支持访问策略部分隐藏的CP-ABE方案  

作　　者：刘霞[1,2,3] 王馨族 张涛[1] 陈盈阁 王荣[1] 冯朝胜 秦志光 LIU Xia;WANG Xinzu;ZHANG Tao;CHEN Yingge;WANG Rong;FENG Chaosheng;QIN Zhiguang(Department of Computer Science,Sichuan Normal University,Chengdu 610101,China;College of Digital Art and Design,Chengdu Neusoft University,Chengdu 611844,China;Network and Data Security Key Laboratory of Sichuan Province,University of Electronic Science and Technology of China,Chengdu 610054,China)

机构地区：[1]四川师范大学计算机科学学院,四川成都610101 [2]成都东软学院数字艺术与设计学院,四川成都611844 [3]电子科技大学网络与数据安全四川省重点实验室,四川成都610054

出　　处：《通信学报》2024年第10期180-190,共11页Journal on Communications

基　　金：国家自然科学基金资助项目(No.61373163);四川省自然科学基金资助项目(No.2022NSFSC0552,No.2023NSFSC1397)。

摘　　要：针对现有支持外包解密的基于密文策略的属性加密(CP-ABE)方案大多未考虑对密文访问策略的隐私保护,而部分支持策略隐藏的方案又存在访问策略匹配效率低的问题,提出一种支持访问策略隐藏且访问策略匹配效率较高的CP-ABE方案。该方案对属性值进行盲化处理并构造隐藏策略访问树,实现了访问策略的隐私保护;采用布隆过滤器对属性进行过滤与成员认证,从而快速找到满足访问策略的最小属性集,减少解密测试中的大量无效计算;利用强算力的云服务器进行外包计算,减少本地的解密开销。理论分析和实验结果分析均表明,所提方案可兼顾计算效率与策略隐私保护,访问策略匹配效率和加解密速度显著提升,本地解密时间被减少至常数级。安全性分析表明,所提方案不仅保护了外包访问策略的隐私性,还能抵御选择明文攻击。Most of the existing ciphertext-policy attribute-based encryption(CP-ABE)schemes that support outsourced decryption do not consider the privacy protection of the ciphertext access policy,while some schemes that support policy hidden have the problem of low access policy matching efficiency.Therefore,a CP-ABE scheme was proposed that supported access policy hidden and had high efficiency in access policy matching.In this scheme,the attribute values were blinded and a policy hidden access tree was constructed to realize the privacy protection of the access policy.Bloom filter was used to filter attributes and authenticate members,so as to quickly find the minimum set of attributes that meet the access policy and reduce a large number of invalid calculations in the decryption test.Finally,cloud servers with strong computing power for outsourced computing were used to reduce local decryption costs.Theoretical analysis and experimental results show that the proposed scheme can take into account both computational efficiency and policy privacy protection,significantly improving access policy matching efficiency,encryption and decryption speed,and local decryption time is reduced to a constant level.Security analysis demonstrates that the proposed scheme not only protects the privacy of outsourced access policies but also can resist chosen plaintext attacks.

关 键 词：基于密文策略的属性加密 隐藏策略访问树 外包解密 布隆过滤器 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]