计算机工程与应用 ›› 2022, Vol. 58 ›› Issue (19): 124-134.DOI: 10.3778/j.issn.1002-8331.2107-0487

• 网络、通信与安全 • 上一篇    下一篇

区块链中可验证外包解密的匿名属性加密方案

庄朝源,郭瑞,杨耿   

  1. 1.西安邮电大学 网络空间安全学院,西安 710121
    2.西安邮电大学 无线网络安全技术国家工程实验室,西安 710121
  • 出版日期:2022-10-01 发布日期:2022-10-01

Anonymous Attribute?Based Encryption Scheme with Verifiable Outsourcing Decryption in Blockchain

ZHUANG Chaoyuan, GUO Rui, YANG Geng   

  1. 1.School of Cyberspace Security, Xi’an University of Posts and Telecommunications, Xi’an 710121, China
    2.National Engineering Laboratory for Wireless Security, Xi’an University of Posts and Telecommunications, Xi’an 710121, China
  • Online:2022-10-01 Published:2022-10-01

摘要: 属性加密是云计算环境下实现数据机密性和细粒度访问控制的关键技术。然而,一般的属性加密方案中存在访问策略敏感信息泄露、解密成本高、属性授权机构权力过大等问题。为了解决上述问题,提出一种基于区块链的可验证外包解密的匿名属性加密方案。该方案使用策略隐藏保护敏感属性信息,通过两方共同生成完整属性密钥,在解密前进行属性匹配操作。利用区块链不可篡改性存储验证参数存储对第三方外包解密结果进行正确性验证,并使用区块链生成、存储属性证书。在随机谕言模型下证明了选择性密文策略和选择明文攻击的安全性,并与其他方案进行功能、通信开销对比,使用PBC Go密码学库对方案进行仿真,仿真结果表明该方案可以有效地减少用户解密开销。

关键词: 属性加密, 策略隐藏, 属性匹配, 外包解密, 区块链

Abstract: Ciphertext-policy attribute-based encryption(CP-ABE) is one of the key technology to achieve data confidentiality and fine-grained access control in a cloud environment. However, general CP-ABE schemes have some problems, such as the access policy sensitive information leakage, the high decryption cost and the too much power of attribute authority. In order to solve these problems, an anonymous attribute-based encryption scheme with verifiable outsourcing decryption based on blockchain(AVOCB-ABE) is proposed. The scheme uses policy-hiding idea to protect sensitive attribute information, uses both parties to generate the complete attribute key, and introduces attribute matching operation before decryption. In addition, the scheme uses the non-tampering feature of blockchain to storage verification parameters which can verify the outsourcing decryption results, the blockchain is used to generate and store attribute certificates. Finally, the security of selective ciphertext-policy and chosen-plaintext attacks is proved under the random oracle model, the scheme is compared with other schemes in function and communication overhead, simulated by using PBC Go cryptographic library, the results show that the scheme reduces the user’s decryption calculation.

Key words: attribute-based encryption, policy-hiding, attribute matching, outsourced decryption;blockchain