用户和属性授权机构可追责的在线/离线属性基加密方案

属性基加密作为一种一对多的加密机制,能够为云存储提供良好的安全性和细粒度访问控制。但在密文策略属性基加密中,一个解密私钥可能会对应多个用户,因此用户可能会非法共享其私钥以获取不当利益,半可信的属性授权机构亦可能会给非法用户颁发解密私钥。此外,加密消息所产生的指数运算随着访问策略复杂性的增加而增长,其产生的计算开销给通过移动设备进行加密的用户造成了重大挑战。对此,文中提出了一种支持大属性域的用户和属性授权机构可追责的在线/离线密文策略属性基加密方案。该方案是基于素数阶双线性群构造的,通过将用户的身份信息嵌入该用户的私钥中实现可追责性,利用在线/离线加密技术将大部分的加密开销转移至离线阶段。最后,给出了方案在标准模型下的选择性安全和可追责证明。分析表明,该方案的加密开销主要在离线阶段,用于追责的存储开销也极低,其适用于使用资源受限的移动设备进行加密的用户群体。

Online/Offline Attribute-based Encryption with User and Attribute Authority Accountability

As a one-to-many encryption mechanism,attribute-based encryption can provide good plaintext security and fine-grained access control for cloud storage.However,in ciphertext-policy attribute-based encryption,one decryption private key may correspond to multiple users,so users may illegally share their private keys for improper benefits,and semi-trusted attribute authority may issue decryption private keys to illegal users.In addition,the exponential computation generated by encrypting messages grows as the complexity of access policies increases,and the computational overhead generated poses a significant challenge to users who encrypt via mobile devices.Aiming at the above problems,this paper proposed an online/offline ciphertext-policy attribute-based encryption scheme with user and attribute authority accountability that supports large universe of attributes,the scheme is constructed based on prime order bilinear groups.By embedding the user’s identity information into the user’s private key to achieve accountability,and uses the online/offline encryption technology to move most of the encryption overhead to the offline phase.Lastly,the selective security and accountable proof of the scheme in the standard model was given.The analysis shows that the encryption overhead of the scheme is mainly in the offline phase,and the storage cost for tracking is also extremely low,which is suitable for users who use resource-limited mobile devices for encryption.