing and distributed exponentiation[C]// The 9th International Conference on Theory and Practice of Public-Key Cryptography. Springer, 2006: 75-90.
[7]	BEIMEL A . Secure schemes for secret sharing and key distribution[D]. Haifa:Israel Institute of Technology, 1996.
[8]	KARCHMER M , WIGDERSON A . On span programs[C]// The Eighth Annual Structure in Complexity Theory. IEEE, 1993: 102-111.
[9]	WATERS B , . Ciphertext-policy attribute-based encryption:an expressive,efficient,and provably secure realization[C]// The 14th International Conference on Practice and Theory in Public Key Cryptography Conference on Public Key Cryptography. Springer, 2011: 53-70.
[10]	BALU A , KUPPUSAMY K . An expressive and provably secure ciphertext-policy attribute-based encryption[J]. Information Sciences, 2014,276(4): 354-362.
[11]	CANETTI R , HALEVI S , KATZ J . Chosen-ciphertext security from identity- based encryption[C]// The Advances in Cryptology Eurocrypt. Springer, 2004: 207-222.
[12]	LING C , NEWPORT C . Provably secure ciphertext policy abe[C]// The 14th ACM Conference on Computer and Communications Security. ACM, 2007: 456-465.
[13]	ZHAO J , FENG D G , ZHANG Z F . Attribute-based conditional proxy re-encryption with chosen-ciphertext security[C]// The Global Telecommunications Conference. IEEE, 2010: 1-6.
[14]	LIANG X H , CAO Z F , LIN H ,et al. Attribute based proxy re-encryption with delegating capabilities[C]// The 4th International Symposium on Information,Computer,and Communications Security. ACM, 2009: 276-286.
[15]	LIANG K T , FANG L M , WONG D S ,et al. A ciphertext-policy attribute-based proxy re-encryption with chosen-ciphertext security[C]// The 5th International Conference on Intelligent Networking and Collaborative Systems. IEEE, 2013: 552-559.
[16]	LIANG K T , AU M H , LIU J K ,et al. A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing[J]. Future Generation Computers Systems, 2015,52(C): 95-108.
[17]	LUO S , HU J B , CHEN Z . Ciphertext policy attribute-based proxy re-encryption[J]. Information ＆ Communications Security, 2010,6476(4): 401-415.
[18]	LI J J , LIU Z H , ZU L H . Chosen-ciphertext secure multi-use unidirectional attribute-based proxy re-encryptions[C]// The Ninth Asia Joint Conference on Information Security. IEEE, 2015: 96-103.
[19]	LUAN I , TANG Q , HARTEL P ,et al. Efficient and provable secure ciphertext-policy attribute-based encryption schemes[C]// The 5th International Conference on Information Security Practice and Experience. Springer, 2009: 1-12.
[20]	KAWAI Y , . Outsourcing the re-encryption key generation:flexible ciphertext-policy attribute-based proxy re-encryption[C]// The Information Security Practice and Experience. Springer, 2015: 301-315.
[21]	FU X B . Unidirectional proxy re-encryption for access structure transformation in attribute-based encryption schemes[J]. International Journal of Network Security, 2015,17(2): 142-149.
[22]	ZHANG Y H , LI J , CHEN X F ,et al. Anonymous attribute-based proxy re-encryption for access control in cloud computing[J]. Security＆ Communication Networks, 2016,9(14): 2397-2411.
[23]	YIN H J , ZHANG L Y . Security analysis and improvement of an anonymous attribute-based proxy re-encryption[C]// The International Conference on Security,Privacy and Anonymity in Computation,Communication and Storage. Springer, 2017: 344-352.
[24]	SEPEHRI M , TROMBETTA A . Secure and efficient data sharing with attribute-based proxy re-encryption scheme[C]// The 12th International Conference on Availability,Reliability and Security. ACM, 2017: 1-63.
[25]	MA H , ZHANG R , WAN Z G ,et al. Verifiable and exculpable outsourced attribute-based encryption for access control in cloud computing[J]. IEEE Transactions on Dependable ＆ Secure Computing, 2017,14(4): 679-692.
[26]	XIONG H , SUN J F . Comments on “verifiable and exculpable outsourced attribute-based encryption for access control in cloud computing”[J]. IEEE Transactions on Dependable ＆ Secure Computing, 2017,14(4): 461-462.
[27]	FENG X Y , LI C , LI D ,et al. Fully secure hidden ciphertext policyattribute-based proxy re-encryption[C]// The International Conference on Information and Communications Security. Springer, 2017: 192-204.
[28]	GE C , SUSILO W , FANG L ,et al. A cca-secure key-policy attribute-based proxy re-encryption in the adaptive corruption model for dropbox data sharing system[J]. Designs Codes ＆ Cryptography, 2018(1): 1-17.
[29]	YANG Y J , ZHU H Y , LU H B ,et al. Cloud based data sharing with fine-grained proxy re-encryption[J]. Pervasive and Mobile Computing, 2016,28(C): 122-134.
[30]	XU P , CHEN H W , ZOU D Q ,et al. Fine-grained and heterogeneous proxy re-encryption for secure cloud storage[J]. Chinese Science Bulletin, 2014,59(32): 4201-4209.
[31]	HUANG Q L , MA Z F , YANG Y X ,et al. Improving security and efficiency for encrypted data sharing in online social networks[J]. China Communications, 2014,11(3): 104-117.
[32]	BENALOH J , LEICHTER J . Generalized secret sharing and monotone functions[C]// Advances in Cryptology. Springer, 1990: 27-35.
[33]	GREEN M , HOHENBERGER S , WATERS B . Outsourcing the decryption of ABE ciphertexts[C]// The 20th Usenix Conference on Security. USENIX Association, 2011:34.

方案	访问结构	单向性	非交互性	可重复性	可控性	可验证性	安全性
文献[14]方案	AND门	√	√	√	×	×	sCPA
文献[15]方案	LSSS	√	√	×	×	×	sCCA
文献[16]方案	LSSS	√	√	×	×	×	CCA
文献[17]方案	AND门	√	√	√	√	×	sCPA
文献[18]方案	访问树	√	√	√	√	×	sCCA
文献[20]方案	LSSS	√	√	×	×	×	CPA
文献[21]方案	BLSS^[32]	√	√	√	×	×	CPA
文献[22]方案	AND门	√	√	√	√	×	sCPA
文献[23]方案	AND门	√	√	√	√	×	sCPA
文献[24]方案	AND门	√	√	√	×	×	sCPA
本文方案	LISS	√	√	√	√	√	sCPA

方案	加密	生成重加密密钥	原始密文解密	重加密密文解密
文献[1]方案	(1+4N_P)E_G+E_T	—	(2N_P-2)E_T+(1+2N_P)B	—
文献[14]方案	(2+N)E_G+E_T	(3+3N)E_G+E_T	(1+N)B	E_G+(2+N)B
文献[15]方案	(3+4N_P)E_G+2E_T	(6+4N_P+N_S)E_G+2E_T	(2+3N_P)E_G+(1+N_P)E_T+(7+3N_P)B	4E_G+(3+N_P)E_T+(3+2N_P)B
文献[16]方案	(5+3 N_P)E_G+E_T+\|OTS\|	(14+3 N_P+2 N_S)E_G+E_T+\|OTS\|	(1+2 N_P)E_G+N_PE_T+(10+3 N_P)B+\|OTS\|	(2+6 N_P)E_G+1 E_T+(16+6 N_P)B+2\|OTS\|+\|SYM\|
文献[17]方案	(2+N)E_G+E_T	(4+N)E_G+E_T	(1+2N)B	E_T+(2+2N)B
文献[18]方案	(4+N_P)E_G+E_T	(8+2N_P+N_S)E_G+3E_T	E_G+(5+N_P)B	2E_G+(8+N_P)B
文献[21]方案	(1+N_P)E_G+E_T	(4+N_P)E_G+E_T	(1+N_P)B	E_G+(2+N_P)B
文献[22]方案	(3+3N)E_G+2E_T	(6+3N)E_G+2E_T	(3+3N)B	E_T+(4+3N)B
文献[23]方案	(6+4N)E_G+2E_T	(8+4N)E_G+2E_T	(6+3N)B	E_T+(7+3N)B
文献[24]方案	(2+12 N)E_G+E_T	(2+25 N)E_G+E_T	(2+4N)B	(3+4N)B
本文方案	(7+N_P)E_G+E_T	(10+N_P)E_G+E_T	3E_T	4E_T+B

方案	私钥	原始密文	重加密密文
文献[1]方案	(1+2N_S)\|G\|	\|G_T\|+(1+2N_P)\|G\|	—
文献[14]方案	(1+2N)\|G\|	\|G_T\|+(2+N)\|G\|	3\|G_T\|+(3+N)\|G\|
文献[15]方案	(2+N_S)\|G\|	2k+(3+2N_P)\|G\|	4k+(6+4N_P)\|G\|
文献[16]方案	(3+N_S)\|G\|	\|G_T\|+(4+2N_P)\|G\|+\|σ\|	\|G_T\|+(3+2N_P)\|G\|+\|σ\|+\|SYM\|
文献[17]方案	(1+4N)\|G\|	\|G_T\|+(2+N)\|G\|	3\|G_T\|+(3+N)\|G\|
文献[18]方案	(1+N_S)\|G\|	\|G_T\|+(3+N_P)\|G\|	4\|G_T\|+(7+2N_P)\|G\|
文献[21]方案	(1+N_S)\|G\|	\|G_T\|+(1+N_P)\|G\|	2\|G_T\|+(2+N_P)\|G\|
文献[22]方案	(4+4N)\|G\|	2\|G_T\|+(3+3N)\|G\|	4\|G_T\|+(4+3N)\|G\|
文献[23]方案	(7+3N)\|G\|	2\|G_T\|+(5+3N)\|G\|	4\|G_T\|+(6+3N)\|G\|
文献[24]方案	(2+4N)\|G\|	\|G_T\|+(2+12N)\|G\|	3\|G_T\|+(4+12 N)\|G\|
本文方案	(4+2N_S)\|G\|	\|G_T\|+(5+2N_P)\|G\|	3\|G_T\|+(7+2N_P)\|G\|

支持多种特性的基于属性代理重加密方案

Attribute-based proxy re-encryption scheme with multiple features

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 33

相关文章 15

Metrics

推荐阅读 0

[1]	李瑞琪, 贾春福, 王雅飞. 基于NTRU的多密钥同态代理重加密方案及其应用[J]. 通信学报, 2021, 42(3): 11-22.
[2]	杨小东, 席婉婷, 王嘉琪, 陈艾佳, 王彩芬. 基于签密和区块链的车联网电子证据共享方案[J]. 通信学报, 2021, 42(12): 236-246.
[3]	牛淑芬,刘文科,陈俐霞,王彩芬,杜小妮. 基于联盟链的可搜索加密电子病历数据共享方案[J]. 通信学报, 2020, 41(8): 204-214.
[4]	李颖莹,马建峰,苗银宾. 基于边缘计算的支持多密钥的加密图像检索[J]. 通信学报, 2020, 41(4): 14-26.
[5]	丁晟,曹进,李晖. 基于OBDD访问结构的无配对CP-ABE方案[J]. 通信学报, 2019, 40(12): 1-8.
[6]	苏铓,俞研,吴槟,付安民. 面向代理重加密算法的程序设计语言研究[J]. 通信学报, 2018, 39(6): 89-97.
[7]	苏铓,史国振,付安民,俞研,金伟. 基于代理重加密的云端多要素访问控制方案[J]. 通信学报, 2018, 39(2): 96-104.
[8]	柳欣,徐秋亮,张斌,张波. 基于直接匿名证明的k次属性认证方案[J]. 通信学报, 2018, 39(12): 113-133.
[9]	张恩,裴瑶瑶,杜蛟. 基于RLWE的密文策略属性代理重加密[J]. 通信学报, 2018, 39(11): 129-137.
[10]	李菊雁,马春光,赵乾. 格上可重新拆分的门限多代理者的代理重加密方案[J]. 通信学报, 2017, 38(5): 157-164.
[11]	郑永辉,康元基,顾纯祥,董辉. 环上基于属性的全同态加密体制设计[J]. 通信学报, 2017, 38(4): 55-63.
[12]	罗恩韬,王国军,陈淑红,PINIALKhan-butt. 移动社交网络中跨域代理重加密朋友发现隐私保护方案研究[J]. 通信学报, 2017, 38(10): 81-93.
[13]	孙泽栋,祝跃飞,顾纯祥,郑永辉. 基于RLWE的密钥策略属性加密体制[J]. 通信学报, 2016, 37(Z1): 125-131.
[14]	马海英,曾国荪,陈建平,王金华,王占君. 适应性安全的可追踪叛徒的基于属性加密方案[J]. 通信学报, 2016, 37(1): 76-87.
[15]	郭威,周学广,瞿成勤,罗芳,纪祥君. 基于CP-ABE的编队跨域通信方案研究[J]. 通信学报, 2015, 36(Z1): 250-258.