基于格的细粒度访问控制内积函数加密方案  被引量：1

作　　者：侯金秋 彭长根[1,2] 谭伟杰 叶延婷[1] HOU Jin-Qiu;PENG Chang-Gen;TAN Wei-Jie;YE Yan-Ting(State Key Laboratory of Public Big Data,College of Computer Science and Technology,Guizhou University,Guiyang 550025;Guizhou Big Date Academy,Guizhou University,Guiyang 550025)

机构地区：[1]贵州大学计算机科学与技术学院公共大数据国家重点实验室,贵阳550025 [2]贵州大学贵州省大数据产业发展应用研究院,贵阳550025

出　　处：《计算机学报》2023年第6期1172-1183,共12页Chinese Journal of Computers

基　　金：国家自然科学基金项目(62272124);贵州省科技计划基金项目([2018]3001,[2018]2159,[2020]5017);贵州省研究生科研基金项目(YJSKYJJ[2021]028)资助。

摘　　要：函数加密作为一种多功能的新型公钥加密原语,因其能实现细粒度的密文计算,在云存储中有着广阔的应用前景,受到研究者们的广泛研究.因此,将数据的访问权限控制有机地融合到加解密算法中,实现“部分加解密可控、按需安全计算”是一个非常有意义的探索方向.但现有函数加密方案无法精细控制发送者权限且使用了较复杂的理论工具(如不可区分性混淆、多线性映射等),难以满足一些特定应用场合需求.面对量子攻击挑战,如何设计抗量子攻击的特殊、高效的函数加密方案成为一个研究热点.内积函数加密是函数加密的特殊形式,不仅能够实现更复杂的访问控制策略和策略隐藏,而且可以有效地控制数据的“部分访问”,提供更细粒度的查询,在满足数据机密性的同时提高隐私保护.针对更加灵活可控按需安全计算的难点,该文基于格上Learning with errors困难问题提出一种基于身份的细粒度访问控制内积函数加密方案.该方案首先将内积函数与通过原像抽样算法产生的向量相关联,生成函数私钥以此控制接收方的计算能力.其次,引入一个第三方(访问控制中心)充当访问控制功能实施者,通过剩余哈希引理及矩阵的秩检验密文的随机性,完成对密文的重随机化以实现控制发送者权限的目的.最后,接收者将转换后的密文通过内积函数私钥解密,仅计算得到关于原始消息的内积值.理论分析与实验评估表明,所提方案在性能上有明显优势,不仅可以抵御量子攻击,而且能够控制接收者的计算权限与发送者的发送权限,在保护用户数据机密性的同时,有效实现开放环境下数据可用不可见、数据可算不可识的细粒度权限可控密文计算的目标.Functional encryption is a brand-new multi-functional public key encryption primitive that has received a lot of attention from researchers since it can produce fine-grained ciphertext computation and has a wide range of potential applications in cloud storage.For this reason,it is a very meaningful exploration direction to organically integrate the access control of data into the encryption and decryption algorithm to achieve“partial encryption and decryption controllable,on-demand security computing”.However,the existing functional encryption schemes have the following problems:on the one hand,the existing functional encryption schemes cannot precisely control the sender’s permissions;on the other hand,the current functional encryption schemes usually use more complex theoretical tools(such as indistinguishable confusion,multilinear map,etc.),which is difficult to meet the requirements of some specific access control applications.Facing the challenge of quantum attack,how to design a special and efficient functional encryption scheme against quantum attackhas become one of research highlights in recent years.Besides,inner product functional encryption is the most special form of functional encryption that executes the computation for the inner product of vectors.More importantly,inner product functional encryption can not only realize more complex access control strategies and policy hiding,but also effectively control“partial access”of data,provide finer grained queries,and improve privacy protection while meeting data confidentiality.In light of the challenges posed by more adaptable and programmable on-demand security computing,this paper proposes an identity-based access control inner product functional encryption scheme based on the learning with errors problem on the lattice.First,the designed scheme associates the inner product function with the vector generated by the SamplePre algorithm,and generates the function private key to control the computing capacity of the receiver.Second,a third par

关 键 词：访问控制加密 内积函数加密 容错学习问题 格 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]