多主密钥功能加密:基于LMSSS的M-KP-ABE方案  被引量：1

作　　者：杨晓元[1,2] 蔡伟艺[1] 陈海滨[2] 

机构地区：[1]武警工程学院电子技术系网络与信息安全武警部队重点实验室,西安710086 [2]武警工程学院网络与信息安全研究所,西安710086

出　　处：《计算机研究与发展》2011年第8期1363-1369,共7页Journal of Computer Research and Development

基　　金：国家自然科学基金重点项目(60633020);国家自然科学基金项目(60573036);武警工程学院基础基金项目(WJY201119)

摘　　要：功能加密极大地拓宽了秘密信息的共享方式,但支持多主密钥功能性函数加密方案的构造问题仍未解决,多主密钥功能加密具有更强的表达能力和更广义的特性.在功能加密的一个子类密钥策略属性基加密上,首次提出了多主密钥形式的安全模型M-KP-ABE.利用线性多秘密共享方案,设计了该安全模型下的一个支持多主密钥功能性函数的加密方案.基于DBDH假设,在标准模型下证明方案在适应性选择挑战和自适应选择明文攻击下是安全的.该方案加密数据的访问策略更为灵活,可退化为单主密钥的加密方案,可构造具有精细访问树的方案,其计算量与单主密钥方案相等,具有较高的效率.Functional encryption opens up a much larger world of possibilities for sharing encrypted data. It is sufficient for many emerging applications. Some recent work aimed at constructing different types of fine-grained encryption systems which could be cast in the framework of functional encryption,such as IBE, ABE, PE, but they only focused on the systems that supported single- authority-key functionality. We extend functional encryption to multiple-authority-key functional encryption, which can provide more sophisticated and flexible functionality. This system allows an encryptor to specify a policy and a capability by describing what users can learn from the ciphertext. The policies are similar to what were defined in the previous systems and the capabilities are expressed as different kinds of authority keys. This paper gives a security model for a class of multiple- authority-key functional encryption, multiple-authority-key KP-ABE. A new KP-ABE scheme,which supports functionalities taken in multiple authority keys, is proposed in the given security model. Our techniques allow for any attribute access the structure expressed by a linear multi-secret sharing scheme （LMSSS） matrix M. Based on the assumption of DBDH, this scheme is proven to be selectively secure in the standard model under chosen plaintext attack, tt is easy to derive the single- authority-key scheme from the multiple-authority-key scheme and construct fine-grained tree-access structure. The computational cost of our scheme is equal to the single-authority-key scheme, which makes it more appropriate in many practical applications.

关 键 词：密钥策略属性基加密 线性多秘密共享方案 功能加密 功能性函数 双线性对 

分 类 号：TP311.52[自动化与计算机技术—计算机软件与理论]