常规模型的KP-ABE加密方案:恒定长度密文应对云数据共享挑战
106 浏览量
更新于2024-08-28
收藏 152KB PDF 举报
本文档探讨了一种关键策略属性基加密方案(Key-policy Attribute-based Encryption, KP-ABE),这是一种在信息安全领域具有重要意义的加密技术,尤其适用于解决在不信任云存储环境下进行安全、细粒度数据共享和分布式访问控制的问题。KP-ABE的核心特征在于,它允许加密文本(ciphertexts)根据一组属性进行标记,而私钥则是与控制用户解密权限的访问结构关联。这种灵活性使得系统能够在保护数据隐私的同时,实现精细的权限管理。
现有的大多数KP-ABE方案面临的一个主要问题是,随着嵌入到密文中的属性数量增加,密文的大小线性增长。这可能导致效率低下,特别是在处理大量或动态变化的属性时。为了克服这一问题,论文提出了一种新的关键策略属性基加密方案,其特点是具有常量大小的密文(Constant Size Ciphertext)。
该创新方案的主要贡献可能包括以下几个方面:
1. **优化密文结构**:通过精巧的设计,作者可能已经找到了一种方法,使得即使在包含大量属性的情况下,生成的密文也能保持固定长度,从而显著提高了存储和传输效率。
2. **高效加密算法**:为了实现常量大小的密文,可能会引入新的加密算法或者对现有算法进行了优化,确保在处理多个属性时不会导致性能瓶颈。
3. **访问控制的改进**:论文可能探讨了如何在保证安全性的前提下,简化或优化访问控制机制,使得基于属性的访问决策更加高效。
4. **理论基础**:论文可能会基于一般Diffie-Hellman指数假设(General Diffie-Hellman Exponent Assumption)或其他加密学原理,提供理论支撑来证明新方案的安全性和有效性。
5. **安全性分析**:文中可能详细讨论了新方案对抗各种攻击(如选择明文攻击、适应性选择密文攻击等)的能力,以及它如何满足现代密码学标准。
尽管文档的部分内容未提供,但可以推测,这项研究对于推动KP-ABE技术的实际应用和理论发展具有重要价值,特别是在处理大数据和云计算场景中,对于保证数据隐私和提高系统的可扩展性具有深远影响。阅读这篇论文将有助于深入理解如何在现代信息技术环境中实现更高效、安全的数据共享和访问控制。
A Key-policy Attribute-based Encryption Scheme with Constant Size Ciphertext
Chang-Ji WANG
School of Information Science and Technology
Sun Yat-sen University, Guangzhou 510275, China
Research Center of Software Technology for Information Service
South China Normal University, Guangzhou 501631, China
Email: isswchj@mail.sysu.edu.cn
Jian-Fa Luo
School of Information Science and Technology
Sun Yat-sen University, Guangzhou 510275, China
Email: timothylup@qq.com
Abstract—Attribute-based encryption (ABE) is a new cryp-
tographic primitive which provides a promising tool for ad-
dressing the problem of secure and fine-grained data sharing
and decentralized access control. Key-policy attribute-based
encryption (KP-ABE) is an important class of ABE, where ci-
phertexts are labeled with sets of attributes and private keys are
associated with access structures that control which ciphertexts
a user is able to decrypt. KP-ABE has important applications
in data sharing on untrusted cloud storage. However, the
ciphertext size grows linearly with the number of attributes
embedded in ciphertext in most existing KP-ABE schemes. In
this paper, we describe our work on designing a KP-ABE
scheme with constant size ciphertext for monotonic access
structures. The downside of the proposed KP-ABE scheme is
that private keys have multiple size growth in the number
of attributes in the access structure. The proposed KP-ABE
scheme is proved to be secure under the general Diffie-Hellman
exponent assumption.
Keywords-identity-based broadcast encryption; key-policy
attribute-based encryption; cloud computing; constant size
ciphertexts; general Diffie-Hellman exponent assumption.
I. INTRODUCTION
Cloud computing is a model for enabling ubiquitous,
convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers,
storage, applications, and services) that can be rapidly
provisioned and released with minimal management effort
or service provider interaction [1]. There are two main
categories of cloud infrastructure, public cloud and private
cloud. To take advantage of public clouds, data owners must
upload their data to commercial cloud service providers
which are usually considered to be semi-trusted, i.e., honest
but curious [2]. That means the cloud service providers will
try to find out as much secret information in the users’
outsourced data as possible, but they will honestly follow
the protocol in general.
Traditional access control techniques are based on the
assumption that the server is in the trusted domain of the data
owner and therefore an omniscient reference monitor can be
used to enforce access policies against authenticated users.
However, in the cloud computing paradigm this assumption
usually does not hold and therefore these solutions are not
applicable. Therefore, there is a need for a decentralized,
scalable and flexible way to control access to cloud data
without fully relying on the cloud service providers.
Given the above problems, it is important that data access
be protected by encryption. Roughly, encryption provides a
method of encoding data such that it can only be understood
with access to a proper decryption key. In traditional encryp-
tion systems, encrypted data is targeted for decryption by a
single known user. Unfortunately this functionality lacks the
expressiveness needed for more advanced data sharing.
To address these emerging needs, Sahai and Waters [3]
introduced the concept of attribute-based encryption (ABE).
Instead of encrypting to individual users, in ABE system,
one can embed an access policy into the ciphertext or
decryption key. Besides, ABE also has collusion-resistance
property, i.e., if multiple users collude, they should only be
able to decrypt a ciphertext if at least one of the users could
decrypt it on their own. Thus, data access is self-enforcing
from the cryptography, requiring no trusted mediator.
ABE can be viewed as an extension of the notion of
identity-based encryption (IBE) in which user identity is
generalized to a set of descriptive attributes instead of a
single string specifying the user identity. Compared with
IBE [4], ABE has significant advantage as it achieves
flexible one-to-many encryption instead of one-to-one, it is
envisioned as a promising tool for addressing the problem
of secure and fine-grained data sharing and decentralized
access control.
There are two types of ABE depending on which of
private keys or ciphertexts that access policies are associated
with.
In a key-policy attribute-based encryption (KP-ABE) sys-
tem, users’ keys are issued by the attribute authority captures
an access structure that specifies which type of ciphertexts
the key can decrypt, while ciphertexts are labeled by the
sender with a set of descriptive attributes. KP-ABE may be
suitable for structured organizations with rules about who
may read particular documents, but it is unable to specify
policies on a per-message basis. Other important applica-
tions include secure forensic analysis and pay-TV system
with package policy (called target broadcast). The first KP-
ABE construction was provided by Goyal et al. [5], which
2012 Eighth International Conference on Computational Intelligence and Security
978-0-7695-4896-8/12 $26.00 © 2012 IEEE
DOI 10.1109/CIS.2012.106
447
下载后可阅读完整内容,剩余4页未读,立即下载
2021-02-09 上传
2021-02-09 上传
2021-02-22 上传
2021-02-09 上传
2021-02-22 上传
2021-02-08 上传
2021-02-08 上传
2021-02-21 上传
2013-12-01 上传
weixin_38575421
- 粉丝: 6
- 资源: 918
我的内容管理
展开
最新资源
- 火炬连体网络在MNIST的2D嵌入实现示例
- Angular插件增强Application Insights JavaScript SDK功能
- 实时三维重建:InfiniTAM的ros驱动应用
- Spring与Mybatis整合的配置与实践
- Vozy前端技术测试深入体验与模板参考
- React应用实现语音转文字功能介绍
- PHPMailer-6.6.4: PHP邮件收发类库的详细介绍
- Felineboard:为猫主人设计的交互式仪表板
- PGRFileManager:功能强大的开源Ajax文件管理器
- Pytest-Html定制测试报告与源代码封装教程
- Angular开发与部署指南:从创建到测试
- BASIC-BINARY-IPC系统:进程间通信的非阻塞接口
- LTK3D: Common Lisp中的基础3D图形实现
- Timer-Counter-Lister:官方源代码及更新发布
- Galaxia REST API:面向地球问题的解决方案
- Node.js模块:随机动物实例教程与源码解析
