Research On Funcitonal Encryption And Its Application In The Cloud

Functional encryption (FE) enables user with a specific key to decrypt a restricted function of the data. Specifically, functional encryption includes attribute-based encryption, inner product encryption etc. Within the cloud computing environment, data owners could adopt it to encrypt the stored data for achieving access control and keeping data confidential.However, the problems of policy expression, key escrow and key update are inherent limitations of FE, which set back its rapid development and large-scale applications.In this dissertation, considering the actual application requirements in cloud, the variations of functional encryption schemes are introduced to solve these drawbacks based on different originals of cryptography. The main contributions are listed as follows:1. A circuit policy attribute-based encryption with verifiable delegation scheme is proposed. Aiming to reduce the computing cost, based on the scheme introduced by Garg et.al, an attribute-based encryption with verifiable delegation scheme is presented where users with limited computing power could delegate the mask of the decryption task to cloud servers. For functional of the scheme, since policy for general circuits enables to achieve the strongest form of access control, a construction for realizing circuit policy is considered. In such systems, combined with verifiable computation and Encrypt-then-MAC mechanism,the data confidentiality, the fine-grained access control and the correctness of the delegated computing results are well guaranteed at the same time. Besides, it is proved to satisfy the security under the k-multilinear decisional Diffie-Hellman assumption and the verifiability under the multilinear computational Diffie-Hellman assumption.2. A succinct multi-authority attribute-based encryption for circuits with authenticated outsourcing scheme is proposed.Multi-authority attribute-based encryption (MABE) alleviates management burden of a single authority. To circumvent efficiency drawbacks during the decryption, the notion of MABE with outsourcing, which introduces a gloable ID and embeddes extral parameters into the secret key, is applied. It enjoys succinct ciphertext and realizes the circuit policy. By adding two types of authenticated messages (a publicly verifiable authentication and a privately verifiable one), both the fine-grained data access and the validity of the outsourcing are well guaranteed. Furthermore,the security and authentication are intensively proved under the(k, n)-multilinear decisional Diffie-Hellman assumption and the computational Diffie-Hellman assumption, respectively.3. A multi-authority inner product encryption with key update scheme is proposed, which enables to hidden the policy. In order to reduce the cost of attribute management by a single authority and avoid the problem of key escrow, based on Guo et al.' s research, a construction of multi-authority inner product encryption with dynamic key update is considered, which enjoys succinct secret key. In the scheme, both the certral authority (CA)and the attribute authorities (AA) are responsible for users'secret key. It could alleviate the key escrow problem and avoid the interaction between CA and AA, which effectively reduces the cost of communication and computation. When the user key is updated, the current attribute key is calculated by the corresponding AA, and the corresponding cipher text is refreshed by the cloud server. Moreover, the proposed scheme achieve security under the bilinear decisional Diffie-Hellman assumption.