面向云存储的支持完全外包属性基加密方案

Fully Outsourced Attribute-Based Encryption with Verifiability for Cloud Storage

广泛应用于云存储环境的属性基加密方案在密钥生成、数据加密和解密阶段需要大量计算资源,且计算量与属性集合或访问策略复杂度呈线性增长关系,该问题对于资源受限的用户变得更加严重.为解决上述问题,提出一种支持可验证的完全外包密文策略属性基加密方案.该方案可以同时实现密钥生成、数据加密和解密阶段的外包计算功能,并且能够验证外包计算结果的正确性.该方法可以有效减轻云存储系统中属性授权机构、数据拥有者和数据用户的计算负担.然后,在随机预言机模型下证明了所提方案的选择明文攻击的不可区分安全性,提供了所提方案的可验证性证明.最后,理论分析与实验验证结果表明所提方案在功能性和效率方面具有优势,更加适合实际应用情况.

Attribute-based encryption(ABE)is a promising cryptographic primitive which significantly enhances the versatility of access control mechanisms in the cloud storage environment.However,the computation cost of most ABE schemes is considerably expensive during key generation,encryption and decryption phases.And the computation cost,which grows with the complexity of the access policy or the attribute set,is becoming critical barriers in applications running on resource-limited devices.Aiming at tackling the challenge above,a fully outsourced ciphertext-policy attribute-based encryption scheme with verifiability is proposed in this paper.The proposed scheme can achieve outsourced key generation,encryption and decryption simultaneously.In the proposed scheme,heavy computations are outsourced to public cloud service providers,and no complex operations are left for the attribute authority,data owner and data user.At the same time,the scheme can verify the correctness of the computing result in an efficient way,which is very important.The proposed scheme is proven to be indistinguishable against chosen plaintext attack secure under the random oracle model and is provided with verifiable proof.Finally,the results of theoretical analysis and experimental simulation show that the proposed scheme has advantages in function and efficiency,and it is more suitable for practical applications.