| With the development of the Internet and the increasing secure requirements of system, public key encryption system with coarse-grained access control capability and low efficiency, is more unsuitable for users'needs of selectively sharing ciphertext. To this end, Sahai and Waters proposed the concept of attribute-based encryption. Attribute-based encryption (ABE) can be seen as expansion and extension version of identity-based encryption (IBE). ABE generalizes the concept of uniquely identifies the identity in IBE to an attribute set, namely: the user's identity can be expressed through the attribute set which with one or more attributes. The inprovement of the process from IBE to ABE is not only that the expression of user's identity can be extended to more than one identifier, but also that the access structure can easily embed into the attribute set and applied in requirement for fine-grained access control such as:cipher policy and key policy to restrict users to access and decrypt. In recent years, ABE become a research hotspot of cryptography, the researchers was carried out extensive research. However, there are still many issues to be resolved, for example:simultaneous encryption of multiple messages, the user key authentication, optimal method for multi-center environment and the protection for the signer's identity in the signature et al. This paper studies the ABE systems based on the existence of these problems, achieves the following results:1. In the ABE system of Sahai and Waters, since there are only one master public key and master private key, and access structure is a simple threshold structure, which leads to a problem that ABE system can encrypt only one message at the same time. However, in practice, the situation may likely happen that some messages need to be encrypted at the same time. Under this situation, in ordinary ABE systems, the encryption algorithm would have to be repeatedly employed, and the decryption algorithm also has to be repeatedly run correspondingly. So the efficiency is low and they take a lot of resource in computation and communication. Thus to solve the problems, in this paper we introduce a multi-secret sharing mechanism into the ABE system and propose a dynamic multi-attribute based encryption scheme. Our scheme has the capability to encrypt multiple messages at the same time and the number of messages can be change with the actual situation. Moreover, according to the size of the different universe of attributes, we design two schemes and we also prove the security of these two schemes in standard secure model.2. In ABE system, the users'private keys are generated in a trusted center and distributed to users. Since the lack of the mechanism for the verification of keys. the users can not verify the correctness of keys when they receive private keys. When the center is corrupted, it generates and distributes the wrong key, or right key with some error is transferred if some transmission problems happens, since there is no method for the users to verify the error in the key in time, they can not get the correct results. To solve problem above, in this paper we introduce the mechanism of cheater identifiable in secret sharing sheme to ABE system, and propose a novel verifiable attribute-based encryption scheme. In our system, private keys and their verification informations are generated and distributed to users at the same time. Users can verify the correctness of their private keys by the verification informations after they receive the keys. Without building tree-access structure, our scheme is more efficient than current verifiable ABE scheme. In addition, two schemes are proposed in this paper, which are suitable for large-scale or small-scale universe of attributes respectively, and we prove the security for these two schemes in standard secure model.3. Cipher policy attribute-sets based encryption scheme (CP-ASBE) is generated on the basis of ciphertext policy attribute based encryption (CP-ABE), through the introduction of the concept of attributes subset. Since users' attributes set can be built into a recursive structure in the system of CP-ASBE, by which the CP-ASBE system can surport more complex cipher policy than CP-ABE system, in particular deal with the operation of numerical kinds of attributes (such as:salary>2500, age>30, etc.), and the method of CP-ASBE has a high applicaton value. However the scheme of CP-ASBE can only be applied in the environment with a single authority and does not support complex environment with multi-authority. To solve problems above, according to concept and method of Chase's multi-authority ABE scheme, we improve the scheme of CP-ASBE and propose ciphert policy attribute-sets based encryption with multi-authority in this paper. In our scheme, on the one hand our method extends the application scope of CP-ASBE scheme from environment with a single authority to the environment with multi-authority; on the other hand it also allows multi-authority ABE can support the cipher policy. In addition, we also present the proof of security in standard secure model.4. In ABE system, in addition to encrypt the message, and sometimes also needs to signature for authentication. In some special situcation the message needs to be signed and encrypted; in this case, two ways can be chosen:one is the traditional way that first signature and encryption, and another one is the signature and encryption carried out at the same time (ie:signcryption). Usually the signcryption is with more efficiency than the former. We introduce the signcryption to ABE systems for the high application value of signcryption, and propose attribute-based ring signcrypiton scheme. Our scheme is not only with advantage of signcryption in the efficiency, but also enables the dccrypter to determine the reliability of the message and hides the specific identity of signer through the constructon of ring.(Namely: decrypter can only know the signer is a member of a user group, but not to determine exactly which one.) In addition, in the random oracle secure model, we prove the security and unforgeability of the scheme.
|
PDF Full Text Request