格上可撤销的基于身份的条件代理重加密方案  

作　　者：王明强[1,5] 王伟嘉[4,5] 王洋 张雍杰 WANG Ming-Qiang;WANG Wei-Jia;WANG Yang;ZHANG Yong-Jie(School of Mathematics,Shandong University,Jinan 250100,China;National Key Laboratory of Security Communication,Chengdu 610041,China;State Key Laboratory of Cryptology,Beijing 100878,China;School of Cyber Science and Technology,Shandong University,Qingdao 266237,China;Key Laboratory of Cryptologic and Information Security,Ministry of Education,Shandong University,Jinan 250100,China)

机构地区：[1]山东大学数学学院,济南250100 [2]保密通信全国重点实验室,成都610041 [3]密码科学技术全国重点实验室,北京100878 [4]山东大学网络空间安全学院,青岛266237 [5]密码技术与信息安全教育部重点实验室(山东大学),济南250100

出　　处：《密码学报(中英文)》2024年第6期1256-1277,共22页Journal of Cryptologic Research

基　　金：国家重点研发计划(2021YFA1000600);山东省重点研发计划(2022CXGC020101);保密通信全国重点实验室稳定支持计划项目(2024,WD202402);密码科学技术全国重点实验室开放课题(MMKFKT202207);山东省青年基金(ZR2022QF039)。

摘　　要：(基于属性的)条件代理重加密方案(AB-CPRE)可以使一个委托人通过不同的控制策略向其他人授权解密权限,这为加密数据外包存储的细粒度访问权限控制问题提供了一个很好的解决方案.最近,Liang等人在ESORICS 2021上给出了第一个格上基于属性的条件代理重加密方案,该方案在选择属性的条件下可以抵抗任意多项式时间敌手的选择明文攻击.但普通的AB-CPRE方案可能面临密钥管理繁琐等问题.本文给出了可撤销的、基于身份的单跳条件代理重加密方案(RIB-AB-CPRE)的定义、安全模型并给出了具体构造.所构造的可撤销的、基于身份的单跳条件代理重加密方案是基于(密钥策略)属性的,即采用密钥策略来进行访问权限的细粒度控制.在选择身份、系统时刻和属性的条件下,基于LWE假设可以证明所提方案抵抗任意多项式时间敌手的选择明文攻击.同时,方案也抵抗解密密钥泄露攻击.(Attribute-based)conditional proxy re-encryption schemes(AB-CPREs)enable a delega-tor to delegate his decryption rights via different policies,and offer an efficient solution for enforcing fine-grained access control on outsourced encrypted data.Recently,Liang et al.proposed the first lattice-based AB-CPREs with selective attribute security against chosen-plaintext attacks(CPA)at ESORICS 2021.Nevertheless,AB-CPREs may suffer some problems such as complicated key manage-ment.In this paper,definitions,security models and concrete constructions of revocable identity-based conditional proxy re-encryption schemes are given.The proposed revocable identity-based conditional proxy re-encryption schemes are key-policy attributed-based in the sense that key policy is used to enforce fine grained access control.It is shown that the proposed scheme is selective identity,selective time period,and selective attribute secure against chosen plaintext attacks under the assumption that corresponding LWE problems are hard.At the same time,the proposed scheme is also secure against the decryption key exposure attack.

关 键 词：条件代理重加密体制 可撤销的基于身份的加密体制 格密码 LWE问题 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]