Search

CN-122001664-A - Attribute-based encryption method for trusted data space

CN122001664ACN 122001664 ACN122001664 ACN 122001664ACN-122001664-A

Abstract

The invention relates to the field of data encryption transmission, in particular to an attribute-based encryption method for a trusted data space, which comprises the steps of classifying attribute elements according to change states to obtain different change state subsets, taking union sets for all the change state subsets to obtain change attribute sets, taking any attribute element in the change attribute sets as a target element, obtaining associated leaf nodes of the target element in a preset access strategy tree to construct an associated leaf node set, calculating the influence degree of the target element according to the associated leaf node set, obtaining the total number of associated non-leaf nodes of the target element in the preset access strategy tree, calculating the adjustment amplitude caused by the target element according to the influence degree and the total number of associated non-leaf nodes, and adjusting corresponding threshold values and corresponding associated leaf nodes in the preset access strategy tree by combining the change states and the adjustment amplitude, and updating keys based on the adjusted access strategy tree. The invention can reduce the system overhead in the attribute high-frequency change scene.

Inventors

  • JIANG RIYOU
  • JIANG JIANGONG
  • XU LIANG
  • ZHU WEIBING

Assignees

  • 江苏意源科技有限公司

Dates

Publication Date
20260508
Application Date
20260307

Claims (7)

  1. 1. A method for attribute-based encryption of trusted data spaces, comprising: acquiring the change state of each attribute element in each user attribute set, taking the user attribute set at the current updating moment as a target set and taking the user attribute set at the previous updating moment at the current updating moment as a reference set; Classifying attribute elements according to the change states to obtain different change state subsets, taking a union set for all the change state subsets to obtain a change attribute set, taking any attribute element in the change attribute set as a target element, obtaining associated leaf nodes of the target element in a preset access strategy tree to construct an associated leaf node set, calculating the influence degree of the target element according to the associated leaf node set, obtaining the total number of associated non-leaf nodes of the target element in the preset access strategy tree, calculating the adjustment amplitude caused by the target element according to the influence degree and the total number of associated non-leaf nodes, and traversing to obtain the adjustment amplitude caused by each attribute element in the change attribute set; For each attribute element in the change attribute set, adjusting a corresponding threshold value and a corresponding associated leaf node in a preset access strategy tree by combining the change state and the adjustment amplitude, and updating a key based on the adjusted access strategy tree to finish encryption; calculating the influence degree of the target element according to the associated leaf node set comprises: Taking any associated leaf node in the associated leaf node set as a target node, and taking the ratio of the node layer number of the target node to the depth of a preset access strategy tree as a first disturbance degree of the target node; constructing a historical user attribute set, and taking the ratio of the occurrence frequency of the target element in the historical user attribute set to the total number of the attribute elements in the historical user attribute set as a second disturbance degree of the target node; Taking the product of the first disturbance degree and the second disturbance degree as the comprehensive disturbance degree of the target element to the target node; Traversing to obtain the comprehensive disturbance degree of the target element on each associated leaf node in the associated leaf node set, and taking the average value of all the comprehensive disturbance degrees as the influence degree of the target element; Calculating the adjustment amplitude caused by the target element according to the influence degree and the total number of the associated non-leaf nodes comprises: Taking the sum of the total number of the set elements of the associated leaf node set and the total number of the associated non-leaf nodes as the total number of the associated nodes; The ratio of the total number of the cumulative multiplication associated nodes to the total number of the nodes of the preset access strategy tree, the influence degree and the preset super parameters are used as the adjustment amplitude of the cumulative multiplication result caused by the change of the target element.
  2. 2. An attribute-based encryption method for trusted data spaces in accordance with claim 1 wherein the attribute elements consist of attribute types and attribute values.
  3. 3. A method of attribute-based encryption for trusted data spaces as claimed in claim 2, wherein said obtaining the state of change of each attribute element in each user attribute set comprises: Taking any attribute element in the target set as a first reference element, responding to the fact that the attribute type of the first reference element does not exist in the reference set, taking the newly added attribute element as a change state of the first reference element, and traversing to obtain the change state of each attribute element in the target set; Taking any attribute element in the reference set as a second reference element, deleting the change state serving as the second reference element in response to the attribute type of the second reference element not existing in the target set, and traversing to obtain the change state of each attribute element in the reference set; Acquiring an intersection of the attribute type of the target set and the attribute type of the reference set, taking any attribute type in the intersection as the target type, responding to the difference between the attribute value of the target type in the target set and the attribute value of the target type in the reference set, using the modification as the change state of the attribute element corresponding to the target type in the target set, and traversing to acquire the change state of the attribute element corresponding to each attribute type in the intersection in the target set.
  4. 4. The method of claim 1, wherein obtaining the associated leaf nodes of the target element in the preset access policy tree comprises: and taking the leaf node which is the same as the target element in the preset access strategy tree as the associated leaf node of the target element.
  5. 5. The method of claim 1, wherein constructing a set of historical user attributes comprises: And acquiring a user attribute set at each moment between the current updating moment and the preset initial moment, and taking the user attribute set at each moment as a set element to construct a historical user attribute set.
  6. 6. The method of claim 1, wherein adjusting the corresponding threshold and the corresponding associated leaf node in the preset access policy tree in combination with the change state and the adjustment amplitude comprises: In response to the change state of the target element being newly increased, adding associated leaf nodes corresponding to the target element in a preset access strategy tree, taking father nodes of the added associated leaf nodes as nodes to be amplified, in response to the nodes to be amplified being OR gates, calculating the sum of the original threshold value and the adjustment amplitude of the nodes to be amplified to obtain a new threshold value of the nodes to be amplified, in response to the nodes to be amplified being AND gates, taking the number of child nodes of the nodes to be amplified as the new threshold value of the nodes to be amplified; In response to the change state of the target element being deletion, deleting associated leaf nodes corresponding to the target element in a preset access strategy tree, taking father nodes of the deleted associated leaf nodes as nodes to be reduced, in response to the nodes to be reduced being OR gates, calculating the difference between the original threshold value and the adjustment amplitude of the nodes to be reduced to obtain new threshold values of the nodes to be reduced, in response to the nodes to be reduced being AND gates, taking the number of child nodes of the nodes to be reduced as the new threshold values of the nodes to be reduced; And responding to the change state of the target element as modification, modifying the associated leaf node corresponding to the target element in a preset access strategy tree, taking the father node of the modified associated leaf node as a node to be adjusted, responding to the node to be adjusted as an OR gate, calculating a sign function value of an influence difference value of a preset influence threshold value and an influence degree, calculating a product of the sign function value and an adjustment amplitude, taking the sum of an original threshold value and the product of the node to be adjusted as a new threshold value of the node to be adjusted, responding to the node to be adjusted as an AND gate, and taking the number of child nodes of the node to be adjusted as the new threshold value of the node to be adjusted.
  7. 7. A method of attribute-based encryption for trusted data spaces as claimed in claim 1, further comprising: Assigning 1 to the adjusted threshold value in response to the adjusted threshold value being less than 1; and assigning the number of sub-nodes to the adjusted threshold value in response to the adjusted threshold value being greater than the corresponding number of sub-nodes.

Description

Attribute-based encryption method for trusted data space Technical Field The invention relates to the field of data encryption transmission. More particularly, the present invention relates to an attribute-based encryption method for trusted data spaces. Background The trusted data space is used as an emerging data sharing and collaboration framework, and has become a core technical framework for guaranteeing data security, privacy protection and efficient circulation. Attribute-based encryption (Attribute Based Encryption, ABE) is an advanced access control encryption mechanism that plays a key role in trusted data space, allowing data owners to define access policies based on user attributes (e.g., role, rights, location, or time), thereby enabling fine-grained access control, and access policy tree is the core data structure used to define ciphertext access conditions in attribute-based encryption. In the application process of the trusted data space, the dynamic change of the user attribute is normal (such as staff role adjustment, temporary authority grant or attribute update based on time), when the user attribute is changed in the prior art, the whole access strategy tree can be rebuilt no matter how large the change is, so that the system performance is reduced under the condition of high-frequency change of the attribute, and further the security risk is increased and the user experience is deteriorated. Disclosure of Invention In order to solve the problems that in the prior art, the attribute-based encryption technology reconstructs the whole access strategy tree no matter how much the attribute is changed, so that the system performance is reduced under the condition of high-frequency attribute change, and further the security risk is increased and the user experience is poor, the invention provides a scheme in the following aspects. The application provides an attribute-based encryption method for a trusted data space, which comprises the steps of obtaining the change state of each attribute element in each user attribute set, taking the user attribute set at the current updating time as a target set and the user attribute set at the previous updating time of the current updating time as a reference set, classifying the attribute elements according to the change states to obtain different change state subsets, obtaining the change attribute sets by taking the union sets of all the change state subsets, taking any attribute element in the change attribute sets as the target element, obtaining the associated leaf node of the target element in a preset access strategy tree to construct an associated leaf node set, calculating the total number of associated non-leaf nodes of the target element in the preset access strategy tree according to the associated leaf node set, calculating the adjustment amplitude caused by the target element according to the influence degree and the total number of associated non-leaf nodes, traversing the adjustment amplitude caused by each attribute element in the change attribute set, combining the change state and the adjustment amplitude with the corresponding threshold value in the preset access strategy tree, and completing the new access strategy tree based on the associated leaf node after the new adjustment. Preferably, the attribute element is composed of an attribute type and an attribute value. Preferably, the obtaining the change state of each attribute element in each user attribute set includes taking any attribute element in a target set as a first reference element, responding to the fact that the attribute type of the first reference element does not exist in the reference set, taking the newly added attribute element as the change state of the first reference element, traversing to obtain the change state of each attribute element in the target set, taking any attribute element in the reference set as a second reference element, responding to the fact that the attribute type of the second reference element does not exist in the target set, deleting the change state as the second reference element, traversing to obtain the change state of each attribute element in the reference set, obtaining the intersection of the attribute type of the target set and the attribute type of the reference set, taking any attribute type in the intersection as the target type, responding to the fact that the attribute value of the target type in the target set is different from the attribute value of the target type in the reference set, traversing to obtain the change state of each attribute element corresponding to the attribute type in the target set. Preferably, acquiring the associated leaf node of the target element in the preset access policy tree comprises taking the leaf node which is the same as the target element in the preset access policy tree as the associated leaf node of the target element. Preferably, calculating the influence degree of the target element