Attribute-based Lattice Cryptography And Its Application In Security Access Control Of Information

In the application of cloud computing technology,because the third-party server is not completely trusted in cloud environment,the events of data loss and privacy leakage occur frequently.The security of cloud data is becoming more and more serious,which will restrict the practical process of cloud technology.Information access control is an important means of cloud data security access.However,traditional encryption technology can only realize the secure storage of cloud data,it can not properly support fine-grained control over user access.Attribute-based encryption(ABE)is a public key encryption primitive that supports flexible policy control.It could effectively solve the problem of access control in information system by identifying user identity characteristics with a series of attribute sets.ABE is an ideal access control model in cloud environment.Lattice-based cryptography is a mainly post-quantum secure public-key encryption method,and its security is based on the worst-case lattice difficulty problem.It can resist quantum computing attacks,and has excellent characteristics in security,computational efficiency and other aspects.In this paper,we study security access control in cloud information system.It combines the security advantages of anti-quantum attack of lattice-based cryptography and the fine-grained access control capability of ABE.A new ABE scheme from lattices is constructed,which can resist quantum attack and improve the efficiency of cryptographic system.We constructed the multi-authority ABE,searchable ABE,attribute-based signature(ABS)from lattices,and studied the problem of security access control in the cloud information system from different perspectives.This study will provide more complete security control and privacy protection in cloud information system.The main research results of this paper are as follows:1.A multi-authority attribute-based encryption(MA-ABE)scheme from lattices is proposed.It can support the management of multi-authorization centers,avoid the lack of centralized management of single-authorization centers,and improve the security of ABE programs.The KP-ABE scheme from lattices is constructed on the theory of LSSS,and the parameter setting is discussed in detail.The IND-sCPA security of the scheme is proved under the LWE assumption.Because the new scheme manages and distributes user private keys through a multi-authorization center,it is more practical than the existing ABE scheme,especially suitable for decentralized management of different network nodes.2.A keyword-searchable ABE scheme from lattices is prosed,which combines the advantages of attribute-based encryption(ABE)and public-key encryption with keyword search(PEKS).In the new scheme,by setting the access control policy,it is used to control search and decryption privileges for specific users.Only users who satisfy the access policy could search and decrypt ciphertext,so it has stronger user identity privacy.Under the LWE assumption,the ABE security of IND-sCPA and the PEKS security of IND-CKA in the scheme are proved respectively.Furthermore,a complete application scenario of the new scheme is presented in the cloud storage environment.It includes the whole process of data encryption,storage,search and decryption.The new scheme can be applied to the multi-user shared environment in cloud environment,such as telemedicine network,vehicle network and other network application services.3.An attribute-based signature(ABS)scheme from lattices is proposed.ABS is an extension and development of digital signature cryptography.In the ABS system,the signer signs the message using the private-key generated by the attribute-authorization center.The verifier can confirm whether the message is generated by the signer whose property satisfies the signature policy.ABS scheme has stronger user anonymity.The new scheme uses G-trapdoor technology to generate the short signature on lattices.And the signature private-key and public-key of scheme are generated on the attribute set associated with the user identity.It can realize the key distribution management for different user identity,and can solve the problem of user collusion attack in common ABS scheme.Finally,the correctness and unfalsifiability of the new scheme are proved under the assumption of the difficulty of small integer solutions(SIS).4.An example of blockchain is given on the above scheme,which is applied to the personal health record(PHR).According to the features of PHR blockchain,a shared storage scheme of PHR is designed by attribute-based encryption mechanism as access control model.The new scheme can ensure that PHR data cannot be tampered with and cannot forged.At the same time,it can effectively realize the sharing security of large-scale distributed PHR data by combining on/off chain storage.Due to the anti-quantum attack capability of lattice-based cryptography,the application of lattice-based ABS algorithm in the blockchain can realize the authentication security in the future quantum computing environment.