基于区块链免密钥托管的可追踪可撤销属性基加密方案

Blockchain-based traceable and revocable attribute-based encryption scheme with escrow-free

针对密文策略属性基加密(CP-ABE)方案难以高效地同时满足免密钥托管、策略隐藏、用户追踪和撤销问题,提出一种基于区块链免密钥托管的可追踪可撤销属性基加密方案(BETRABE)。首先,区块链网络中的节点为属性机构,用户只需与区块链网络通过公开信道进行少量通信即可获得解密密钥;其次,融合公钥加密对区块链中存储的用户解密密钥进行加密,用户本地只需存储公钥加密的公私钥;另外,追踪系统中泄露密钥的恶意用户,通过将该用户加入撤销列表和云服务器对密文更新实现恶意用户撤销。此外,使用单向匿名密钥协商协议实现密文访问策略全隐藏,进而更好地保护存储在云服务器上密文的隐私性。基于l-SDH(l-Strong Diffie-Hellman)假设在标准模型下进行安全性验证。实验结果表明,BETRABE极大地减少了密钥生成阶段的通信成本和用户的密钥存储开销,加密和解密时间随着用户属性数增加线性增长,且相较于其他方案拥有较高的解密效率。

Aiming at the difficulty of Ciphertext-Policy Attribute-Based Encryption(CP-ABE)scheme cannot efficiently balance the problems of escrow-free,policy hiding,user tracking and revocation,a Blockchain-based Attribute-Based Encryption with Escrow-free,Tracking and Revocation(BETRABE)was proposed.First,the nodes in the blockchain network were attribute organizations,and users only needed a small amount of communication with the blockchain network through open channels to obtain the decryption key due to the transparency of the blockchain.Second,the user’s decryption key stored in the blockchain was encrypted with public key encryption,and thus the user only needed to locally store the public and private keys of the public-key encryption.In addition,malicious users who may disclose keys were tracked,and the revocation of malicious users was achieved by adding these users to the revocation list and updating the ciphertext by the cloud server.Full hiding of access policies was realized by a one-way anonymous key agreement protocol,which could better protect the privacy of ciphertext stored on the cloud server than partial hiding.Security is proved under the standard model based on the l-SDH(l-Strong Diffie-Hellman)assumption.Experimental results show that BETRABE greatly reduces the communication cost between the user and authorities in the key generation phase as well as the users key storage overhead,and encryption time and decryption time increase linearly with the increase of the number of attributes,and the decryption is more efficient compared to other schemes.