An Outsourced Attribute-based Encryption Scheme Based On SM9 Encryption Algorithm

Cloud computing provides large-scale services that are distributed and virtualized,and has increasingly become a high-quality solution for enterprises and individuals when it comes to production and learning.However,the security threats in the cloud should not be underestimated.Access control is an indispensable security technology in cloud computing.How to balance the functionality and security in access control mechanism has become one of the hot topics in the cloud computing field.The Ciphertext-Policy Attribute-Based Encryption(CP-ABE)is a cryptographic primitive that supports fine-grained access control,multi-user efficient data sharing and privacy protection in the subject of access control.Nowadays,the academia has proposed a variety of attribute-based encryption schemes applied in cloud computing scenarios,but there is no complete release of attribute-based encryption schemes based on Chinese National Commercial Cryptographic Algorithm,which is of course an obstacle to the application of such algorithms in the cloud.In response to the above problems,this article focuses on the research of the attribute-based encryption scheme under framework of Chinese National Commercial Cryptographic Algorithm,and proposes an attribute-based encryption scheme based on the SM9 encryption algorithm that supports secure outsourcing computing.The scheme is able to meet several functional or security requirements,including fine-grained access control system,one-to-many broadcast encryption,prevention of service abuse,secure outsourcing calculations and outsource auditing.The main contributions of this paper are as follows:1)First,we give the basic architecture and details of the attribute-based encryption scheme based on the SM9 encryption algorithm.In the scheme,data owners can define the access structure,stipulating that "users with which attributes" can decrypt and access their data.2)Second,based on the scheme above,we design an outsourced-decryption ABE scheme named SM9-OABE,which greatly reduces the computing pressure on the user side when decrypting data.Further more,the cloud would not gain any private information during the outsource computing and its outsource result will be audited.The scheme also limits the times that a user request for the outsourced decryption services to prevent the service from being abused.We prove the SM9-OABE scheme to be secure under the IND-s Att-CPA model.3)Third,we theoretically evaluate the time consumption of SM9-OABE.Besides,we implement SM9-OABE using C language and evaluate its practical performance by competing it with SM9 encryption algorithm.The result indicates that our scheme performs well in functionality and security,at a cost of extra running time which is acceptable.