Search

CN-122001586-A - Method and system for realizing multi-authority attribute-based encryption protocol

CN122001586ACN 122001586 ACN122001586 ACN 122001586ACN-122001586-A

Abstract

The invention discloses a method and a system for realizing a multi-authority attribute-based encryption protocol, wherein the method comprises the following steps that firstly, each attribute management authority center executes master key generation according to an attribute set managed by the authority center; the method comprises the steps of obtaining keys corresponding to attribute sets from a plurality of attribute management authority centers by a client, selecting random numbers by a server, encrypting model parameters according to an access structure to generate a ciphertext component containing strategy information, calculating a reconstruction coefficient by the client through a locally held private key component and combining parameters in the ciphertext, calculating a shared secret and decrypting model parameters locally if the attributes meet the access structure, and realizing strategy updating of the ciphertext without re-encryption through a strategy token if the attributes do not meet the access structure. The protocol system provided by the invention obviously improves the flexibility, verifiability and system operation stability of the authority management in the application scene of large-scale collaboration, long-term tasks and high supervision requirements.

Inventors

  • SHEN JIAN
  • WANG JIALU
  • YANG HUIJIE
  • ZHENG WENYING
  • JIN ZILONG
  • ZHOU TIANQI
  • WANG CHEN
  • HU JIN

Assignees

  • 浙江理工大学
  • 现代纺织技术创新中心(鉴湖实验室)

Dates

Publication Date
20260508
Application Date
20260410

Claims (8)

  1. 1. A method for realizing a multi-authority attribute-based encryption protocol is characterized by comprising the following specific steps: step one, initializing Each attribute management authority center executes master key generation according to the attribute set managed by the authority center; Step two, user key generation The client User j obtains keys corresponding to the attribute set S j from a plurality of attribute management authority centers; Step three, encryption of model parameters The server selects a random number, and encrypts the model parameters Msg according to the access structure A to generate a ciphertext assembly containing strategy information; step four, decryption process, strategy token and update The client User j calculates a reconstruction coefficient by utilizing a locally held private key component and combining parameters in the ciphertext, if the attribute meets the access structure A, the shared secret is locally calculated and the model parameter Msg is decrypted, and if the attribute does not meet the access structure, the policy token is used for realizing the policy update without re-encryption of the ciphertext.
  2. 2. A multi-authority attribute-based encryption protocol implementation method according to claim 1, wherein the method comprises the following steps of selecting elliptic curve groups G 1 and G T and defining a bilinear mapping function e between the two groups, mapping two elements in G 1 into G T , selecting a generator G in G 1 at the same time, selecting two random numbers alpha i and beta i in an integer finite field Z p of a modulo p as secret parameters by each attribute management authority AA i , calculating corresponding common parameter components, wherein one is an alpha i power of a result of performing bilinear pairing operation on the generator G, and the other is a beta i power of the generator G, finally generating global common parameters PP comprising group information, bilinear mapping, the generator and a set of common parameter components calculated by all n attribute management authorities, and defining a master key MK i of each authority center as a selected secret parameter pair ( i ,β i ).
  3. 3. The method for implementing multi-authority attribute-based encryption protocol according to claim 1, wherein in the second step, for each specific attribute in the attribute set owned by the client, the authority center responsible for managing the attribute generates a corresponding private key component, and the mapping value of the main private key component of the attribute authority center on the elliptic curve group is multiplied by the result obtained by performing an exponential operation on the hash value of the attribute, wherein the exponent is obtained by multiplying another secret parameter of the authority center by a unique random number of the user, the random number of the user is randomly selected in an integer finite field, and the hash function is used to map the attribute onto the group element.
  4. 4. The method for realizing the multi-authority attribute-based encryption protocol according to claim 1, wherein the method is characterized in that in the third step, after a server selects a random secret number in an integer finite field, encryption operation is performed on a model parameter plaintext based on a preset access structure A, a main body part of a ciphertext and a randomizing component are firstly generated, the server calculates an exponent power of a bilinear pair, the exponent is formed by the product of the sum of private key parameters of all authority centers and the selected random secret number and is used as an encryption mask to be multiplied by a model parameter plaintext so as to hide model data, and the random secret number power of a group generation element is calculated and is used as a blinding base of the ciphertext; Secondly, generating a ciphertext component embedded with an access policy, and generating two ciphertext components for each row of the matrix by a server aiming at an access structure formed by a linear secret sharing matrix and an attribute mapping function, wherein the first component is a power item of a group generation element, the exponent is determined by an inner product of a row vector corresponding to the linear secret sharing matrix and a random secret number and represents a ciphertext form of a secret share; And finally, the server combines the calculated encryption mask, the blinding base and the strategy ciphertext components generated for each row of the matrix to form the final encryption gradient ciphertext.
  5. 5. A multi-authority attribute-based encryption protocol implementation method as set forth in any one of claims 1-4 is characterized in that in step four, a client determines a row index set matched with an attribute set of the access control matrix, calculates a set of reconstruction coefficients by using a linear secret sharing scheme for a feasible set, wherein the coefficients are used for linearly recombining scattered secret shares, the client uses algebraic characteristics of bilinear pair mapping to pair and aggregate a randomization component in the secret with a locally held attribute private key component weighted by the reconstruction coefficients, if the attribute set of a user meets the access structure requirement, the shared secret is successfully recovered, the client uses the shared secret to remove blind masking in a ciphertext main body so as to decrypt and obtain an original model parameter plaintext, and if the attribute does not meet the requirement, reconstruction cannot be completed and decryption fails.
  6. 6. The method for implementing the multi-authority attribute-based encryption protocol according to claim 5, wherein in the fourth step, the updating process comprises the steps of generating a new access structure by an attribute management authority center, issuing a new key derivation component for a client, switching to a new version policy token by a server, and verifying a new policy and acquiring the new key component by the client based on the token.
  7. 7. The method of claim 6, wherein in the fourth step, the policy token is composed of three elements of data tuples, the version number is used to identify the timeliness and update order of the current policy, the updated access control structure is used to define the changed attribute matching logic and authority boundary, and the digital signature is calculated and generated by the policy management entity for the version number and the new access structure.
  8. 8. A multi-authoritative attribute-based encryption protocol implementing system for performing the method of any one of claims 1-7, comprising the following modules: the initialization module is used for each attribute management authority center to execute master key generation according to the attribute set managed by the authority center; The User key generation module is used for the client User j to obtain keys corresponding to the attribute set S j from a plurality of attribute management authority centers; The model parameter encryption module is used for selecting a random number by the server, executing encryption on the model parameter Msg according to the access structure A, and generating a ciphertext component containing strategy information; The decryption process and the strategy token and updating module are used for a client User j to calculate a reconstruction coefficient by utilizing a locally held private key component and combining parameters in the secret, if the attribute meets the access structure A, the shared secret is calculated locally and the model parameters Msg are decrypted, and if the attribute does not meet the access structure, the strategy token is used for realizing the strategy updating of the ciphertext without re-encryption.

Description

Method and system for realizing multi-authority attribute-based encryption protocol Technical Field The invention belongs to the technical field of encryption, and particularly relates to a method and a system for realizing a multi-authority attribute-based encryption protocol. Background The access control is a technology for accessing information or limiting the use of functions in the current password direction, and mainly sets a security mechanism of who can access what resources in what mode, so as to accurately implement confidentiality, integrity and minimum authority principles on the premise of maintaining availability and service requirements. Conventional access control (e.g., DAC, MAC, RBAC, etc.) relies on a centralized reference monitor to make rights decisions, which has the problems of single point trust dependence and difficulty in adapting to an open network environment. To solve the above limitation, the former proposes a paradigm of Encryption, i.e., access control, i.e., attribute-Based Encryption (ABE) and its extension primitives. The technology utilizes mathematical problems rather than trusted third parties to achieve fine-grained access authorization and data protection by embedding access policies in ciphertext or keys. (1) Development of ABE and related extensions Researchers in 1984 proposed Identity-Based Encryption ‌ (IBE for short) to replace public key certificates with Identity tags. In 2001, researchers have introduced bilinear pairs to construct the first practical IBE, which lays a mathematical foundation for the subsequent protocol, but is limited in that only simple access decisions can be expressed. In order to improve the policy expression capability, researchers proposed Fuzzy IBE in 2005, and property encryption research was started. Then researchers put forward KP-ABE, and researchers put forward first cipher text Policy attribute base encryption (Ciphertext-Policy ABE, CP-ABE for short), support complex structure by using Boolean tree and linear master key sharing, transfer Policy control right to cipher text, and realize encryption, namely access control in true sense. For single-center trust, researchers have proposed a Multi-authoritative attribute-Based Encryption model (Multi-Authority Attribute-Based Encryption, abbreviated as MA-ABE) in 2007. In 2011, researchers further realize a complete decentralization scheme without central collaboration, and the security under a multi-authority environment is ensured while the high expression capability is maintained by utilizing a double-system encryption technology. (2) Dynamic updating and revocation of ABE With the expansion of ABE application, the traditional static attribute system can not meet the requirement of frequent change of user attributes or dynamic revocation of rights. Researchers have proposed an IBE-based revocation mechanism in 2008, introduced a time period concept to enable access rights to be updated over time, researchers have proposed cloud environment-oriented revocable ABE in 2010 to enable cloud servers to assist in key update without touching plaintext, and a general revocation framework proposed by researchers in 2011 solves the problem of large-scale user revocation through key update time parameters and broadcast encryption structures. The innovative expansion of the columns changes the access control from static attribute to dynamic revocation, introduces time dimension to make the key and attribute have timeliness, reduces revocation cost by broadcast encryption, and combines the time slice and revocation list into the linear secret sharing structure of ABE, thereby expanding the original static mathematical structure. To solve the key update and re-encryption overhead problems that frequently result from attribute changes, researchers began to combine ABE with PRE. PRE was proposed in 1998 as early as one-way bi-directional model in 2005, and then multiple ABE-PRE schemes proposed to let untrusted servers perform ciphertext conversion, making attribute updates, policy migration unnecessary for data owner re-encryption. In this way, the computational burden can be transferred from the data owner to the proxy, and the ciphertext can be transformed to accommodate the new policy or set of attributes while supporting online attribute updates without global re-encryption under conditions that are met with security. By constructing the conversion key, the strategy update and the attribute update do not depend on the original private key or the plaintext any more, thereby realizing the real and practical dynamic access control. After 2016 years, a great deal of research has introduced blockchain consensus and intelligent contract mechanisms into the ABE/MA-ABE system to solve the audit, key transparency and cross-institution trust problems in traditional ABE. The typical scheme records key issuing, attribute changing and revocation information by using an intelligent contract, and non-repud