属性匹配检测的匿名CP-ABE机制

属性基加密（简称ABE）机制以属性为公钥,将密文和用户私钥与属性关联,能够灵活地表示访问控制策略,从而极大地降低数据共享细粒度访问控制带来的网络带宽和发送节点的处理开销.作为和ABE相关的概念,匿名ABE机制进一步隐藏了密文中的属性信息,因为这些属性是敏感的,并且代表了用户身份.匿名ABE方案中,用户因不确定是否满足访问策略而需进行重复解密尝试,造成巨大且不必要的计算开销.文章提出一种支持属性匹配检测的匿名属性基加密机制,用户通过运行属性匹配检测算法判断用户属性集合是否满足密文的访问策略而无需进行解密尝试,且属性匹配检测的计算开销远低于一次解密尝试.结果分析表明,该解决方案能够显著提高匿名属性基加密机制中的解密效率.同时,可证明方案在双线性判定性假设下的安全性.

Anonymous Attribute-based Encryption Supporting Attribute Matching-Test

Attribute-based encryption （ABE） scheme takes attributes as the public key and associates the ciphertext and user＇s secret key with attributes, so that it can support expressive access control policies. This dramatically reduces the cost of network bandwidth and sending node operation in fine-grained access control of data sharing. Anonymous ABE, which is a relevant notion to ABE, further hides the receivers＇ attribute information in ciphertexts because many attributes are sensitive and related to the identity of eligible users. In the anonymous ABE scheme, a user repeats decryption attempts as he doesn＇t know whether the attributes match the policy, the computation overhead of each decryption is high and unnecessary.This paper proposes a new anonymous attribute-based encryption scheme which supports attribute matching-test, users can run the attribute matching-test algorithm to judge whether the set of attributes meet the ciphertext access policy without decrypting ciphertext. In this construction, the computation cost of such a test is much less than one decryption attempt. The proposed construction is proven to be secure on decisional bilinear Diffie-Hellman assumption.In addition,the result indicates that the proposed construction can significantly improve the efficiency of decryption.