计算机工程与应用 ›› 2020, Vol. 56 ›› Issue (13): 114-119.DOI: 10.3778/j.issn.1002-8331.1903-0203

• 网络、通信与安全 • 上一篇    下一篇

高效可撤销的身份基在线离线加密方案

王占君,马海英,王金华,李燕   

  1. 1.南通大学 理学院,江苏 南通 226019
    2.南通大学 信息科学技术学院,江苏 南通 226019
  • 出版日期:2020-07-01 发布日期:2020-07-02

Efficiently Revocable Identity-Based Online/Offline Encryption Scheme

WANG Zhanjun, MA Haiying, WANG Jinhua, Li Yan   

  1. 1.School of Science, Nantong University, Nantong, Jiangsu 226019, China
    2.School of Information Science and Technology, Nantong University, Nantong, Jiangsu 226019, China
  • Online:2020-07-01 Published:2020-07-02

摘要:

身份基加密(IBE)需要提供一种有效的成员撤销机制,然而,现有可撤销成员的IBE方案存在密钥更新和加密运算量过大的问题,可能使执行该操作的设备成为系统的瓶颈。将完全子树方法和在线离线技术相结合,通过修改指数逆类型IBE的密钥生成和加密算法,提出了一种高效可撤销的身份基在线离线加密方案。方案利用完全子树方法生成更新钥,使得撤销用户无法获得更新钥,进而失去解密能力;利用在线离线技术,将大部分加密运算在离线阶段进行预处理,使得在线阶段仅执行少量简单计算即可生成密文。与相关知名方案相比,该方案不仅提高密钥生成中心的密钥更新的效率,而且极大减少了轻量级设备的在线加密工作量,适合于轻量级设备保护用户隐私信息。

关键词: 身份基加密, 完全子树方法, 成员撤销, 在线/离线加密, 轻量级设备

Abstract:

Identity Based Encryption(IBE) must provide an effective member revocation mechanism. However, the existing revocable member IBE scheme has the excessive computation problems of key update and encryption, which may make the devices performing the operations become the bottleneck of the system. This paper combines the complete subtree method and the online/offline technology, modifies the key generation and encryption algorithm of exponential inverse type IBE, and proposes an efficiently revocable identity-based online/offline encryption scheme. In this scheme, the complete subtree method is used to generate the update key, which makes the revoked user unable to obtain the update key and lose the decryption ability. The majority of the encryption operations are preprocessed in the off-line phase by using the online /offline technique, so that only a few simple calculations can be performed in the online phase to generate ciphertext. Compared with other well-known schemes, this scheme not only improves the efficiency of key update for key generation center, but also greatly reduces the online encryption workload of restricted devices. It is suitable for lightweight devices to protect users' privacy information.

Key words: identity-based encryption, complete subtree method, member revocation, online/offline encryption, lightweight device