Research On Attribute Encryption Scheme Based On Ciphertext Strategy

With the rapid development of computing,more and more people dispose and share data files in the cloud.However,it also bring some security issues of outsourcing stored data files.Since the traditional"one-to-one" communication model cannot meet the people's requirements,the distributed network urgently needs an "one-to-many"communication mode.Attribute-based encryption(ABE)is a public key encryption mechanism,which is developed on the basis of fuzzy identity encryption.ABE also is an important cryptographic module in designing the access control system.It has several features.One is that the user's identity is represented by attributes and another is that the access structure is very flexible.Therefore,ABE is suitable for uncertain receiver in a distributed network.Recently,the researches of ABE scheme mainly concentrate on the following areas:the algorithm design of efficient ABE,attribute revocation,multi-authority agency,access policy hidden,etc.These related researches promote ABE's development.This paper mainly researches the problem of user revocation and multi-authority mechanism of ABE.The main research contents and results are given as follows:(1)Research on the user revocationin ABE.Based on the CP-ABE algorithm,an ABE scheme supported dynamical user revocation is proposed.Ciphertext is encrypted by the partial key kand a secret value s which is hidden on the access structure,the users whose attributes satisfy the access structurecan reconstruct s and decrypt the ciphertext because the users can eliminatetheblind factor k.After the revocation of a registered legal user happened,the cloud storage provider updates the original symmetric key k to k' as well as the partial ciphertext,which can prevent those revoked users decrypting the data and guarantee the security the shared data.The unrevoked users only need to update the partial private key and they can normally decrypt the updated ciphertext.The whole scheme requires lower computation,updating storage and communication cost.The security of the scheme is built on the hardness assumption of Decisional Bilinear Diffie-Hellman(DBDH)problem.(2)Research on the multi-authority of the CP-ABE scheme.Combined with the ideas of existing multi-authority schemes,a multi-authority scheme is proposed,where the different authorities manage different attributes and distribute the attributes key to the users,which greatly decreases the single authority's workload and improves the protection of user privacy data.AND,OR and Threshold are realized by using the access tree,and the user's ID is set in the access tree to achieve revocation.When the revocation occurs,the whole system only needs to update parts of the ciphertext without updating the attribute key.It reduces the computational overhead.Finally,the proposed scheme is proved secure under the chosen identity attribute attack and chosen plaintext attack in the standard model.