摘要: 密文策略属性基加密机制大多采用单授权机构,单授权中心管理和分发所有用户的属性密钥,易造成系统瓶颈,且系统要求单授权中心完全可信,因此难以满足分布式应用的安全需求。为此,提出一种多属性机构的密文策略属性基加密方案,其中授权机构只能为其权限内的属性分发相应密钥,相互间不能通信。采用一个中央机构为用户生成随机公钥,通过植入随机化参数抵抗合谋攻击。理论分析结果表明,该方案保留了CP-ABE机制中访问控制的易表达性,且降低了单授权中心的负担和安全风险。
关键词:
密文策略,
属性基加密,
中央机构,
多属性机构,
双线性对,
秘密共享
Abstract: Ciphertext policy Attribute-based Encryption(ABE) mechanisms mostly use a single authority responsible for managing and distributing the keys of all users, which easily causes system bottlenecks, and the system requirements for a single authorization to be fully credible, which is difficult to meet the security needs of distributed applications. This paper proposes a multi-agency ciphertext policy ABE scheme. The authority can only issue the attribute keys that in his purview for users, and can not communicate with each other. And the program uses a central authority for the user to generate a random public key. Parameter randomization helps attribute authorities to calculate the key that solves the collusion attack. Theory analysis proves that the scheme not only can retain the easy expressive of access control features of CP-ABE, but also can reduce a single center’s burdens and risks.
Key words:
ciphertext policy,
Attribute-based Encryption(ABE),
central authority,
multi-attribute authority,
bilinear pairings,
secret sharing
中图分类号:
马丹丹, 陈勤, 党正芹, 张金漫. 基于多属性机构的密文策略加密机制[J]. 计算机工程, 2012, 38(10): 114-116.
MA Dan-Dan, CHEN Qi, DANG Zheng-Qin, ZHANG Jin-Man. Ciphertext Policy Encryption Mechanism Based on Multi-attribute Authority[J]. Computer Engineering, 2012, 38(10): 114-116.