解密成本为常数的具有追踪性的密文策略属性加密方案

Traceable Ciphertext-policy Attribute-based Encryption Scheme with Constant Decryption Costs

该文针对单调访问结构提出了一个解密成本为常数的具有追踪性的密文策略属性加密(CP-ABE)方案,该方案基于合数阶双线性群实现了标准模型下的适应安全性。在所有已知的追踪性CP-ABE方案中,都使用线性秘密共享方案(LSSS)来表示单调访问结构,并用LSSS矩阵加密明文数据。因此,其加密成本都随着LSSS矩阵的大小成线性增长,同时解密成本则随着满足要求的属性数量成线性增长。而在该文提出的追踪性CP-ABE方案中,使用最小授权子集集合来表示单调访问结构,并用该子集集合加密明文数据。因此,其加密成本随着最小授权子集的集合大小成线性增长,对于某些单调访问结构,该文方案具有更短的密文长度和更小的加密成本。最重要的是,该文方案进行解密时,只需要3个双线性对操作和2个指数操作,解密成本为常数,实现了更快更高效的数据解密。最后基于合数阶双线性群下的3个静态假设对方案进行了安全性证明,并进行了性能分析与实验验证。

This paper puts forward a traceable Ciphertext-Policy Attribute-Based Encryption （CP-ABE） scheme for Monotone Access Structure （MAS）, which is proved secure adaptively in the standard model by using composite order bilinear groups. To date, for all traceable CP-ABE schemes, the MAS is represented by the Linear Secret Sharing Scheme （LSSS） and then the data are encrypted by using the corresponding LSSS matrix. Therefore their encryption costs are linear with the size of the LSSS matrix, and the decryption costs are linear with the number of qualified rows in the LSSS matrix. However, in the proposed traceable CP-ABE scheme, the MAS is represented by the set of minimal authorized set and then the data are encrypted by using the corresponding set. Therefore, the encryption costs are polynomial with the number of minimal authorized set, and for some access policies, the proposed scheme may have shorter ciphertext and lower encryption costs. In addition, the most important thing is that the proposed decryption needs only three bilinear pairing computations and two exponent computations, which improves the efficiency extremely. Finally, the full security proof of the proposed scheme is given by using three static assumptions along with the detailed performance analysis and experiment validation.