基于区块链的多授权密文策略属性基等值测试加密方案  

作　　者：杨小东 陈艾佳 汪志松 廖泽帆 王彩芬 YANG Xiao-dong;CHEN Ai-jia;WANG Zhi-song;LIAO Ze-fan;WANG Cai-fen(College of Computer Science and Engineering,Northwest Normal University,Lanzhou,Gansu 730070,China;College of Big Data and Internet,Shenzhen Technology University,Shenzhen,Guangdong 518118,China)

机构地区：[1]西北师范大学计算机科学与工程学院,甘肃兰州730070 [2]深圳技术大学大数据与互联网学院,广东深圳518118

出　　处：《电子学报》2024年第3期898-908,共11页Acta Electronica Sinica

基　　金：国家自然科学基金(No.62172337)。

摘　　要：针对云环境下密文策略属性基加密方案中存在的密文检索分类困难与依赖可信第三方等问题,本文提出了一种基于区块链的多授权密文策略属性基等值测试加密方案.利用基于属性的等值测试技术,实现了支持属性级灵活授权的云端数据检索和分类机制,降低了数据用户对重复数据解密的计算开销.结合多授权属性基加密机制和区块链技术,实现了去中心化用户密钥生成.采用多属性授权机构联合分发密钥,有效抵抗用户和属性授权机构的合谋攻击.引入区块链和智能合约技术,消除了现有密文策略属性基密文等值测试方案中等值测试、数据存储与外包解密操作对可信云服务器的依赖.利用外包服务器执行部分解密计算,降低了用户本地的计算开销.将原始数据哈希和验证参数上传至区块链,保障外包服务器解密结果正确性和云端数据完整性.在随机预言模型下,基于判定性qparallel Bilinear Diffie-Hellman Exponent困难问题证明了本文方案在选择密文攻击下的单向性.与同类方案相比较,本文方案支持更多的安全属性,并具有较低的计算开销.Aiming at the problems of ciphertext retrieval classification difficulty and dependence on trusted third party in the ciphertext-policy attribute-based encryption schemes within cloud environment,a blockchain-based multi-authority ci⁃phertext-policy attribute-based encryption scheme with equality test is proposed.The attribute-based encryption with equali⁃ty test technology is used to retrieve and classify ciphertexts that supports attribute-level flexible authorization,which reduc⁃es the computational cost of data users to decrypt duplicate data.Combined with multi-authority attribute-based encryption and blockchain technology to achieve decentralized user key generation.Meanwhile,the key is jointly distributed by differ⁃ent authorized institutions can effectively resist collusive attacks by users and attribute authorization agencies.Blockchain and smart contract technology are introduced to eliminate the dependence of trusted cloud servers in the outsourcing decryp⁃tion,data storage and equivalence test operation in the existing ciphertext-policy attribute-based encryption with equality test⁃ing schemes.Outsourced server is used to perform part of the decryption computation,which reduces the user's local calcula⁃tion overhead.The original data hash and verification parameters are uploaded to the blockchain,which ensures the correct⁃ness of the outsourcing server's decryption results and the integrity of cloud data.Under the random oracle model,the oneway property of the proposed scheme under chosen-ciphertext attack is proved based on the decision q-parallel BDHE hard problem.Compared with similar schemes,the proposed scheme supports more security properties and has lower computa⁃tional overhead.

关 键 词：云存储 等值测试 区块链 密文策略属性基加密 多授权机构 完整性验证 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]