面向可变用户群体的可搜索属性基加密方案  被引量：2

作　　者：王经纬[1] 宁建廷 许胜民 殷新春[1,4] 陈海霞[2] WANG Jing-Wei;NING Jian-Ting;XU Sheng-Min;YIN Xin-Chun;CHEN Hai-Xia(School of Information Engineering,Yangzhou University,Yangzhou 225127,China;College of Computer and Cyber Security,Fujian Normal University,Fuzhou 350007,China;State Key Laboratory of Information Security(Institute of Information Engineering,Chinese Academy of Sciences),Beijing 100093,China;Guangling College of Yangzhou University,Yangzhou 225000,China)

机构地区：[1]扬州大学信息工程学院,江苏扬州225127 [2]福建师范大学计算机与网络空间安全学院,福建福州350007 [3]信息安全国家重点实验室(中国科学院信息工程研究所),北京100093 [4]扬州大学广陵学院,江苏扬州225000

出　　处：《软件学报》2023年第4期1907-1925,共19页Journal of Software

基　　金：国家自然科学基金(62102090,62032005,61972094,61902070);福建省科协第二届青年人才托举工程。

摘　　要：为解决属性基加密方案中用户撤销繁琐、密文更新计算开销大的问题,提出一种面向可变用户群体的可搜索属性基加密方案.利用二叉树管理撤销列表,当需要撤销用户时,可信中心只要将其加入撤销列表,并通知云服务器更新部分密文,提高了用户撤销的效率.考虑到利用二叉树实现用户撤销会导致系统中用户数量存在上限,当某个二叉树叶结点所代表的用户被撤销后,只要更新二叉树中设置的随机值,其他用户就可以重复使用该结点.基于配对计算为用户提供密文搜索功能,并保证被撤销的用户无法搜索密文.安全性分析表明,该方案在随机谕言模型下满足选择明文不可区分安全性.性能分析和实验数据表明,该方案相比于同类方案,计算开销更小.To improve the performance of user revocation and ciphertext update,a searchable attribute-based encryption scheme for dynamic user groups is proposed.A binary tree is applied to manage the revocation list.The user revocation will be achieved by adding revoked users to the revocation list and informing the cloud server to update the ciphertexts.To relieve the limitation of the number of system users,the nodes of the user binary tree will be re-used by new users if the random values in the nodes could be updated when user revocation occurs.Besides,a ciphertext search function,based on bilinear pairing,is provided and all revoked users are not allowed to perform the search algorithm.The security analysis proves that the proposed scheme is IND-CPA secure under the random oracle model.The performance analysis shows that the proposed scheme outperforms other existing solutions in terms of computational overhead.

关 键 词：用户撤销 访问控制 属性基加密 秘密共享 二叉树 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]