• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

计算机工程与科学 ›› 2013, Vol. 35 ›› Issue (9): 94-98.

• • 上一篇    下一篇

一种基于策略控制的可撤销属性基代理加密方案

池水明1,陈勤2,党正芹2   

  1. (1. 金华比奇网络技术有限公司,浙江 金华 321017;2.杭州电子科技大学计算机学院,浙江 杭州 310018)
  • 收稿日期:2012-06-25 修回日期:2012-08-17 出版日期:2013-09-25 发布日期:2013-09-25
  • 基金资助:

    浙江省自然科学基金资助项目(Y1110781)

An attributebased encryption scheme with attribute#br# revocation and key delegation based on policy control      

CHI shuiming1,CHEN qin2,DANG zhengqin2   

  1. (1.Jinhua Biqi Network Technology Company Limited,Jinhua 321017;
    2.School of Computer Science,Hangzhou Dianzi University,Hangzhou 310018,China)
  • Received:2012-06-25 Revised:2012-08-17 Online:2013-09-25 Published:2013-09-25

摘要:

在分析现有一些可撤销属性基加密方案的基础上,提出了一种基于策略控制的可撤销属性基代理加密方案,该方案的仲裁者通过两个策略控制表(属性撤销表和属性代理表)灵活控制属性撤销和解密权利代理。通过查看属性撤销表,仲裁者拒绝对已撤销属性的用户进行解密操作,达到属性即时撤销的目的;当被代理者将解密权利代理出去时,将发送代理转换密钥给仲裁者,仲裁者利用属性代理表判定被代理用户是否具有密钥代理的权利,以达到属性灵活代理的目的。方案采用了线性秘密分享矩阵构造访问策略,以支持灵活的访问控制结构,同时利用了密钥分割技术为用户分发密钥。最后证明了方案的正确性和安全性。

关键词: 属性基密码, 属性撤销, 代理加密, 线性秘密分享机制

Abstract:

Based on the analysis of existing attributebased encryption schemes with attribute revocation, a new attributebased encryption scheme with attribute revocation and key delegation based on policy control is proposed. The arbitrator of scheme can control attribute revocation and key delegation flexibly via two policy table, i.e. table of attribute revocation and table of attribute proxy. By querying the attribute revocation table, the arbitrator refuse to decrypt for the user of which attribute has revoked to achieve the purpose of attribute revocation. When the decryption right is delegated, the key of delegation conversion is sent to the arbitrator. By using of attribute proxy table, the arbitrator decides if the user has the right of delegation, so as to achieve the goal of flexible attribute proxy. The scheme uses a linear secret sharing matrix to construct the access policies in order to support flexible access structure and applies the key division technology to the key distribution. Finally, the correctness and security of proposed scheme are proven.

Key words: attributebased encryption, attribute revocation, proxy encryption, linear secret sharing scheme