计算机应用 ›› 2016, Vol. 36 ›› Issue (8): 2225-2230.DOI: 10.11772/j.issn.1001-9081.2016.08.2225

• 网络空间安全 • 上一篇    下一篇

适用于移动用户高效访问外包数据的非对称代理重加密方案

郝伟1, 杨晓元1,2, 王绪安1, 张英男1, 吴立强1   

  1. 1. 武警工程大学 电子技术系, 西安 710086;
    2. 网络与信息安全武警部队重点实验室, 西安 710086
  • 收稿日期:2015-12-23 修回日期:2016-03-28 出版日期:2016-08-10 发布日期:2016-08-10
  • 通讯作者: 郝伟
  • 作者简介:郝伟(1990-),男,内蒙古包头人,硕士研究生,主要研究方向:基于身份的代理重加密;杨晓元(1959-),男,湖南湘潭人,教授,硕士,CCF会员,主要研究方向:密码学、信息安全;王绪安(1981-),男,湖北公安人,副教授,博士研究生,CCF会员,主要研究方向:密码学、信息安全;张英男(1990-),男,陕西西安人,博士研究生,CCF会员,主要研究方向:信息隐藏;吴立强(1986-),男,陕西蓝田人,讲师,硕士,CCF会员,主要研究方向:格密码学、可证明安全。网络出版时间2016-05-0314:19:32。
  • 基金资助:
    国家自然科学基金资助项目(61272492,61572521);陕西省自然科学基金资助项目(2014JM8300);武警工程大学基础研究项目(WJY201422,WJY201523)。

Asymmetric proxy re-encryption scheme of efficient access to outsourcing data for mobile users

HAO Wei1, YANG Xiaoyuan1,2, WANG Xu'an1, ZHANG Yingnan1, WU Liqiang1   

  1. 1. Department of Electronic Technology, Engineering University of Chinese People's Armed Police, Xi'an Shaanxi 710086, China;
    2. Key Laboratory of Network and Information Security of Chinese People's Armed Police, Xi'an Shaanxi 710086, China
  • Received:2015-12-23 Revised:2016-03-28 Online:2016-08-10 Published:2016-08-10
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61272492, 61572521), the Natural Science Foundation of Shaanxi Province (2014JM8300), the Basic Research Program of Engineering University of Chinese People's Armed Police (WJY201422, WJY201523).

摘要: 为使移动设备更加方便快捷地解密存储于云端的外包数据,根据基于身份的广播加密(IBBE)系统和基于身份的加密(IBE)系统,使用Green等提出的解密外包的技术(GREEN M,HOHENBERGER S,WATERS B.Outsourcing the decryption of ABE ciphertexts.Proceedings of the 20th USENIX Conference on Security.Berkeley:USENIX Association,2011:34),提出一种改进的非对称跨加密系统的代理重加密(MACPRE)方案。该方案更适合计算能力有限的移动设备安全共享云端数据。移动用户在解密重加密后的数据时,运行一次指数运算和一次配对运算便可以将明文恢复,大大提高了移动用户解密的效率,降低了移动用户的能耗。该方案的安全性可以归约到底层的IBE方案和IBBE方案的安全性。理论分析和实验结果表明,该方案使得移动设备花费较少的时间便可以将存储在云端的数据解密,缓解了移动设备计算能力的不足,实用性较强。

关键词: 代理重加密, 基于身份的加密, 基于身份的广播加密, 解密外包, 数据共享

Abstract: In order to make the mobile device more convenient and faster decrypt the outsourcing data stored in the cloud, on the basis of Identity-Based Broadcast Encryption (IBBE) system and Identity-Based Encryption (IBE) system, using the technique of outsourcing the decryption proposed by Green et al. (GREEN M, HOHENBERGER S, WATERS B. Outsourcing the decryption of ABE ciphertexts. Proceedings of the 20th USENIX Conference on Security. Berkeley:USENIX Association, 2011:34), a Modified Asymmetric Cross-cryptosystem Proxy Re-Encryption (MACPRE) scheme across the encryption system was proposed. The proposed scheme is more suitable for mobile devices with limited computing power to securely share the data stored in the cloud. When the mobile user decrypts the re-encrypted data, the plaintext can be restored by performing one exponent operation and one bilinear pairing operation, which greatly improves the decryption efficiency of the mobile user and saves the power consumption of the mobile user. The security of this proposed scheme can be reduced to the security of the IBE and IBBE scheme. The theoretical analysis and experimental results show that, the proposed scheme can allow the mobile devices to decrypt data stored in the cloud by spending less time, and ease the problem of limited computing power of the mobile devices. The proposed scheme is more practical.

Key words: proxy re-encryption, Identity-Based Encryption (IBE), Identity-Based Broadcast Encryption (IBBE), decryption outsourcing, data sharing

中图分类号: