隐藏访问策略的可追踪属性基加密方案

属性基加密作为一种一对多的加密机制，能够为云存储提供良好的安全性和细粒度访问控制。但在密文策略属性基加密中，一个解密私钥可能会对应多个用户，用户可能会非法共享其私钥以获取不当利益；另外，访问策略通常包含敏感信息，这对隐私性要求较高的场合造成了重大挑战。针对上述问题，提出一个隐藏访问策略的可追踪密文策略属性基加密方案。该方案基于合数阶双线性群进行构造，通过将用户的身份信息嵌入到该用户的私钥中实现可追踪性，将访问策略中的特定敏感属性值隐藏在密文中实现策略隐藏，利用解密测试技术提高解密效率，给出了在标准模型下方案是完全安全和可追踪的证明。对比分析表明，该方案在解密运算方面有所优化，从而降低了解密运算开销，提高了效率。

Traceable Attribute-Based Encryption with Hidden Access Policies

As a one-to-many encryption mechanism, attribute-based encryption can provide good plaintext security and fine-grained access control for cloud storage. However, in ciphertext-policy attribute-based encryption, one decryption private key may correspond to multiple users, who may illegally share their private keys for improper benefits. In addition, access policies often contain sensitive information, which poses a major challenge to situations with high privacy requirements. Aiming at the above problems, this paper proposes a traceable ciphertext-policy attribute-based encryption scheme with hidden access policies that supports large universe of attributes. The scheme is constructed on composite order bilinear groups, and the traceability is achieved by embedding the user’s identity information into the private key. The specific sensitive attribute values in the access policy are hidden in the ciphertext to achieve policy hiding, and the decryption test technology is used to improve the decryption efficiency. It is proved that the scheme is fully secure and traceable in the standard model. Comparative analysis shows that the scheme is optimized in the decryption operation, which reduces the decryption operation overhead and improves the efficiency.