摘要： 在密文策略属性基加密（CP-ABE）中，数据加密和解密所需时间与访问结构的复杂性相关，在移动设备中实施CP-ABE会使设备面临较大的计算压力。为此，提出一种隐藏策略的可验证外包解密在线/离线密文策略属性基加密访问控制方案。考虑到加密阶段较大的计算量，通过在线/离线加密方法，使数据拥有者在未确定明文和访问结构的情况下，运用高性能服务器提前完成大量的计算操作，确定明文和属性后在其移动设备上通过较少的计算量完成整个加密过程，从而减轻移动设备在加密阶段的计算负担，同时使用代理服务器对数据进行解密，并引入短签名方法对解密的数据进行正确性验证。分析结果表明，该方案能够减轻移动设备的计算负担，并验证了代理服务器解密数据的正确性。

关键词: 密文策略属性基加密, 在线/离线加密, 外包解密, 隐藏策略, 移动设备

Abstract: In Ciphertext-Policy Attribute-Based Encryption(CP-ABE),the time required for data encryption and decryption is related to the complexity of the access structure,so implementing CP-ABE in mobile devices makes the device under greater computational pressure.Therefore,this paper proposes a verifiable outsourced decryption Online/Offline Ciphertext-Policy Attribute-Based Encryption(OO-CP-ABE) access control scheme with hidden policy.Considering the large amount of computation in the encryption phase,through the online/offline encryption method,the data owner uses a high-performance server to complete a large number of computational operations ahead of time without determining the plaintext and access structure.After determining the plaintext and attributes,the entire encryption process is completed with less computation on its mobile device,thereby reducing the computational burden of the mobile device during the encryption phase.At the same time,the scheme uses a proxy server to decrypt the data and introduces a short signature method to verify the correctness of the decrypted data.Analysis results show that the scheme reduces the computational burden of the mobile device and verifies the correctness of data decrypted by the proxy server.

Key words: Ciphertext-Policy Attribute-Based Encryption(CP-ABE), online/offline encryption, outsourced decryption, hiding policy, mobile device

中图分类号: 

• TP309