可支持公平验证的数据群组灵活协同共享方案  

作　　者：王树兰 甘竞宏[1,2] 赵陈斌 邹家须 赵国英 张应辉 WANG Shulan;GAN Jinghong;ZHAO Chenbin;ZOU Jiaxu;ZHAO Guoying;ZHANG Yinghui(School of Big Data and Internet,Shenzhen Technology University,Shenzhen 518118,China;School of Application and Technology,Shenzhen University,Shenzhen 518060,China;Key Laboratory of Aerospace Information Security and Trusted Computing,Ministry of Education,School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,China;School of Cyberspace Security,Xian University of Posts&Telecommunications,Xi’an 710121,China)

机构地区：[1]深圳技术大学大数据与互联网学院,广东深圳518118 [2]深圳大学应用技术学院,广东深圳518060 [3]空天信息安全与可信计算教育部重点实验室,武汉大学国家网络安全学院,湖北武汉430072 [4]西安邮电大学网络空间安全学院,陕西西安710121

出　　处：《网络与信息安全学报》2025年第1期40-53,共14页Chinese Journal of Network and Information Security

基　　金：国家自然科学基金(62072369,61702341);深圳技术大学深圳市高等院校稳定支持项目(SZWD2021012);陕西省技术创新引导计划(基金)(2023-YD-CGZH-31)。

摘　　要：随着云服务的快速发展,数据的共享和传播受到了广泛关注。基于属性的条件代理重加密(attribute-based conditional proxy re-encryption,AB-CPRE)能安全且高效地实现数据群组共享和传播而被广泛应用。然而,现有的AB-CPRE方案无法实现同一组内多个数据传播者协同将数据传播给新的用户组,仅支持单一数据传播者,灵活性差。此外,现有方案中用户生成验证值所需的计算开销随着密文中属性数增加而增加,导致云服务器和用户之间的公平验证效率低。针对上述不足,提出一种可支持公平验证的数据群组灵活协同共享方案。该方案构造了一种协同传播树结构,以实现同一组内多个数据传播者协同将数据传播给新用户组。此外,该方案设计了计算开销恒定的验证值生成机制,使用户仅需常数级计算开销即可生成验证值,从而高效实现云服务器和用户间的公平可验证。最后,形式化安全性证明和性能评估表明,所提方案是可证明安全和公平可验证的,并在验证值生成、重加密密钥生成和解密阶段比现有方案高效。With the rapid development of cloud services,data sharing and dissemination have received widespread attention.Attribute-based conditional proxy re-encryption(AB-CPRE)has been widely used as a secure and effi‐cient method to achieve group data sharing and dissemination.However,existing AB-CPRE schemes were unable to support multiple data disseminators within the same group to collaboratively disseminate data to new user groups,as only a single data disseminator was permitted,which limited flexibility.Additionally,in these schemes,the computa‐tion cost for users to generate proofs increased with the number of attributes in the ciphertext,resulting in low effi‐ciency in ensuring fairness and verifiability between the cloud server and the user.To address these shortcomings,a flexible and collaborative data group sharing scheme with fairness and verifiability was proposed.A collaborative dissemination tree was designed to enable multiple data disseminators within the same group to collaboratively dis‐seminate data to new user groups.Furthermore,the proposed scheme incorporated a constant-cost proof generation mechanism,allowing users to generate proofs with constant computation cost,thereby ensuring efficient fairness and verifiability between the cloud server and the user.Formal security proofs and performance evaluations demon‐strate that the proposed scheme is provably secure,fair,and verifiable.It is shown to offer greater efficiency in proof generation,re-encryption key generation,and decryption phases compared to existing schemes.

关 键 词：协同数据传播 基于属性的条件代理重加密 协同传播树 公平可验证 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]