CN-122027360-A - Revocable attribute-based encryption method based on blockchain and policy hiding

Abstract

The embodiment of the invention provides a revocable attribute-based encryption method based on blockchain and policy hiding, belonging to the technical field of data security. The method comprises the steps of constructing an access strategy, generating a symmetric key, encrypting a data file and the symmetric key, outputting an intermediate ciphertext, replacing the access strategy in the intermediate ciphertext through a bloom filter, outputting a final ciphertext and a ciphertext header component, storing a hash value of the final ciphertext to a blockchain BC, verifying a decryption token of a data file applied by a data user DU, judging whether an attribute set of the data user DU is in a revocation list or not through verification, verifying whether the attribute set is in the revocation list or not, executing outsourcing decryption operation if the attribute set is not in the revocation list, returning part of decryption results to the data user DU, verifying the correctness of part of decryption results according to the hash value stored on the blockchain BC, and obtaining the data file of a plaintext through verification and final decryption.

Inventors

• CHEN FULONG
• GUO JIAXIN
• Diao jishui
• WANG TAOCHUN
• XIE DONG
• CHEN ZHANGYI
• XU LIN
• LI WENJIE

Assignees

• 安徽瑞信软件有限公司
• 安徽师范大学

Dates

Publication Date

20260512

Application Date

20260410

Claims (10)

1. 1. A revocable attribute-based encryption method based on blockchain and policy hiding, the encryption method comprising: respectively initializing an attribute authority center AA, a cloud service provider CSP, a data user DU, a block chain BC, a data manager DM and a data owner DO; constructing an access strategy, generating a symmetric key, encrypting the data file and the symmetric key, and outputting an intermediate ciphertext; replacing the access strategy in the intermediate ciphertext through a bloom filter, outputting a final ciphertext and a ciphertext header assembly, uploading the final ciphertext and the ciphertext header assembly to a cloud service provider CSP for storage, and storing a hash value of the final ciphertext to a blockchain BC; Verifying a decryption token of the data user DU application access data file; Verifying, namely judging whether the attribute set of the data user DU is in a revocation list or not; In the case that the set of attributes is not in the revocation list, verifying whether the attributes satisfy the access policy; Executing outsourcing decryption operation under the condition that the data is satisfied, and returning partial decryption results to the data user DU; verifying the correctness of a part of decryption result according to the hash value stored on the block chain BC; and (5) carrying out final decryption after verification is passed, and obtaining a data file of a plaintext.
2. 2. The encryption method according to claim 1, wherein initializing the attribute authority AA, the cloud service provider CSP, the data user DU, the data manager DM, the data owner DO, respectively, comprises: attribute authority center AA selecting safety parameter And attribute set Is provided with And Is of the same prime order Is used for the multiplication loop group of (a), Is that Is used for generating the generation element of (a), defining bilinear maps Randomly select For each attribute Randomly select Calculation of And Generating a master key And common parameters ; The data manager DM builds a Key Encryption Key (KEK) tree structure, sets up a data user set For each attribute Defining attribute groups As an possession attribute To associate leaf nodes with each data user Corresponding to each non-leaf node Randomly generating a key And stored in the non-leaf node for each data user Defining a set of path nodes Representing from root node to leaf node For each attribute group, all nodes on the path of (a) Defining a minimum set of coverage Representing an overlay A minimum node set of all data users; For each attribute (Wherein ) Data manager DM randomly selects an index Obtaining an attribute public key Public key of data manager DM Private key of data manager DM The data manager DM discloses the public key and stores the private key safely; cloud service provider CSP generation of signing keys , It is disclosed that the method comprises the steps of, Stored by the cloud service provider CSP itself; randomly selected index Calculation of , The attribute set of the data user is For each attribute Calculation of , Randomly selecting an index Calculation of , , , Generating a conversion key Data user private key Initializing an attribute group key Attribute authority center AA will To the cloud service provider CSP to be sent To be sent to data user DU to Sending to a data manager DM; the data manager DM bases the KEK tree for each attribute Generating an attribute group key, calculating If (if) Non-null, for each non-leaf node Calculation of Generating an updated attribute group key Public parameters to be generated by the attribute authority centre AA and the data manager DM Public key Issue to blockchain BC.
3. 3. The encryption method according to claim 2, wherein constructing the access policy, generating the symmetric key, encrypting the data file and the symmetric key, and outputting the intermediate ciphertext, comprises: Defining fine-grained access policies as Wherein Is that Is a matrix of the (c) in the matrix, For the number of attributes in the access policy, To map the function, will Mapping each row of (1) to an attribute ; Converting access policies into matrices using a Linear Secret Sharing Scheme (LSSS) Defining secret sharing vectors Wherein For sharing secret values of vectors, for The shared value is calculated as: wherein Is a matrix Is the first of (2) A row; Data owner DO random generation symmetric key Encrypting data files using the AES algorithm : Encryption of symmetric keys using CP-ABE Randomly selecting an encryption index Ciphertext computing component , , Output intermediate ciphertext 。
4. 4. The encryption method of claim 3, wherein replacing the access policy in the intermediate ciphertext by a bloom filter, outputting a final ciphertext and a ciphertext header component, uploading to a cloud service provider CSP for storage, and proving the hash value of the final ciphertext to the blockchain BC, comprises: building an Attribute Bloom Filter (ABF), setting an access policy The attribute set involved in (1) is Wherein For each attribute For line number, construct element Wherein And Respectively expanded to a fixed length Is a character string of (2) And exclusive-or calculates and stores the data in the ABF array as index Is a position of (2); Will be Inserting ABF, replacing access policy in intermediate ciphertext with ABF Obtaining the final ciphertext ; Data manager DM is based on attribute groups And a KEK tree that generates a ciphertext header component for each attribute, for each attribute Randomly select And select an overlay attribute group in the KEK tree Is a minimum coverage set of (1) Corresponding non-leaf node Calculation of Ciphertext head assembly ; The data manager DM will Is sent to the cloud service provider CSP, and the cloud service provider CSP will And final ciphertext Storing in an associated mode; The data owner DO will end up ciphertext Uploading to a cloud service provider CSP for storage, and obtaining a final ciphertext by a data owner DO Hash value of (a) The hash value is uploaded to the blockchain BC as a data store.
5. 5. The encryption method according to claim 4, characterized in that the encryption method further comprises: when the specific attribute of the data user needs to be revoked, the data manager DM receives the attribute revocation request, determines the specific attribute needing to be revoked and the data user, and sets the data user needing to be revoked Attributes of (2) Identifying possession attributes All data user sets of (3) From the slave Removing revoked data users Obtaining updated attribute groups Data manager DM update attributes Is a minimum coverage set of (1) ; Randomly selecting a new index Calculating a new attribute index Generating a new attribute key Generating updated public key and private key of DM of data manager , ; The data manager DM will have attribute revocation information (including , , , ) To attribute authority AA, for each Attribute authority center AA uses data users Private key exponent of (2) Computing a new attribute key component Attribute authority center AA will Sending to a data manager DM; The data manager DM is based on the updated attribute groups And a KEK tree structure to generate a new attribute group key for data users that are not revoked: ; The data manager DM is based on the updated attribute groups And KEK tree structure to generate new ciphertext header For each attribute Calculation of The rest remains unchanged, and an updated ciphertext header is generated: The data manager DM sends the updated ciphertext to the cloud service provider CSP, and the cloud service provider CSP updates the ciphertext; The data manager DM records the attribute revocation related information to the blockchain BC.
6. 6. The encryption method according to claim 5, wherein verifying the decryption token for applying for access to the data file by the data user DU comprises: Data user DU checks its own set of attributes Whether or not it is valid, confirming that all attributes are not revoked and that the latest attribute group key is owned ; Data user DU use conversion key And attribute group key And randomly select a temporary session key Computing a decryption token component , For each attribute Calculating an attribute token At the same time, the token is signed, , wherein, Time stamp for decryption operation; after receiving the decryption request, the cloud service provider CSP verifies the DU signature Is effective in the following.
7. 7. The encryption method of claim 6, wherein determining whether the set of attributes of the data user DU is in the revocation list comprises: checking attribute sets of data subscriber DUs at cloud service provider CSP In the case of revocation list, the decryption request of the data user DU is denied.
8. 8. The encryption method of claim 7, wherein verifying whether the attribute satisfies the access policy if the set of attributes is not in the revocation list comprises: For each attribute of the data user DU Cloud service provider CSP performs ABF query and calculation Obtaining ABF array Index [ ] The hash function quantity is preset; Acquiring character strings of corresponding positions from ABF Reconstructing an element ; In the case of a successful reconstruction, The format of (1) is a line number attribute name and Then the attribute matching is successful, and the mapping relation is recorded Sum line number Otherwise, the attribute is not in the access policy; attribute collection at data user DU Without any attributes successfully matched in ABF, collecting all matched line number sets Verifying that the attributes meet the access policy uses a set of line numbers Access matrix Calculate whether or not there is a constant So that If not, the cloud service provider CSP refuses the decryption request.
9. 9. The encryption method according to claim 8, wherein, in case of satisfaction, performing an outsource decryption operation, returning a partial decryption result to the data user DU, comprises: Cloud service provider CSP uses line number sets Reconstruction constant Performing outsource decryption calculation for each line number The cloud service provider CSP uses the decryption token and the intermediate ciphertext component to calculate a partial value, , , The partial decryption result is ; The cloud service provider CSP records the hash value of the outsourcing decryption operation to the blockchain BC, calculates partial decryption results Hash value of (2) is Creating a decryption record , wherein, The identity of the user of the data, The partial decryption result hash value returned for the cloud service provider CSP, Hash digest of a decryption token request message sent for a data user DU to a cloud service provider CSP, while signing the record Record the signature Uploaded into the blockchain BC.
10. 10. The encryption method according to claim 9, wherein the verification is passed, the final decryption is performed, and the data file of the plaintext is obtained, comprising: data user DU uses local private key Temporary session key Finish final decryption and calculate symmetric key Is simplified to obtain Decrypting data files with symmetric keys ; Creating a decryption audit record: , In order to decrypt the file identification, In order to be able to operate on a type of operation, To decrypt the resulting hash value of the plaintext file, Is in an operating state; The audit record is digitally signed and, The data user DU uploads the signed audit record to the blockchain BC.

Description

Revocable attribute-based encryption method based on blockchain and policy hiding Technical Field The invention relates to the technical field of data security, in particular to a revocable attribute-based encryption method based on blockchain and policy hiding. Background With the rapid development of cloud computing, big data and artificial intelligence technology, massive data are outsourced and stored to a cloud to realize efficient resource sharing and convenient data access. However, data outsourcing also presents serious security and privacy challenges. The traditional encryption method generally adopts an access mode of 'all or nothing', and is difficult to support fine-grained access control in a complex service scene. To this end, attribute-based encryption (ABE) techniques have evolved that allow data owners to define flexible access policies based on user attributes, enabling one-to-many secure data sharing. In addition, the user attribute in the system may need to be dynamically revoked due to permission change, identity failure and other reasons, while the traditional ABE scheme lacks an efficient and safe revocation mechanism, often introduces huge calculation and communication expenditure, or relies on a single trusted center, and has single point of failure risk. Therefore, how to construct an ABE system supporting efficient attribute revocation on the premise of realizing policy hiding has become a key problem to be solved in the current data security field. On the other hand, in the prior art, in order to realize policy hiding, a part of schemes adopt means such as fuzzy mapping or pseudo attribute, but still have difficulty in achieving good balance between security and efficiency, and most schemes only support part of policy hiding, cannot completely hide attribute information in an access structure, and have hidden danger of privacy disclosure. And in terms of attribute revocation, common practices include periodic updates based on time slices, proxy re-encryption, or performing revocation by third parties, etc. However, most of these methods have the problems of high computational complexity, large communication load, dependence on trusted third parties and the like, and are difficult to be applied to large-scale and dynamically-changed cloud environments. Although cloud computing provides powerful computing and storage capabilities, the centralized architecture of the cloud computing has the risks of single-point faults, server trust loss, external attacks and the like, and the requirements of medical data on privacy and credibility are difficult to fully meet. Therefore, there is a need for a comprehensive encryption scheme that can integrate policy complete hiding, support lightweight attribute revocation, and provide audit and verification capabilities. Disclosure of Invention The encryption method can effectively protect privacy of data owners and users, avoid exposure of sensitive attributes, achieve good balance between security and efficiency, support safer fine-grained access control, introduce a Key Encryption Key (KEK) tree structure, achieve an efficient attribute-level revocation mechanism, overcome the defects of complex calculation and large communication load in a revocation process in a traditional ABE scheme, dynamically process user attribute change, reduce system overhead, be suitable for a large-scale cloud environment, improve expandability and practicability of a system, store key hash and access logs on the blockchain in combination with a blockchain technology, ensure non-tamper modification and operation traceability of data, automatically execute through intelligent contracts, enhance transparency and fairness of the system, avoid risks of relying on a single trusted center, and improve overall security reliability. In order to achieve the above object, an embodiment of the present invention provides a method for encryption of a revocable attribute base based on blockchain and policy hiding, including: respectively initializing an attribute authority center AA, a cloud service provider CSP, a data user DU, a block chain BC, a data manager DM and a data owner DO; constructing an access strategy, generating a symmetric key, encrypting the data file and the symmetric key, and outputting an intermediate ciphertext; replacing the access strategy in the intermediate ciphertext through a bloom filter, outputting a final ciphertext and a ciphertext header assembly, uploading the final ciphertext and the ciphertext header assembly to a cloud service provider CSP for storage, and storing a hash value of the final ciphertext to a blockchain BC; Verifying a decryption token of the data user DU application access data file; Verifying, namely judging whether the attribute set of the data user DU is in a revocation list or not; In the case that the set of attributes is not in the revocation list, verifying whether the attributes satisfy the access policy; Executing outsour