• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

计算机工程与科学 ›› 2023, Vol. 45 ›› Issue (10): 1779-1788.

• 计算机网络与信息安全 • 上一篇    下一篇

支持复杂访问策略的属性基加密方案

许城洲1,李陆2,张文涛1   

  1. (1.中国航天系统科学与工程研究院,北京 100037;2.中国航天科技集团有限公司,北京 100048)
  • 收稿日期:2022-09-27 修回日期:2023-03-15 接受日期:2023-10-25 出版日期:2023-10-25 发布日期:2023-10-17

An attribute-based encryption scheme supporting complex access policies

XU Cheng-zhou1,LI Lu2,ZHANG Wen-tao1   

  1. 1.China Aerospace Academy of Systems Science and Engineering,Beijing 100037;
    2.China Aerospace Science and Technology Corporation,Beijing 100048,China)
  • Received:2022-09-27 Revised:2023-03-15 Accepted:2023-10-25 Online:2023-10-25 Published:2023-10-17

摘要: 针对属性基加密的访问结构,提出一种支持复杂访问策略的属性基加密方案。方案将简化有序二元决策图(ROBDD)作为访问结构,用户属性集对应ROBDD中一个路径,ROBDD不仅可以表示任何关于属性的布尔函数,还能通过简化访问结构中的节点减少有效路径,防止无关属性干扰,从而降低加密阶段的计算开销。通过布尔函数整合有效路径特征值,密文不用额外存储复杂访问策略中的多个有效路径特征值,降低了密文存储开销。方案将属性认证计算外包给解密服务器,降低了解密阶段用户本地计算开销;使用群元素幂运算代替双线性配对,降低了方案的计算开销。方案在安全模型中被证明是IND-CPA安全的。性能分析和实验仿真表明,本文方案的计算开销和存储开销更低。

关键词: 属性基加密, 简化有序二元决策图, 支持复杂访问策略, 轻量级运算

Abstract: Aiming at the access structure of attribute-based encryption, this paper proposes an attribute-based encryption scheme that supports complex access policies. The scheme uses reduced ordered binary decision diagrams (ROBDDs) as the access structure, where a user's attribute set corresponds to a path in the ROBDD. The ROBDD can not only represent any Boolean function about attri- butes, but also reduce valid paths by simplifying nodes in the access structure, thereby preventing interference from irrelevant attributes and reducing the computational cost in the encryption phase. By integrating effective path feature values into Boolean functions, the ciphertext does not need to store multiple effective path feature values in complex access policies, reducing the storage cost of the ciphertext. The scheme outsources attribute authentication computation to the decryption server, reducing the local computation cost of users in the decryption phase, and uses group element exponentiation instead of bilinear pairing to reduce the computational cost of the scheme. The security model proves that the scheme is IND-CPA secure, and performance analysis and experimental simulation show that the proposed scheme has lower computational and storage costs.


Key words: attribute-based encryption, reduced ordered binary decision diagram (ROBDD), complex access policies, lightweight computing