去中心化且固定密文长度的基于属性加密方案

Decentralized Attribute-Based Encryption Scheme with Constant-Size Ciphertexts

基于素数阶双线性群,提出了一种去中心化的基于属性加密方案,并在标准模型下证明了方案的安全性.该方案中含有一个中央机构(central authority,CA)和多个属性机构(attribute authority,AA),其中中央机构负责生成与用户全局唯一身份标识绑定的随机值,并且不参与任何属性相关的操作,有效地抵抗了合谋攻击.每个属性机构负责互不相交的属性域并且相互独立,甚至不需要知道其他属性机构的存在.特别地,任何机构都不能独立解开密文.进一步,可以将该方案推广至多中央机构情形,中央机构之间亦相互独立,用户只需在其信任的任何一个中央机构注册即可,实现了真正意义上的"去中心化".该方案中密文长度达到了固定值,同时解密运算只需要2个双线性对,在Charm架构下的仿真实验表明:该方案具有非常高的效率.

Based on prime-order bilinear groups,we propose a decentralized multi-authority attributebased encryption scheme which is proven to be secure in the standard model.Firstly,we construct an attribute-based encryption system with a central authority(CA)and multiple attribute authorities(AAs),where CA is responsible for generating a random value associated with each user's unique global identifier(GID),and does not participate in any operation related to users'attributes.Different users will get different random values,thus they cannot obtain any information beyond authority even through collusion.Every attribute authority is responsible for different attributes domain and they are independent of each other.It's even not necessary to know the existence of each other in the system.In particular,there is no authority that can decrypt a ciphertext alone.Secondly,this scheme can be extended to a decentralized attribute-based encryption with multiple CAs setting,where every CA is also independent of each other,and each user can issue his private key from only one CA.Bringing it into practice under the Charm infrastructure,the results show that the decentralized attribute based encryption schemes are very efficient,whose ciphertexts are of constant size,i.e.,regardless of the number of underlying attributes of access control policy or users.