摘要
针对在云计算环境下数据共享时存在的数据集中存储、数据共享困难等问题,通过结合多条件代理重加密和基于属性代理重加密,提出面向多用户的支持多授权条件的基于属性代理重加密方案.该方案支持多个关键词授权条件下的密文数据细粒度访问,能够对密文共享的授权条件和授权范围进行限定,只有属性集符合密文中的访问结构以及关键词与密文所设的关键词一致时,用户才能访问数据.该方案还支持灵活的用户撤销,防止密文未经授权被合谋解密,保护了数据所有者的敏感信息.通过可证明安全分析,在一般群模型下,该方案具有选择明文攻击安全性;与其他条件代理重加密方案相比,其所支持的功能更具有多样性.
Considering the problems such as centralized data storage and difficulty in data sharingin cloud computing environments, based on the combination of multi-conditional proxy reencryptionand attribute-based proxy re-encryption, a multi-conditional attribute-based thresholdproxy re-encryption scheme which supports multiple authorization conditions is proposed. Thescheme supports fine-grained access to ciphertext data under multiple keyword authorizationconditions, and can limit the authorization conditions and scope of ciphertext sharing. Only whenthe attribute set meets the access structure in the ciphertext and the keywords are consistent withthe keywords set in the ciphertext, users can access the data. This solution achieves fine-grainedaccess to ciphertext data under multiple keyword authorization conditions, supports flexible userrevocation, prevents unauthorized decryption of ciphertext by conspirators, and protects thesensitive information of data owners. Through the provable security analysis, it is shown thatunder the general group model, the scheme can resist chosen plaintext attack;compared with otherconditional proxy re-encryption schemes, the functions it supports are more diverse.
作者
陈曦
李勇
李如先
Chen Xi;Li Yong;Li Ruxian(Linklogis,Shenzhen,Guangdong 518063;School of Electronic and Information Engineering,Beijing Jiaotong University,Beijing 100044)
出处
《信息安全研究》
CSCD
2023年第7期667-674,共8页
Journal of Information Security Research
关键词
数据安全流通
密文共享
基于属性代理重加密
多授权条件
条件代理重加密
secure data circulation
ciphertext sharing
attribute-based proxy re-encryption
multiple authorization conditions
conditional proxy re-encryption
