改进的基于证书条件代理重加密方案  被引量：4

作　　者：徐洁如 陈克非[1,2,3] 沈忠华 徐晓栋[1] 刘艳 XU Jie-Ru;CHEN Ke-Fei;SHEN Zhong-Hua;XU Xiao-Dong;LIU Yan(College of Science,Hangzhou Normal University,Hangzhou 310036,China;Hangzbou Key Laboratory of Cryptography and Network Security,Hangzhou 310036,China;Westone Cryptologic Research Center,Beijing 100070,China)

机构地区：[1]杭州师范大学理学院,杭州310036 [2]杭州市密码与网络安全重点实验室,杭州310036 [3]卫士通摩石实验室,北京100070

出　　处：《密码学报》2018年第4期344-358,共15页Journal of Cryptologic Research

基　　金：国家重点研发计划(2017YFB0802000);国家自然科学基金(U1705264;61472114);浙江省自然科学基金(LQY18G030001)~~

摘　　要：已有的基于证书条件代理重加密(certificate-based conditional proxy re-encryption,CBCPRE)方案有效地保护了云中的数据,解决了复杂的证书管理的问题和密钥托管的问题,同时只有满足一定条件的密文才能被正确重加密.而在实际的网络环境中,用户间数据交流日益增加,数据共享也更加细粒度.为满足开放式云环境中更加细粒度的数据共享需求,本文在已有基于证书条件代理重加密方案基础上,提出了一个具有重加密控制功能的基于证书条件代理重加密方案.基于BDH问题的困难性假设,该方案在随机预言模型下被证明满足适应性选择密文攻击下的不可区分安全性,即满足选择密文安全性,且有性质:加密者可以决定一条密文能否被重加密.并在此方案基础上扩展,更进一步提出了一个细化重加密控制功能的基于证书条件代理重加密方案.本文所提方案均继承了基于证书条件代理重加密的优良特性,同时加密者可以决定密文能否被重加密,在保证数据安全性的基础上又实现了加密数据的细粒度共享,更适用于实际云环境中用户进行数据交流与共享.The existing certificate-based conditional proxy re-encryption（CB-CPRE） schemes have effective support for the data confidentiality in the cloud environment. They properly handled the heavy certificate management problem and the key escrow problem. Meanwhile, only the ciphertexts with some conditions can be re-encrypted correctly. However, in the actual network environment, more users need to exchange data. The data sharing is more fine-grained. To meet the requirement of more fine-grained data sharing in the open cloud environment, we propose a certificate-based conditional proxy re-encryption scheme with the property of re-encryption control based on the existing certificatebased conditional proxy re-encryption schemes. Under the hardness assumption of the BDH problem,the scheme is proved to be indistinguishable against adaptively chosen-ciphertext attack in the random oracle model. The scheme allows an encryptor to decide whether the ciphertext can be re-encrypted.At the same time, we extend the scheme and further propose a certificate-based conditional proxy re-encryption scheme which refines the property of re-encryption control. Both the proposed schemes have the advantages of certificate-based conditional proxy re-encryption. The encryptor can decide whether the ciphertext can be re-encrypted. In addition, the schemes provide data security. We can share the encrypted data more fine-grained. Therefore, the proposed schemes are more suitable for users to share data in the cloud environment.

关 键 词：条件代理重加密 重加密控制 随机预言模型 选择密文安全 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]