一个基于访问树支持用户撤销KP-ABE方案.pdfVIP

一个基于访问树的支持用户撤销的KP-ABE 方案 1,2 1,2 1,2 王鹏翩 , 冯登国 , 张立武 1( 中国科学院 软件研究所 信息安全国家重点实验室, 北京 100190) 2(信息安全共性技术国家工程中心, 北京 100190) A KP-ABE Scheme Supporting User Revocation Based on Access Tree Wang Pengpian 1,2, Feng Dengguo1,2, and Zhang Liwu 1,2 1(State Key Labora tory of Information Security, Institute of Software, The Chinese Academy of Sciences, Beijing 100 190, China) 2(National Engineering Research Center of Information Security , Beijing 100 190, China) Abstract : Attribute based encryption(ABE) provides a mechanism to control the access to the encrypted data, and the user revocation is the key point that ABE must consider and resolve in practice. This paper discusses the existing ABE schemes that realizing the user revocation, and then proposes a Key Policy Attribute-Based Encryption (KP-ABE) scheme that supports user revocation under the direct revocation model. By embedding the user revocation list into the ciphertext, the scheme could realize the user revocation without affecting the public key and any user’s private key, so the cost of the user revocation is small . Based on the access tree, the construction of our scheme is simpler than the construction proposed by Attrapadung which is based on linear Secret Sharing Schemes(LSSS). Its security can be reduced to the q-Bilinear Diffie-Hellman Exponent (q-BDHE) assumption under the standard model . Key words : Attribute Based Encryption; Key Policy; User Revocation; Direct Revocation Mode; Access Tree 摘 要: 基于属性的加密(Attribute Based Encryption, ABE)提供了对密文进行访问控制的机制,在实际应用 中,用户撤销是 ABE 所必须考虑和解决的问题.本文在分析已有 ABE 用户撤销方案的基础上,提出了一个基于 访问树实现的支持用户撤销的KP-ABE(Key Policy ABE)方案.该方案以直接撤销模式对用户进行撤销,通过在 密文中嵌入用户撤销信息,能够在不更新系统公钥和任何一个用户的私钥的情况下完成对用户的撤销,更新代 价较小.同时该方案基于访问树实现,与Attrapadung 等人基于LSSS(Linear Secret Sharing Schemes) 的支持用户 撤销的KP-ABE 方案相比,构造更为简单.该