关键词: 属性基加密, 可追踪, 策略隐藏, 大属性域, 完全安全

Abstract:

As a one-to-many encryption mechanism, attribute-based encryption can provide good plaintext security and fine-grained access control for cloud storage. However, in ciphertext-policy attribute-based encryption, one decryption private key may correspond to multiple users, who may illegally share their private keys for improper benefits. In addition, access policies often contain sensitive information, which poses a major challenge to situations with high privacy requirements. Aiming at the above problems, this paper proposes a traceable ciphertext-policy attribute-based encryption scheme with hidden access policies that supports large universe of attributes. The scheme is constructed on composite order bilinear groups, and the traceability is achieved by embedding the user’s identity information into the private key. The specific sensitive attribute values in the access policy are hidden in the ciphertext to achieve policy hiding, and the decryption test technology is used to improve the decryption efficiency. It is proved that the scheme is fully secure and traceable in the standard model. Comparative analysis shows that the scheme is optimized in the decryption operation, which reduces the decryption operation overhead and improves the efficiency.

Key words: attribute-based encryption, traceable, policies hidden, large universe of attributes, fully secure