| Along with the deepening of cloud computing technology in various industries,in order to save local data management costs and management overheads,massive data is uploaded to cloud servers,making it easier for users to access and share information.However,the traditional one-to-one communication model is no longer suitable for cloud environments.Therefore,people hope to propose more flexible access policies to transfer and utilize information.Thence,an attribute-based encryption scheme that can support one-to-many communications is proposed.Attribute-based encryption is a cutting-edge password protection method,which is often used for security protection in cloud computing and other fields.Its advantage lies in achieving fine-grained control over access control and data sharing.However,unauthorized centers and unauthorized users use keys arbitrarily in real life.How to restrict illegal centers and unauthorized users from obtaining the right to use resources is particularly important.The main research contents of this thesis include:1)A new lattice-based KP-ABE scheme is proposed.Based on the understanding and analysis of the existing related attribute-based encryption schemes,a new lattice-based KP-ABE implementation scheme is given.This improved scheme no longer randomly selects the matrixes used for key generation based on user attributes during the initialization algorithm.Instead,Shamir threshold secret sharing scheme is used in this scheme,and one part of the public parameter is divided into different shares,each share corresponding to different attributes.Then,the secret sharing is mapped into a matrix to generate a secret key using encoding with full-rank differences function(FRD)in the key generation process.The amounts of public keys,which are generated by system during the initialization process are reduced by this operating.Not only can it effectively reduce system storage and resist collusion attacks,but also the calculation overhead caused by the change of the number of attributes is reduced.In the key generation stage,according to the preset access structure,matrix multiplication and concatenation are performed to generate the user's private key when the attributes meet the conditions,instead of multiplying all random matrices at once,which improves the system operation efficiency.2)A traceable and multi-Authority KP-ABE scheme is proposed.Firstly,the central authority(CA)is introduced and Shamir's threshold secret sharing scheme is used twice to extend the single-attribute organization to the multi-attribute organization in the above scheme.The first time use is that one part of the public parameter is divided into different shares by central authority according to the number of attribute agencies.One of the shares is assigned to each attribute authority and is served as their own public parameter.The second time use of the threshold secret sharing scheme is that the sharing of each attribute authority is also divided into different shares according to the number of attributes.Subsequently,these shares are used to generate private keys.This can not only reduce the burden on attribute agencies,but also prevent the generation of malicious attribute authorities.Secondly,the identity verification information of the relevant user is generated as part of the user's secret key by introducing the user identification and the lattices-based signature algorithm in the key generation phase.Once a malicious user is found to leak the secret key,the malicious user will be traced through verification information to ensure the security of the system.After the analysis and comparison with other schemes,the improved scheme has a greater advantage compared to the comparison schemes,but it also leads to the increase of the size of system public parameter and user's private key. |
PDF Full Text Request