格上基于OBDD访问结构的抗密钥滥用属性加密方案

doi:10.11959/j.issn.1000-436x.2023019

摘要/Abstract

摘要：

为了解决属性加密中的密钥安全问题，基于环上误差学习（RLWE）和有序二元决策图（OBDD）访问结构提出了一种抗密钥滥用的密文策略属性加密方案。首先，构造了2个不同的机构来共同生成用户的私钥，降低了机构泄露密钥的风险；其次，在每个私钥中嵌入了用户的特定信息，实现了密钥的可追踪性，并通过维护白名单避免了非法用户和恶意用户的访问。另外，所提方案采用有序二元决策图的访问结构，在支持属性与、或、门限操作的基础上增加了属性的正负值。分析表明，所提方案满足抗合谋攻击和选择明文攻击下的不可区分性安全，降低了存储和计算开销，和其他方案相比更具有实用性。

关键词: 属性加密, 抗密钥委托滥用, 可追踪性, 访问结构

Abstract:

In order to solve the key security problem in attribute-based encryption, a ciphertext policy attribute-based encryption scheme against key abuse was proposed based on the ring learning with error over ring and the access structure of ordered binary decision diagram.Firstly, two different institutions were constructed to jointly generate the user’s secret key, which reduced the risk of key disclosure by institutions.Secondly, the user’s specific information was embedded in each secret key to realize the traceability of the key, and the access of illegal users and malicious users were avoided by maintaining the white list.In addition, the access structure of ordered binary decision diagram was adopted by the proposed scheme, and the positive and negative values of attributes on the basis of supporting attribute AND, OR and Threshold operation were increased.Analysis shows that the proposed scheme meets the distinguishable security of anti-collusion attack and chosen-plaintext attack, reduces the storage and computing overhead, and it is more practical than other schemes.

Key words: attribute-based encryption, key-delegation abuse resistance, traceability, access structure

中图分类号:

TP309

韩益亮, 郭凯阳, 吴日铭, 刘凯. 格上基于OBDD访问结构的抗密钥滥用属性加密方案[J]. 通信学报, 2023, 44(1): 75-88.

Yiliang HAN, Kaiyang GUO, Riming WU, Kai LIU. Attribute-based encryption scheme against key abuse based on OBDD access structure from lattice[J]. Journal on Communications, 2023, 44(1): 75-88.

图/表 14

图1

图2

图3

表1

表2

表3

图4

图5

表4

图6

图7

图8

图9

图10

参考文献 26

[1]	SAHAI A , WATERS B . Fuzzy identity-based encryption[C]// Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2005: 457-473.
[2]	GOYAL V , PANDEY O , SAHAI A ,et al. Attribute-based encryption for fine-grained access control of encrypted data[C]// Proceedings of the 13th ACM Conference on Computer and Communications Security. New York:ACM Press, 2006: 89-98.
[3]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]// Proceedings of IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2007: 321-334.
[4]	WATERS B , . Ciphertext-policy attribute-based encryption:an expressive,efficient,and provably secure realization[C]// Proceedings of International Workshop on Public Key Cryptography. Berlin:Springer, 2011: 53-70.
[5]	IBRAIMI L , PETKOVIC M , NIKOVA S ,et al. Mediated ciphertext-policy attribute-based encryption and its application[C]// Proceedings of International Workshop on Information Security Applications. Berlin:Springer, 2009: 309-323.
[6]	LI L , GU T L , CHANG L ,et al. A ciphertext-policy attribute-based encryption based on an ordered binary decision diagram[J]. IEEE Access, 2017,5: 1137-1145.
[7]	孙京宇, 朱家玉, 田自强 ,等. 基于椭圆曲线加密且支持撤销的属性基加密方案[J]. 计算机应用, 2022,42(7): 2094-2103.
	SUN J Y , ZHU J Y , TIAN Z Q ,et al. Attribute based encryption scheme based on elliptic curve cryptography and supporting revocation[J]. Journal of Computer Applications, 2022,42(7): 2094-2103.
[8]	汪倩倩, 欧毓毅 . 可追踪且可撤销的基于 OBDD 访问结构的CP-ABE方案[J]. 计算机应用研究, 2021,38(4): 1185-1189.
	WANG Q Q , OU Y Y . Traceable and revocable CP-ABE scheme OBDD-based access structure[J]. Application Research of Computers, 2021,38(4): 1185-1189.
[9]	HINEK M J , JIANG S , SAFAVI-NAINI R ,et al. Attribute based encryption with key cloning protection[R]. 2008.
[10]	LI J , REN K , KIM K . A2BE:accountable attribute-based encryption for abuse free access control[R]. 2009.
[11]	LIU Z , CAO Z F , WONG D S . Blackbox traceable CP-ABE:how to catch people leaking their keys by selling decryption devices on ebay[C]// Proceedings of the 2013 ACM SIGSAC Conference on Computer ＆ communications Security. New York:ACM Press, 2013: 475-486.
[12]	LIU Z , CAO Z F , WONG D S . Traceable CP-ABE:how to trace decryption devices found in the wild[J]. IEEE Transactions on Information Forensics and Security, 2015,10(1): 55-68.
[13]	LIU Z , CAO Z F , WONG D S . White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures[J]. IEEE Transactions on Information Forensics and Security, 2013,8(1): 76-88.
[14]	赵志远, 朱智强, 王建华 ,等. 云存储环境下无密钥托管可撤销属性基加密方案研究[J]. 电子与信息学报, 2018,40(1): 1-10.
	ZHAO Z Y , ZHU Z Q , WANG J H ,et al. Revocable attribute-based encryption with escrow-free in cloud storage[J]. Journal of Electronics＆ Information Technology, 2018,40(1): 1-10.
[15]	闫玺玺, 何旭, 刘涛 ,等. 抗密钥委托滥用的可追踪属性基加密方案[J]. 通信学报, 2020,41(4): 150-161.
	YAN X X , HE X , LIU T ,et al. Traceable attribute-based encryption scheme with key-delegation abuse resistance[J]. Journal on Communications, 2020,41(4): 150-161.
[16]	AGRAWAL S , BOYEN X , VAIKUNTANATHAN V ,et al. Functional encryption for threshold functions (or fuzzy IBE) from lattices[C]// Proceedings of International Workshop on Public Key Cryptography. Berlin:Springer, 2012: 280-297.
[17]	BOYEN X . Attribute-based functional encryption on lattices[M]. Berlin: Springer, 2013.
[18]	WANG Y T . Lattice ciphertext policy attribute-based encryption in the standard model[J]. International Journal of Network Security, 2014,16(6): 444-451.
[19]	SOO F T , SAMSUDIN A . Lattice ciphertext-policy attribute-based encryption from ring-LWE[C]// Proceedings of International Symposium on Technology Management and Emerging Technologies (ISTMET). Piscataway:IEEE Press, 2015: 258-262.
[20]	于金霞, 杨超超, 杨丽伟 ,等. 理想格上支持访问树的属性基加密方案[J]. 重庆邮电大学学报(自然科学版), 2019,31(1): 113-119.
	YU J X , YANG C C , YANG L W ,et al. Attribute-based encryption scheme supporting tree access structure on ideal lattices[J]. Journal of Chongqing University of Posts and Telecommunications (Natural Science Edition), 2019,31(1): 113-119.
[21]	于金霞, 杨超超, 张棋超 ,等. 外包环境下格上可撤销的属性基加密方案[J]. 计算机科学与探索, 2020,14(2): 244-251.
	YU J X , YANG C C , ZHANG Q C ,et al. Revocable ciphertext-policy attribute-based encryption in data outsourcing systems from lattices[J]. Journal of Frontiers of Computer Science and Technology, 2020,14(2): 244-251.
[22]	闫玺玺, 刘媛, 李子臣 ,等. 理想格上支持隐私保护的属性基加密方案[J]. 通信学报, 2018,39(3): 128-135.
	YAN X X , LIU Y , LI Z C ,et al. Privacy-preserving attribute-based encryption scheme on ideal lattices[J]. Journal on Communications, 2018,39(3): 128-135.
[23]	郭凯阳, 韩益亮, 吴日铭 . 基于RLWE的可撤销分层属性加密方案[J]. 信息技术与网络安全, 2021,40(8): 9-16.
	GUO K Y , HAN Y L , WU R M . Revocable hierarchical attribute-based encryption scheme from RLWE[J]. Information Technology and Network Security, 2021,40(8): 9-16.
[24]	王想, 陈燕俐 . 基于以太坊的格上属性基可搜索加密方案[J]. 重庆邮电大学学报(自然科学版), 2021,33(4): 675-682.
	WANG X , CHEN Y L . Attribute-based searchable encryption scheme from lattices on Ethereum[J]. Journal of Chongqing University of Posts and Telecommunications (Natural Science Edition), 2021,33(4): 675-682.
[25]	闫玺玺, 刘媛, 李子臣 ,等. 利用LWE问题构造的多机构属性基加密方案[J]. 西安电子科技大学学报, 2018,45(4): 129-136.
	YAN X X , LIU Y , LI Z C ,et al. Multi-authority attribute-based encryption scheme from LWE problem[J]. Journal of Xidian University, 2018,45(4): 129-136.
[26]	唐慧, 汪学明 . 基于格的多授权密文属性加密方案[J]. 计算机应用研究, 2022,39(2): 563-566,571.
	TANG H , WANG X M . Multi-authority ciphertext-policy attributed-based encryption scheme from lattice[J]. Application Research of Computers, 2022,39(2): 563-566,571.

符号	意义
N	系统属性数量
A_u	用户属性数量
A_c	策略中的属性数量
m ₁、m₂	陷门参数
V	有效路径数量
l	系统中属性机构数量

对比方案	访问结构	困难问题	可追踪性	抗密钥委托	撤销机制	抗量子威胁
文献[8]方案	OBDD	DBDH	√	—	属性级	—
文献[14]方案	LSSS	q-BDHE	—	√	用户/属性级	—
文献[15]方案	与门	DBDH	√	√	—	—
本文方案	OBDD	RLWE	√	√	用户级	√

方案	系统公钥长度	系统私钥长度	用户私钥长度	密文长度
方案1^[25]	n(km₁+1)log q	lm₁2 log q	m₁ A_u log q	(m₁ A_c+1)log q
方案2^[22]	n(2N+2)logq	n(4N+1)logq	n(A_u+1)log q	n(A_c+1)log q
方案3^[26]	n(m₂+1)logq	m ²2 log q	2 m ₂ A_u log q	(2 m ₂ A_c+1)log q
本文方案	n(2N+2)logq	2nlog q	3n log q	n(V+1)logq

方案	加密开销	解密开销
方案1	(m₁ n A_c+m₁)mul	l(m₁+1)A_d mul+mod
方案2	(3 n A_c+2 n)mul	(2 n A_d+n)mul+mod
方案3	(2 m ₂ n A_c+n)mul	(2 m ₂+1)A_d mul+mod
本文方案	(4 nV+n)mul	2nmul+mod