离线/在线的可验证外包属性代理重加密方案

Offline/Online Attribute-Based Proxy Re-Encryption with Verifiable Outsourced Decryption

基于密文策略的属性代理重加密方案可以同时实现灵活的访问控制和云端密文共享功能。但现有的属性代理重加密方案多以双线性映射构造而成,面临着加解密运算效率低的问题。为解决上述问题,本文提出一种新的加密方案:离线/在线的可验证外包属性代理重加密方案(offline/online attribute-based proxy re-encryption with verifiable outsourced decryption, VF-OO-ABPRE)。基于已有的外包解密属性加密方案,利用离线/在线加密技术,对加密算法进行改进,提高加密效率,结合代理重加密的思想,实现密文共享。同时将解密工作外包给云服务商,并且能够快速地验证外包解密计算结果的正确性。理论分析表明本方案在随机预言机模型中满足选择明文攻击的不可区分安全性,并且提供了外包的可验证性证明,同时能抵抗共谋攻击。

Ciphertext policy attribute-based proxy re-encryption (CP-ABPRE) can achieve both flexible access control and ciphertext sharing in the cloud. The existing CP-ABPRE schemes are mostly constructed by bilinear mapping, and the operations of encryption and decryption have low efficiency. To solve these problems, an offline/online attribute-based proxy re-encryption with verifiable outsourced decryption (VF-OO-ABPRE) is proposed in this paper. Based on the existing outsourcing of the decryption of ABE ciphertexts scheme, and by using offline/online encryption technology to improve the encryption algorithm, the proposed scheme can improve the encryption efficiency. Combined with the proxy re-encryption, the ciphertext sharing in the cloud is realized. At the same time, the scheme outsources the decryption work to the cloud service provider, and can verify the correctness of the computing results in an efficient way. The results of theoretical analysis show that the proposed scheme satisfies the chosen plaintext attack secure under the random oracle model and is provided with verifiable outsourced decryption’s proof, it also can resist collusive attack.