| Cloud computing has grown rapidly due to its massive storage and computation,providing storage and computing services to individuals and organizations.To protect the privacy of data stored in the cloud,content providers usually encrypt their data.However,there are many data sharing scenarios in the cloud,and this storage model accordingly increases the difficulty of sharing data among users.Proxy re-encryption is an important technical solution for data sharing,allowing cloud service providers to act as proxy parties to transform the ciphertext.However,when a user withdraws,the existing revocation scheme ignores that the revoked user may decrypt the data accessed before the revocation,which can lead to information leakage of data stored on the cloud service provider by the content provider.Also,a malicious cloud service provider may transform data that is beyond the scope of the content provider's authorization.In addition,since decryption contains a large number of bilinear pair operations and exponential operations that consume a huge computational overhead for users,it is difficult for users with limited computational power to apply this encryption technique to secure data.In order to solve the above problems,this paper designs a time-revocable encrypted data sharing scheme,whose main work is as follows:Firstly,for the problem of data information leakage caused by the revoked user using the private key to decrypt the data accessed before revocation,this paper proposes a ciphertext transformation scheme that can revoke authorization at regular intervals to achieve regular revocation by temporal authorization of private keys based on the user's identity.The key generation center in the algorithm sets the authorization start time and end time for the user's private key,which prevents the user with expired authorization from decrypting the pre-expiration data.Since the authorization period range is incorporated into the generation process of the user's private key,this authorization relationship is only valid within a certain time frame,so that the user whose authorization has expired is revoked,i.e.,his private key cannot decrypt the ciphertext accessed before revocation,thus achieving the purpose of timed revocation.At the same time,the content provider adds encryption conditions corresponding to the data in the data encryption process to resist the cloud service provider from abusing the authorization token to convert the data beyond the authorization range.Secondly,for users with limited computing power who have difficulty in decrypting due to the huge computational overhead required for decryption calculation,this paper proposes a verifiable outsourced decryption scheme for transforming ciphertexts to reduce the computational overhead of the user's decryption process.With the outsourced decryption technique,a user with limited computing power can generate a license key to outsource a large number of bilinear pairing operations and exponential operations involved in the decryption process to a cloud service provider,which will partially decrypt the ciphertext and send it to the user for decryption.At the same time,the verifiable random function is used to prevent the semi-trusted cloud service provider from returning the random outsourced decryption ciphertext directly without performing the outsourced decryption,so as to achieve the verifiability of the outsourced decryption.Finally,the theoretical and experimental analyses show that the ciphertext conversion scheme in this paper achieves both the timed revocation of authorization for users,so that only users within the authorization period can decrypt data,and the conditional control of cloud service providers,so that they can only convert data within the authorization range;the verifiable conversion ciphertext outsourcing decryption scheme in this paper not only reduces the computational overhead of user decryption process,but also Ensure the verifiability of outsourced decryption results. |
PDF Full Text Request