基于身份的跨域分层访问控制加密方案  

作　　者：张应辉[1,2] 李冬娟 曹进 郑东[1,2] ZHANG Ying-Hui;LI Dong-Juan;CAO Jin;ZHENG Dong(School of Cyberspace Security,Xi’an University of Posts and Telecommunications,Xi’an 710121,China;National Engineering Research Center for Secured Wireless,Xi’an University of Posts and Telecommunications,Xi’an 710121,China;School of Cyber Engineering,Xidian University,Xi’an 710071,China)

机构地区：[1]西安邮电大学网络空间安全学院,西安710121 [2]西安邮电大学无线网络安全技术国家工程研究中心,西安710121 [3]西安电子科技大学网络与信息安全学院,西安710071

出　　处：《密码学报（中英文）》2024年第5期1062-1077,共16页Journal of Cryptologic Research

基　　金：国家自然科学基金(62072369,62072371);陕西高校青年创新团队(23JP160);陕西省特支计划青年拔尖人才支持计划;陕西省重点研发计划(2021ZDLGY06-02,2020ZDLGY08-04);陕西省技术创新引导计划(2023-YD-CGZH-31)。

摘　　要：访问控制加密强制执行读写权限,它通过一个既不知道明文、发送者和接收者,也不知道访问控制策略的净化器,阻断所有不被允许的阈下信道.针对访问控制加密中密钥生成中心所面临的繁重的密钥管理负担,本文提出了基于身份的跨域分层访问控制加密方案.首先,在基于身份的分层广播加密方案的基础上提出了与聚合器兼容的净化的基于身份的分层广播加密方案,进一步结合结构保持签名、非交互式零知识证明和聚合器提出了一个跨域分层访问控制加密的通用构造.然后证明了通用构造的安全性,即满足无读和无写规则.此外,对通用构造进行了实例化,实现了半静态安全并且密文大小是恒定的.最后对实例化方案进行了性能分析,结果表明本方案在保证效率的同时实现了更加丰富的功能.Access control encryption enforces read and write permissions,and it blocks all subliminal channels that are not allowed through a sanitizer that knows neither the plaintext,senders,receivers,nor the access control policy.In view of the heavy burden of key management for the key generation center in access control encryption,this paper proposes a cross-domain hierarchical identity-based access control encryption scheme.Firstly,based on the hierarchical identity-based broadcast encryption scheme,a sanitizable hierarchical identity-based broadcast encryption scheme compatible with the aggregator is proposed.Furthermore,a general construction of cross-domain hierarchical access control encryption is proposed by combining the structure preserving signatures,non-interactive zeroknowledge proof and aggregator.Then a security proof of the general construction is presented,i.e.,the no-read and no-write rules are satisfied.In addition,the general construction is instantiated to achieve semi-static security and constant ciphertext size.Finally,the performance of the instantiation scheme is analyzed.The results show that the scheme achieves many functions while ensuring efficiency.

关 键 词：访问控制加密 基于身份的分层广播加密 非交互式零知识证明 结构保持签名 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]