2019 年 6 月 Journal on Communications June 2019
2019150-1
第 40 卷第 6 期 通 信 学 报 Vol.40
No.6
可高效撤销的属性基加密方案
李学俊,张丹,李晖
(西安电子科技大学网络与信息安全学院,陕西 西安 710071)
摘 要:在现有的解决方案中,基于时间的方案难以实现即时撤销,基于第三方的方案往往需要重加密运算,计
算量大,不适用于海量密文数据。针对该问题,提出了一种高效的支持用户和属性级别的即时撤销方案,所提方
案基于经典的 LSSS 型访问结构的 CP-ABE,引入了 RSA 密钥管理机制和属性认证思想,借助半可信第三方,在
解密之前对用户进行属性认证。与现有的撤销方案对比,所提方案只需半可信第三方更新 RSA 属性认证密钥,
不需要用户更新密钥且不需要重加密密文,极大地减少了撤销带来的计算量和通信量,同时保证了抗串谋攻击和
前后向安全性。安全性分析和实验仿真证明,所提方案具有更高的撤销效率。
关键词:密文−策略属性基加密机制;属性撤销;RSA 密钥管理;多机构;计算开销小
中图分类号:TN918
文献标识码:A
doi: 10.11959/j.issn.1000−436x.2019150
Efficient revocable attribute-based encryption scheme
LI Xuejun, ZHANG Dan,LI Hui
School of Cyber Engineering, Xidian University, Xi’an 710071,China
Abstract: In the existing solutions, the time-based scheme is difficult to achieve immediate revocation, and the
third-party-based scheme often requires re-encryption, which needs large amount of calculation and doesn’t apply to mas-
sive data. To solve the problem, an efficient and immediate CP-ABE scheme was proposed to support user and attribute lev-
els revocation. The scheme was based on the classic LSSS access structure, introducing RSA key management mechanism
and attribute authentication. By means of a semi-trusted third party, the user could be authenticated before decryption. Com-
pared with the existing revocation schemes, The proposed scheme didn’t need the user to update the key or re-encrypt the
ciphertext. The semi-trusted third party wasn’t required to update the RSA attribute authentication key. The scheme greatly
reduced the amount of computation and traffic caused by revocation, while ensuring anti-collusion attacks and forward and
backward security. Finally, the security analysis and experimental simulation show that the scheme has higher revocation ef-
ficiency.
Key words: CP-ABE, attribute revocation, RSA key management, multi-authority, less computation
1 引言
随着社会与科技的发展,人们越来越多地希
望能跨平台、跨地理位置地访问或修改数据,对
外部数据云存储的需求前所未有的高涨。然而,
将具有不同敏感级别的数据,存储在外部云存储
服务器上,为人们带来便利好处的同时,也带来
了安全问题
[1]
。
首先,大量数据托管存储在第三方营运的大型
云端数据中心,而云端服务器并不完全可信,且数
据的敏感程度不同,因此需要使用属性基加密 ABE
(attribute-based encryption)方案加密数据,实现高
收稿日期:2019–03–22;修回日期:2019–05–02
基金项目:国家重点研发计划基金资助项目(No. 2018YFB0804701);国家自然科学基金资助项目(No.61572460)
Foundation Items: The National Key Research and Development Project of China(No. 2018YFB0804701), The National Natural
Science Foundation of China(No. 61572460)