《计算机应用》唯一官方网站

• •    下一篇

基于区块链可撤销属性的去中心化属性基加密方案

马海英,李金舟,杨及坤   

  1. 南通大学
  • 收稿日期:2023-02-17 修回日期:2023-05-04 发布日期:2023-08-14 出版日期:2023-08-14
  • 通讯作者: 马海英
  • 基金资助:
    2021南通市基础科学研究项目;国家自然科学基金项目;河南省青年骨干教师培养计划项目

Blockchain-based decentralizing attribute-based encryption for revocable attribute

  • Received:2023-02-17 Revised:2023-05-04 Online:2023-08-14 Published:2023-08-14
  • Supported by:
    the 2021 Nantong Basic Science Research Project;The National Natural Science Foundation of China

摘要: 摘 要: 针对现有属性基加密方案存在属性撤销效率低、用户属性密钥的分发和撤销难以协调等问题,提出了一种基于区块链可撤销的去中心化属性基加密(BRDABE)方案。首先,利用共识驱动的区块链构架,将密钥分发的信任问题从属性权威映射到分布式账本上,利用智能合约记录用户属性和数据共享的状态,协助属性权威实现用户属性的撤销。当撤销用户的属性时,属性权威利用智能合约自动筛选出所涉及的数据所有者和未撤销授权用户,生成与撤销属性相关的密文更新钥和密钥更新钥,使其链下进行密文和密钥更新。其次,将版本钥和用户全局身份嵌入属性私钥中,在用户解密时,使得会话密钥密文和用户属性私钥中的身份能够相互抵销。基于合理假设,证明本BRDABE方案能够抵抗用户的合谋攻击,且满足用户属性撤销的前向和后向安全性。实验结果表明,随着用户属性个数的增加,用户密钥生成、加密解密和属性撤销的时间成线性增长。在属性个数相同的情况下,与DABE和 DAC-MACS方案相比,本方案的解密和属性撤销效率至少提升了90%。因此,本BRDABE方案不仅提高了属性撤销的效率,而且保障了共享数据的前向和后向安全性。

关键词: 多权威属性基加密, 属性撤销, 访问控制, 外包计算, 区块链

Abstract: Abstract: For the problems of existing attribute-based encryption schemes, such as low efficiency of attribute revocation and difficulty in coordinating the distribution and revocation of user private keys, a blockchain-based decentralizing attribute-based encryption (BRDABE) with attribute revocation was proposed. In the BRDABE, the consensus-driven blockchain architecture was used to map the trust issue of key distribution from the attribute authority to the distributed ledger, and smart contracts were used to record the status of user attributes and data sharing, and assist the attribute authority to revoke user attributes. When revoking a user's attribute, the attribute authority used the smart contract to automatically screen out the involved data owners and non-revoked authorized users, and computed the ciphertext update key and key update key related to the revoked attribute, and made the ciphertext and key update off-chain. Then the version key and the user's global identity were embedded in the attribute private key, so that the identities in the session key ciphertext and the user's attribute private key can cancel each other when the user decrypts. Based on reasonable assumptions, the BRDABE scheme was proved to resist the collusion attack of users, and satisfied the forward and backward security of user attribute revocation. The experimental results showed that with the increase of the number of user attributes, the time of user key generation, encryption and decryption and attribute revocation increases linearly. In the case of the same number of attributes, compared with the DABE and DAC-MACS schemes, the efficiency of decryption and attribute revocation of the BRDABE scheme was improved by at least 90%. Therefore, this scheme not only improved the efficiency of attribute revocation, but also guaranteed the forward and backward security of shared data.

Key words: attribute-based encryption, attribute revocation, Access control, outsourcing computing, blockchain

中图分类号: 

版权所有 © 2021 四川计算机应用杂志社有限公司
蜀ICP备 05010208 号-3 新出网证(川)字026号
技术支持:北京玛格泰克科技发展有限公司
访问总数:
今日访问: