基于区块链的国密轻量级属性基访问控制方案  

作　　者：周权[1] 卫凯俊 陈民辉 郑玉龙 曾志康 ZHOU Quan;WEI Kai-Jun;CHEN Min-Hui;ZHENG Yu-Long;ZENG Zhi-Kang(School of Mathematics and Information Science,Guangzhou University,Guangzhou 510006,China;School of Computer Science and Network Engineering,Guangzhou University,Guangzhou 510006,China)

机构地区：[1]广州大学数学与信息科学学院,广州510006 [2]广州大学计算机科学与网络工程学院,广州510006

出　　处：《密码学报（中英文）》2024年第5期1126-1138,共13页Journal of Cryptologic Research

基　　金：国家重点研发计划(2021YFA1000600);国家自然科学基金(12171114);广州大学研究生创新能力培养项目(JCCX2024-012)。

摘　　要：移动设备产生大量与用户相关的隐私数据,如何实现数据的安全存储和细粒度访问控制十分重要.密文策略的属性基加密(CP-ABE)是目前流行的解决方案之一,但现有的国密CP-ABE访问控制方案较少且存在计算开销较大的双线性配对运算,不适用于资源受限的物联网设备.本文提出一种国密轻量级CP-ABE访问控制方案,将双线性配对运算替换为椭圆曲线中的标量乘法,通过外包解密有效减少用户端计算开销,利用区块链和星际文件系统(IPFS)存储加密后的密文保证不被篡改,避免单点故障.此外多个属性机构充当区块链节点分发属性密钥及维护区块链.安全性分析和实验分析结果表明所提方案高效且安全.Mobile devices generate a large amount of private data related to users,it is important to achieve secure data storage and fine-grained access control.Currently,ciphertext policy attributebased encryption(CP-ABE)is a popular solution.Nevertheless,the existing domestic cryptographic CP-ABE access control schemes are few in number and have bilinear pairing operations with high computational overheads,which are not suitable for resource-constrained IoT devices.Therefore,this study proposes a domestic cryptographic lightweight CP-ABE access control scheme,which replaces the bilinear pairing operation with scalar multiplication in elliptic curves,and reduces the computational overhead of the user side by outsourcing the decryption.Blockchain and interplanetary file system(IPFS)are used to store the encrypted ciphertexts to ensure that they cannot be tampered with and to avoid a single point of failure.In addition,multiple attribute authorities act as blockchain nodes to distribute attribute keys and maintain the blockchain.The results of security analysis and experimental analysis show that the proposed scheme is efficient and secure.

关 键 词：物联网 密文策略属性基加密 轻量级 区块链 访问控制 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]