访问策略隐匿的可追责层次属性加密方案

在传统的属性加密方案中，用户可能会共享私钥给具有相同属性集的多个用户而不怕被追责；此外，访问策略包含的信息可能会泄露用户隐私。针对这2个问题，提出一种可追责的隐匿策略的层次化属性加密方案。该方案在合数阶双线性群下基于访问树进行构造，具有灵活的表达能力，在访问策略中插入合数阶子群的随机元素实现策略隐匿；将用户标识加入私钥运算中，实现对泄露信息的违规用户的可追责；使用层次授权体系，降低单权威授权的计算负荷，提高了整体安全性和效率。实验结果和效率对比分析表明，该方案在加解密计算开销方面具备优势，且支持访问策略的隐匿和对违规用户的追责，大大提高了方案的安全性。

A traceable hierarchical attribute-basedencryption scheme with hidden access policy

In traditional attribute-based encryption schemes, users may share the private key to multiple users with the same attribute without fear of being blamed. In addition, the information contained in the access policy may disclose the user's privacy. To solve these problems, this paper proposes a traceable hierarchical attribute-based encryption scheme with hidden access policy. The scheme is constructed based on the access tree under the combined order bilinear group, and has flexible expression ability. The random elements of the combined order subgroup are inserted into the access policy to realize the policy concealment. The user ID is added into the private key operation to realize the traceability of the illegal users. The hierarchical authorization system is used to reduce the computational load of single authority authorization, and improve the security and efficiency. The experimental results and efficiency comparison show that this scheme has advantages in the computational time cost of encryption and decryption, and supports the hiding of access policies and the traceability of users who violate the rules, thus greatly improving the security of this scheme.