Privacy-Preserving Multi-Authority Attribute-Based Encryption For Cloud Storage

Cloud computing technology provides services for enterprises and individuals to store and control data remotely.In this way,users can access and share data freely on the cloud platform.But sometimes the data owner does not want to make the data containing the private information public to everyone,and hopes that the specific users have the access right.Hence the data must be encrypted before they are uploaded to cloud.In the distributed system,multi-authority attribute-based encryption is an effective solution to protect the confidentiality of data.However,distributing the attribute set to multiple authorities for management will increase the risk of user collusion.Since the private key of the user is only associated with the attributes,where the attribute universe in the system is shared by all data users,it is not unique.Therefore,some malicious users can illegally access the data through the combined attribute-related key.Binding the private key to the global identifier(GID)can enhance the collusion resistance of the scheme.Before decryption,the user needs to submit his GID and attributes to authorities to obtain the secret key,which will expose the user's privacy.In addition,the access policy contains the attributes of the legitimate receiver,and anyone can obtain the information of the receiver based on the public access policy.In recent years,with the increase of data leakage events,people's awareness of the protection of personal information has gradually increased.Thus,it is a hot topic to construct schemes with privacy-preserving.This thesis takes the protection of users' privacy as the research goal,and designs the attribute-based encryption schemes with multiple authorities.The main contributions are as follows:1.A distributed attribute-based encryption scheme with user collusion resistance and enhanced privacy is proposed.Under the premise of data confidentiality,this solution helps data users to prove their legal identity to the attribute authorities with zero knowledge by using an anonymous key extract protocol,and enables the authorities to issue correct keys for users without knowing their GID and attribute information,thus protecting the users' privacy.2.A decentralized attribute-based encryption scheme that supports outsourced decryption is constructed to hide the user's GID and the access policy.In addition to GID,the disclosure of attributes in access policy will also threaten the privacy of the user.This scheme adopts the access structure of AND-gate with multi-valued attribute,and realizes receiver anonymity by hiding attribute values in the policy.Security proof and performance analysis verify the effectiveness and security of this scheme.3.A tree-based multi-authority attribute-based encryption scheme with privacy-preserving is proposed.We review the Qian et al.'s scheme,and find that this scheme has decryption defect through in-depth analysis.Then an improvement scheme is proposed,which ensures that legitimate users can successfully decrypt the scheme while protecting users' privacy.