Search

CN-117201132-B - Multi-committee attribute base encryption method capable of achieving complete decentralization and application of multi-committee attribute base encryption method

CN117201132BCN 117201132 BCN117201132 BCN 117201132BCN-117201132-B

Abstract

The invention discloses a multi-committee attribute-based encryption method capable of completely decentralizing, which belongs to the field of information security, and aims to modify an attribute mechanism into a committee consisting of a plurality of nodes, and design an initialization, attribute key release and verification, encryption and decryption algorithm of the committee, wherein the committee adopts a DKG protocol to generate a public key and a private key between the nodes, and simultaneously ensures that the committee can tolerate 1/2 Bayesian nodes. An attribute key verification algorithm is designed to enable a user to filter out invalid keys issued by the Bayesian node. The invention uses X-ABE to realize the decentralization access control protocol DACCS in the cloud storage scene, applies X-ABE to the stage of releasing user attribute keys and encrypting session keys to realize data encryption transmission, combines a segmented block chain architecture, uses intra-segment consensus to ensure consistency among committee nodes in the key issuing process, and records information such as user attribute information, ciphertext hash values and the like on a block chain.

Inventors

  • LIU YIZHONG
  • XING XINXIN
  • Qin Banghong
  • JIANG ZIXU
  • LI DONGYU
  • LIU JIANWEI
  • GUAN ZHENYU
  • LI DAWEI
  • ZHANG JIANYUN

Assignees

  • 北京航空航天大学

Dates

Publication Date
20260505
Application Date
20230911

Claims (8)

  1. 1. A multi-committee attribute-based encryption method with complete decentralization is characterized by comprising the following steps: S1 Global initialization Inputting security parameters Outputting the global parameter ; S2 Committee initialization Presuming the Attribute Committee Each committee includes nodes Each node Operating an improved DKG protocol, inputting global parameters Committee numbering Outputting the private key set Public key set ; S3, encryption Input message Access matrix Public key set of committee corresponding to attributes in access matrix Output ciphertext ; S4, secret key generation Input user attributes User identification Private key Node (C) Output attributes Attribute key of (a) ; S5, key verification For verifying nodes Generated attribute key Input attribute key Node Public key of (a) Outputting a Boolean value; s6 decryption Inputting ciphertext Attribute key set Node set Outputting the message If the decryption party is from the node All keys are received through Is verified by a node Will be called legal node As a means of Middle legal node Is used for the number of the sequence number of (c), Is that Set of sequence numbers of legal nodes in (1), if Then Is a legal set.
  2. 2. The full decentralised multi-committee attribute-based encryption method of claim 1, wherein the modified DKG protocol comprises the steps of: A1, secret sharing is carried out among committee nodes, and a private key is shared; And A2, the committee performs share distribution and share verification, and each node obtains a public key after executing the share distribution and the share verification.
  3. 3. The method for fully decentralizing multi-committee attribute-based encryption as recited in claim 2, wherein step A1 comprises the steps of: a11, share distribution, namely selecting a polynomial by the nodes to generate secret shares, disclosing promised values of polynomial coefficients, and mutually sending the secret shares; A12, share verification, namely after the node receives the secret share, verifying the share, wherein the verification does not pass through sending complaints; A13, responding to the complaint, wherein the node receiving the complaint broadcasts the correct share; a14, marking malicious nodes, and receiving the exceeding Individual complaints will be marked as malicious nodes; A15, generating a legal node set, wherein nodes which are not marked as malicious form the set; a16, generating a private key share, wherein each node combines the received secret shares into the private key share.
  4. 4. The method for fully decentralizing multi-committee attribute-based encryption as recited in claim 2, wherein step A2 comprises the steps of: A21, share distribution, wherein the node broadcasts the secret share; a22, share verification, namely after the node receives the secret share, verifying the share, wherein the verification does not pass through sending complaints; a23, generating a public key, wherein each node generates the public key if verification is passed, otherwise, using the secret share in the step A1 for key reconstruction.
  5. 5. The method for fully decentralizing multi-committee attribute-based encryption as recited in claim 1, wherein step S3 comprises the steps of: Matrix array Is one Using a matrix of (2) Encrypting messages , Is to arrange the rows of the matrix A mapping function mapped to the attribute(s), Is a mapping function for mapping attributes to sequence numbers of committee, let The following operations are performed: S31 random selection To (1) to Column vector as leader Column vector with 0 as the first part Calculation of ; S32 for Lines in (a) Randomly select Calculation of Calculating ciphertext ; S33 use of the Committee for correspondence Node in (a) Public key of (2), calculate 。
  6. 6. The method for fully decentralizing multi-committee attribute-based encryption as recited in claim 1, wherein step S6 comprises the steps of: using an access matrix Encrypting data, decrypting party possessing attribute key The following calculations were performed: s61 for each row Is provided with ; S62-node in Committee If (3) And (3) calculating: ; s63, user calculation: s64 selection of Make it meet Then Calculating S65, outputting plaintext 。
  7. 7. The multi-committee attribute-based encryption method for complete decentralization is characterized by being applied to a cloud storage scene and comprising the following steps of: Initializing, namely generating global parameters by global initialization of an attribute committee, initializing a fragment block chain and a maintained attribute set by each committee, and generating public and private keys of nodes by initialization of an executive committee; b2, user registration, wherein the user sends a registration request to the committee, the committee agrees with the registration information to generate an on-chip transaction uplink, and the step B2 specifically comprises the following steps: B21, sending registration request, user Sending a request, user A request is constructed and sent to a committee, and the request comprises an attribute set of a user and a user identity; b22, after the committee receives the request, the leader node packages the intra-chip transaction and links the intra-chip transaction; and B3, in the key generation stage, a user sends a key request to a committee, each node of the committee issues an attribute key for the user, and the user verifies the attribute key generated by each node, wherein the step B3 specifically comprises the following steps: b31, sending key request, namely, sending key request by user, and making key request by user Constructing a key request to broadcast to a corresponding committee; b32, after the committee receives the request, each node in the committee verifies the user attribute in the request and then votes, and after consensus is achieved, the request is packaged into on-chip transactions; B33:Council generates key, after the Council node receives the trade containing key request, according to user attribute and user Generating an attribute key; b34, user authentication key, namely after the user receives the attribute key, the user uses the public key corresponding to the committee to carry out authentication; And B4, in the data uploading and accessing stage, the data owner encrypts the message by using the access matrix and the public key of the committee, uploads the message to the server, and the user decrypts the message by using the attribute key corresponding to the access matrix.
  8. 8. The method for fully decentralizing multi-committee attribute-based encryption as recited in claim 7, wherein step B4 comprises the steps of: b41, encrypting, namely using the symmetric encryption original file by the data owner, and carrying out attribute-based encryption on the symmetric key, wherein the ciphertext comprises a symmetric encrypted ciphertext and an attribute-based encrypted ciphertext; B42, uploading ciphertext, namely uploading the ciphertext to a cloud server by a data owner, calculating a hash value of the ciphertext, and broadcasting the hash value to committees of corresponding attributes; b43, verifying the ciphertext integrity, namely after the cloud server receives the uploaded ciphertext, verifying the ciphertext integrity, and if the verification is passed, storing the hash value and the ciphertext by the cloud server; b44, the committee receives the integrity evidence sent by the data owner, runs the intra-chip consensus, and packages the integrity evidence into intra-chip transactions; B45, sending an access request, wherein a user acquires corresponding integrity evidence from a blockchain and sends the access request; B46, sending ciphertext, namely sending ciphertext by the cloud server; And B47, decrypting, namely, decrypting by a user, firstly verifying the integrity of the ciphertext according to the chain integrity evidence, and then decrypting the ciphertext by using the attribute key to obtain a symmetric key, and decrypting to obtain the original data.

Description

Multi-committee attribute base encryption method capable of achieving complete decentralization and application of multi-committee attribute base encryption method Technical Field The invention belongs to the technical field of information security, and particularly relates to a multi-committee attribute-based encryption method capable of completely decentralizing and application thereof. Background Attribute-Based Encryption (ABE) is an important research field of public key cryptography, and belongs to the category of function Encryption. In conventional public key encryption, data owners encrypt data n times for n users using their public keys, while ABE allows the data owners to encrypt data with fine granularity according to the attributes of a target user group, and only 1 encryption is needed for n users, so that ABE is suitable for large-scale organization application scenarios with numerous users and different access rights, such as cloud computing. Conventional ABE schemes employ a single attribute authority to issue attribute keys to users, but in real world applications, the construction of global authorities is impractical, so Multi-authority attribute-Based Encryption schemes have been proposed (Multi-Authority Attribute-Based Encryption, mA-ABE). In MA-ABE, a plurality of different attribute authorities independently manage different sets of attributes. Some problems remain with the MA-ABE scheme. In the existing MA-ABE scheme, each attribute mechanism is a centralized entity in nature, and has certain defects in terms of safety, particularly limitation, and cannot realize complete decentralization. When the attack of the down adversary is faced, the attribute mechanism is down, the capability of issuing the attribute key is lost, and the normal proceeding of the decryption process of the user is further affected. In addition, under the circumstance of facing the Bayesian adversary, the attribute mechanism can be controlled by the adversary, at the moment, the private key of the attribute mechanism is mastered by the adversary, the process of issuing the attribute key is controlled by the adversary, and once the attribute key which can be controlled by the adversary meets the access strategy meeting a specific ciphertext, the adversary can successfully decrypt the ciphertext, and the security of the ciphertext is affected. In military, and medical, security-critical scenarios, the decentralized incompleteness and the low bayer fault tolerance threshold in the conventional MA-ABE scheme are unacceptable. For example, a bystander may manipulate an attribute authority server in the army to control key distribution and gain decryption rights to ciphertext prior to combat, resulting in unauthorized exposure of secret military command control information. In financial scenarios, adversaries may obtain personal privacy and account information, even disrupting normal financial transactions, resulting in paralysis of economic activity. Disclosure of Invention In view of the above, the present invention aims to solve the problem of incomplete decentralization of MA-ABE, improve the fault tolerance of an attribute-based encryption algorithm under the condition of coping with down adversaries and bezels adversaries, and provide a multi-committee attribute-based encryption X-ABE with complete decentralization, wherein an attribute committee composed of a plurality of nodes is used to replace a single attribute mechanism. Within the committee, a distributed key generation (Distributed Key Generation, DKG) protocol is applied to correlate the private key of each committee node, further correlating the public key of the committee node and its issued attribute key. A user who obtains legal attribute keys exceeding a threshold t (the threshold is determined by DKG) can correctly decrypt the ciphertext. The X-ABE provides a powerful Bayesian fault tolerance capability lacking in the MA-ABE through a joint committee mechanism, a DKG and an attribute key verification algorithm additionally designed in the method, and improves the fault tolerance threshold of ciphertext security in the MA-ABE by about n times (n is the average node number in the committee). Further application of X-ABE to access control can solve the centralization problem existing in ABE-based access control architecture. In order to achieve the above purpose, the present invention provides the following technical solutions: in one aspect, the invention provides a multi-committee attribute-based encryption method for complete decentralization, comprising the steps of: S1, global initialization GlobalSetup, inputting a safety parameter 1 κ and outputting a global parameter GP; s2 Committee initialization CommitteeSetup, presume Attribute Committee Each committee includes nodes P i,j, each node P i,j runs a modified DKG protocol, inputs global parameters GP, committee number i, outputs a set of private keys { sk i,j }, a set of public keys { pk i,j