广东工业大学学报 ›› 2024, Vol. 41 ›› Issue (04): 106-113.doi: 10.12052/gdutxb.230079

• 计算机科学与技术 • 上一篇    

一种支持追责和可验证外包解密的属性基加密方案

李彦锋1, 张桂鹏2, 林禄滨1, 杨振国1, 刘文印1   

  1. 1. 广东工业大学 计算机学院, 广东 广州 510006;
    2. 清华大学 计算机科学与技术系, 北京 100084
  • 收稿日期:2023-06-19 发布日期:2024-06-17
  • 通信作者: 刘文印(1966–),男,教授,博士,主要研究方向为网络安全、区块链、模式识别,E-mail:liuwy@gdut.edu.cn
  • 作者简介:李彦锋(1999–),男,硕士研究生,主要研究方向为云安全、区块链,E-mail:liyf053@163.com
  • 基金资助:
    广东省基础与应用基础研究基金资助项目(2021B1515120010)

Accountable and Verifiable Outsourced Decryption for Ciphertext-policy Attribute-based Encryption

Li Yan-feng1, Zhang Gui-peng2, Lin Lu-bin1, Yang Zhen-guo1, Liu Wen-yin1   

  1. 1. School of Computer Science and Technology, Guangdong University of Technology, Guangzhou 510006, China;
    2. Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China
  • Received:2023-06-19 Published:2024-06-17

摘要: 在传统密文属性基加密方案中,单个解密私钥与用户往往处于一对多的从属关系,导致恶意用户或半可信属性授权机构可能为了攫取利益而向非授权第三方泄露解密私钥。此外,用户解密阶段中需要进行大量的配对计算,为资源受限的终端用户带来了巨大的计算开销负担。为此,文中提出了一种支持追责和可验证外包解密的属性基加密方案,利用可验证外包解密技术,将大部分加密开销转移至解密代理,以节省终端用户计算开销。同时,通过在用户私钥中嵌入用户身份信息以及对属性授权机构不可见的秘密信息,实现了对用户和属性授权机构的公开追责。安全性分析证明了本方案在标准模型下具有选择性安全、可追责性和外包解密的可验证性;性能分析结果也表明本方案的解密开销主要在解密代理一方,适用于资源受限的移动设备用户。

关键词: 属性基加密, 可追责, 外包解密, 可验证

Abstract: A single decryption private key is subordinate to multiple users in traditional ciphertext attribute-based encryption schemes, which makes it possible for malicious users or semi-trusted attribute authorities to reveal the decryption private key to third unauthorized parties in order to gain benefits. Moreover, the decryption stage requires numerous pairing calculations, resulting to a huge burden to the end users with limited computing power. To address these issues, this paper proposes an accountable and verifiable outsourced decryption for ciphertext-policy attribute-based encryption. By deploying verifiable outsourcing decryption technology, the majority of the encryption overhead is shifted to the decryption agents , such that the computational load on end users can be reduced. By embedding user identity information and secret information that remains invisible to attribute authority into the user's private key, public accountability of both users and attribute authority is achieved. Security analysis demonstrates that our proposed scheme provides selective security, accountability, and verifiability of outsourcing decryption under the standard model. Performance analysis also indicates that the decryption cost of this scheme mainly lies on the decryption agent side, making it applicable for mobile device users with limited resources.

Key words: attribute-based encryption, accountable, outsourced decryption, verifiable

中图分类号: 

  • TP309.7
[1] HUANG Q, YAN G, WEI Q. Attribute-based expressive and ranked keyword search over encrypted documents in cloud computing [J]. IEEE Transactions on Services Computing, 2023, 16(2): 957-968.
[2] WATERS B. Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization[C]// Public Key Cryptography-PKC 2011: 14th International Conference on Practice and Theory in Public Key Cryptography. Berlin Heidelberg: Springer, 2011: 53-70.
[3] GREEN M, HOHENBERGER S, WATERS B. Outsourcing the decryption of ABE ciphertexts[C]//USENIX Security Symposium. [S. l.: s. n.], 2011.
[4] QIN B, DENG R H, LIU S, et al. Attribute-based encryption with efficient verifiable outsourced decryption [J]. IEEE Transactions on Information Forensics and Security, 2015, 10(7): 1384-1393.
[5] EL GAFIF H, TOUMANARI A. Efficient ciphertext-policy attribute-based encryption constructions with outsourced encryption and decryption[J]. Security and Communication Networks, 2021. DOI:10.1155/2021/8834616.
[6] ZHONG H, ZHOU Y, ZHANG Q, et al. An efficient and outsourcing-supported attribute-based access control scheme for edge-enabled smart healthcare [J]. Future Generation Computer Systems, 2021, 115: 486-496.
[7] ZHANG L, YOU W, MU Y. Secure outsourced attribute-based sharing framework for lightweight devices in smart health systems [J]. IEEE Transactions on Services Computing, 2022, 15(5): 3019-3030.
[8] HONG L, ZHANG K, GONG J, et al. Blockchain-based fair payment for ABE with outsourced decryption [J]. Peer-to-Peer Networking and Applications, 2023, 16(1): 312-327.
[9] WANG Y T, CHEN K F, CHEN J H. Attribute-based traitor tracing [J]. Journal of Information Science and Engineering, 2011, 27(1): 181-195.
[10] LIU Z, CAO Z, WONG D S. White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures [J]. IEEE Transactions on Information Forensics and Security, 2012, 8(1): 76-88.
[11] NING J, DONG X, CAO Z, et al. White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes [J]. IEEE Transactions on Information Forensics and Security, 2015, 10(6): 1274-1288.
[12] NING J, CAO Z, DONG X, et al. White-box traceable CP-ABE for cloud storage service: how to catch people leaking their access credentials effectively [J]. IEEE Transactions on Dependable and Secure Computing, 2018, 15(5): 883-897.
[13] HAN D, PAN N, LI K C. A traceable and revocable ciphertext-policy attribute-based encryption scheme based on privacy protection [J]. IEEE Transactions on Dependable and Secure Computing, 2022, 19(1): 316-327.
[14] HE X, LI L, PENG H. An enhanced traceable CP-ABE scheme against various types of privilege leakage in cloud storage [J]. Journal of Systems Architecture, 2023, 136: 102833.
[15] NING J, DONG X, CAO Z, et al. Accountable authority ciphertext policy attribute-based encryption with white-box traceability and public auditing in the cloud[C]//European Symposium on Research in Computer Security. Cham: Springer, 2015, 9327: 270-289.
[16] ZHANG X, JIN C, LI C, et al. Ciphertext-policy attribute-based encryption with user and authority accountability[C]//International Conference on Security and Privacy in Communication Systems. Cham: Springer, 2015, 164: 500-518.
[17] ZHANG L, ZHAO C, WU Q, et al. A traceable and revocable multi-authority access control scheme with privacy preserving for mHealth [J]. Journal of Systems Architecture, 2022, 130: 102654.
[18] HEI Y, LIU J, FENG H, et al. Making MA-ABE fully accountable: a blockchain-based approach for secure digital right management [J]. Computer Networks, 2021, 191: 108029.
[19] LI Q, ZHU H, YING Z, et al. Traceable ciphertext-policy attribute based encryption with verifiable outsourced decryption in ehealth cloud[J]. Wireless Communications and Mobile Computing, 2018. DOI:10.1155/2018/1701675.
No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!