隐藏树型访问结构的属性加密方案

Attribute-based Encryption Scheme with Hidden Tree Access Structures

在传统的属性加密算法中,加密者把密文消息发送给解密用户的同时,将访问结构一同发给用户,但有时访问结构本身就包含隐私信息.然而,在现有的隐藏访问结构的CP-ABE方案中,大多数方案的访问控制仅仅满足与门结构,无法实现属性密码对于细粒度访问控制的要求.少数满足细粒度访问结构的方案,由于密钥和密文太长以及运算量过大都无法满足现实需求,实用性不强.本文在非对称双线性映射下实现树型访问控制结构,提出一个新的在素数阶群中隐藏树型访问结构的CP-ABE方案.新方案通过密文策略的属性加密(CP-ABE)算法把访问结构隐藏在密文消息中,实现了保护明文和隐藏访问结构的功能,有效解决了用户可以通过分析访问结构得到加密者部分信息以及了解哪些用户可以解密密文的问题.该方案利用非对称DBDH-3假设,在标准模型下证明是完全安全的.与同类的方案相比,新方案不仅实现了细粒度的访问控制结构,而且在密钥和密文减少的同时,提高了运算效率,大大增加了方案在实际应用中的可行性.

In most traditional attribute-based encryption schemes, encryptor often sends ciphertext to decryptor along with an access structure, but sometimes the access structure itself contains privacy information. However, existing anonymous ciphertext-policy attribute-based encryption can only support And-gate, those schemes do not meet the demand of attribute-based fine-grained access control structures. A few schemes which achieve fine-grained access structures are far away from practical requirements, because of the long ciphertext and keys and a large amount of computational cost. This paper proposes a new anonymous ciphertext-policy attribute-based encryption scheme over a prime order bilinear group, which is based on access tree by using asymmetric bilinear pairings. This new scheme hides access structure in ciphertext by CP-ABE, which comes to protect the plaintext and hides the access structure. And the problem that decryptor will get related information about encryption by analyzing the access structure and know the identity of eligible users is solved. The scheme relies on the Decision Bilinear Diffie-Hellman Problem in Type3 (DBDH-3) assumptions, and is proven to be fully secure under standard model. Compared with other similar constructions, the performance advantage of the proposed scheme achieves fine-grained access control, and improves efficiency of computation and feasibility in practical applications while reducing key and ciphertext length.