| In recent years,with the continuous development of information technology,people’s daily life gradually tends to digitalization.Information interconnection brings many benefits to people,but also brings many security risks.More and more illegal users make profits by stealing users’private information on the Internet,so it is imperative to protect information security.Since the emergence of the public key cryptosystem,the system has been playing an important role in the field of cryptography.However,with the continuous progress of science and technology,information has become more and more complex and diverse.People have higher and higher requirements for the flexibility of the encryption system.The point-to-point public key encryption system has been unable to meet the needs of access control,and the attribute based encryption system came into being.Traditional attribute based encryption is based on bilinear mapping,which can not effectively resist the attack of adversaries in the post quantum era,and the cost of storage and computation is also large.So this paper proposes a cipher policy attribute based encryption scheme based on learning with errors,and on this basis,drawing on the design idea of revocation scheme proposed by Naor[27],etc.,a CP-ABE scheme supporting single revocation is constructed first,and then another CP-ABE scheme supporting multiple revocation is proposed by improving the shortcomings of the scheme.Finally,it is proved that both schemes are selective chosen plaintext attack,The specific work of this paper includes:(1)Firstly,a CP-ABE scheme based on LWE is designed,which can be revoked in a single time.The scheme supports a flexible threshold access structure,and the encryptor can modify the threshold parameters at any time as required.At the same time,because the scheme adopts the improved single key revocation scheme,it only needs to run the revocation and maintenance phase repeatedly t times after one initialization,then it can revoke up to t users,and the utilization ratio of the scheme is significantly improved compared with the original single revocation scheme.In addition,this scheme combines the two phases of immediate revocation and non peak use period maintenance of the system,which is the best scheme for the system that needs to prepare for the worst case and can revoke a relatively small number of users,but if the number of users is large,a single revocation requires the distribution of additional keys for users,which will make the efficiency of the scheme very low and the load of the server will be heavy.(2)In order to improve the efficiency of the scheme,this paper redesigns a cp-abe scheme based on LWE,which can revoke multiple users without distributing additional keys.In this scheme,the user’s key is revoked by revoking the user’s attribute.Secondly,due to the separation of the form of the user’s attribute private key and the revoked key,the scheme can be revoked almost indefinitely once the user’s attribute private key is generated.On the one hand,the scheme supports the access tree structure with flexible threshold,which makes the access control of the original attribute encryption mechanism more diversified and enriches the access structure of the single revocation scheme in Chapter 3.On the other hand,the scheme can revoke up to t users in one round of encryption and decryption without the maintenance phase,which greatly improves the encryption and decryption efficiency of the scheme. |
