支持策略与属性全隐藏的CP-ABE方案  

作　　者：姜露寒 田有亮[1,2,3,4] 向阿新 JIANG Luhan;TIAN Youliang;XIANG Axin(State Key Laboratory of Public Big Data,Guizhou University,Guiyang 550025,China;College of Computer Science and Technology,Guizhou University,Guiyang 550025,China;Institute of Cryptography&Data Security,Guizhou University,Guiyang 550025,China;Guizhou Provincial Key Laboratory of Cryptography and Blockchain Technology,Guiyang 550025,China)

机构地区：[1]贵州大学公共大数据国家重点实验室,贵阳550025 [2]贵州大学计算机科学与技术学院,贵阳550025 [3]贵州大学密码学与数据安全研究所,贵阳550025 [4]贵州省密码学与区块链技术特色重点实验室,贵阳550025

出　　处：《计算机科学》2024年第12期317-325,共9页Computer Science

基　　金：国家重点研发计划(2021YFB3101100);国家自然科学基金(62272123,62262058);贵州省高层次创新型人才项目(黔科合平台人才[2020]6008);贵阳市科技计划项目(筑科合[2021]1-5,[2022]2-4);贵州省科技计划项目(黔科合平台人才[2020]5017,黔科合支撑[2022]一般065)。

摘　　要：已有的支持策略或属性隐藏的CP-ABE方案可实现隐私保护的细粒度访问控制,但大部分方案仅实现了关于属性值的部分策略隐藏,且忽略了密钥生成过程的用户属性隐藏问题,仍易造成用户隐私信息泄露。针对上述问题,文中提出了一种完全隐藏访问策略和用户属性的CP-ABE方案,用于数据访问控制和密钥生成过程中的用户隐私信息保护。首先,提出了属性莫顿过滤器(Attribute Morton Filter,AMF),加密阶段将访问策略完全隐藏于AMF中,解密阶段用户可高效查询并精准判断用户属性在策略中的位置;其次,提出了一种基于zk-SNARKs的密钥生成方法,有效隐藏了密钥生成过程中的用户属性;最后,安全性证明及性能分析表明,所提方案在不影响效率的同时具有选择明文攻击下的不可区分性。The existing ciphertext-policy attribute-based encryption schemes that support policy or attribute hiding can achieve fine-grained access control for privacy protection,but most of them only realize partial policy hiding of attribute values,and ignore the problem of hiding user attributes during key generation,which is still prone to user privacy information leakage.To address the above problems,a CP-ABE scheme that fully hides access policy and user attributes for data access control and user privacy information protection during key generation is proposed.Firstly,the attribute Morton filter(AMF)is proposed,in which the access policy is fully hidden in the AMF during the encryption phase,and the user can efficiently query and accurately determine the position of attributes in the policy during the decrypt phase.Secondly,a zk-SNARKs-based key generation method is developed to effectively conceal the user attributes throughout the key generation process.Finally,security and performance analysis are conducted to evaluate the proposed scheme,demonstrating its indistinguishability under chosen-plaintext attack security without compromising efficiency.

关 键 词：属性基加密 访问策略 用户属性 完全隐藏 属性莫顿过滤器 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]