云端中支持细粒度访问控制策略的属性基加密

Attribute -based encryption (ABE) has been an active topic of public key cryptography in recent years. The access policy in ABE not only ensures the security of messages, but also provides efficient access control to encrypted data in Cloud. The existing works have evident defects in design principles, analysis theory , the expansion of applications.We take aim at these issues and will deal with the following topics. (1)To provide new design and analysis theory based on trapdoor over lattice. The new schemes will be constructed by using new Pre-Sampling Function to overcome the shortcomings in the expansion of key space and ciphertext space in the existing works.In addition, the new works will also possess a better mutual compatibility between security and efficiency. (2) To provide new access control policy. The new schemes will support "double hierarchy" design policy of the private key and ciphertext by combining the advantages of Boolean operator formula and arithmetic circuits with some new techniques such as verifiable random functions and dual-pair vector and bimodal Gaussian sampling. Futhermore, the new constructions will also support "Dual-Policy" ABE by combining ciphertext-policy ABE and key-policy ABE. All works will propose much moreflexible access control policy than the existing schemes. (3) To support much extension study. Based on the ABE over lattice, we will propose new constructions of predicate encryption and functional encryption, which will provide more choice of access control policy for sharing encrypted data in cloud computing. In additon, we also pay attention to some current hot issue and difficult problem in ABE such as the revocation of attribute-based key, multi-authority ABE. Our topics have the distinctive characteristics and our accumulation of professional knowledge can support us to complete succefully this project.

属性基加密(ABE)是近年来公钥密码领域研究热点，其接入准则既保证了信息的安全，又为云端中加密数据提供了有效访问控制策略，已有的方案在设计原理、分析理论，扩展应用等方面远未成熟，本课题针对这些关键问题展开研究，内容如下：(1) 基于格上陷门的新型设计与分析理论。利用新的原像抽样算法既解决已有格公钥存在的密钥、密文空间大的缺陷，又解决已有属性基加密在效率及安全方面的瓶颈问题。(2) 访问控制策略的新设计。结合布尔运算及算术电路运算的优点，采用可验证随机函数及"对偶-对"向量、双峰高斯抽样等新技术实现密钥、密文的层次设计策略，以及同时实现基于密钥策略ABE及密文策略ABE的对偶策略ABE，以此实现更加灵活的访问控制策略。(3) 扩展研究。利用格基属性基加密与向量内积设计谓词加密及功能加密，为云中数据共享提供更高效访问控制策略，同时解决在属性密钥撤销、多授权机构等应用方面的缺陷。

本课题围绕研究目标，在后量子方向、抗泄漏设计、匿名加密等方面取得一些研究成果，具体如下：.1) 后量子方案方面，基于LWE问题设计了一种新型的基于身份的分级加密，新方案具有短的公共参数，较小的私钥和密文空间；利用Hamming距离，设计了模糊属性基加密，该方案具有安全性强、公私钥短的优点；基于LWE困难问题，借助利用随机编码技术，设计了格基函数加密；设计了可撤销的分层格基身份基加密，在随机预言机模型下达到了适应性身份-时间安全；利用Key Switching 技术，将其扩展为ABHE。.2) 匿名加密方面，课题组利用可验证随机函数设计了匿名HIBE方案，首次实现了私钥与密文的常数化设计；将该思想用于设计匿名属性基加密，利用可验证伪随机函数生成用户的私钥，同时生成可验证性的公钥参数，这是课题组首次将该类函数引入到属性基加密的设计与分析中。在多权威机构属性基加密方案中，利用不经意传输与零知识证明协议，提出了一个匿名的私钥生成协议。设计的方案在私钥生成阶段具有更低的计算消耗；对现有的方案进行了分析，针对其漏洞提出了自己的改进方案，使得在保护用户身份隐私的同时可以抵抗用户合谋攻击。.3) 抗泄露攻击属性基加密的设计与分析。基于Goldreich-Levin定理和双系统加密技巧，提出一个抗连续泄漏且可容忍主密钥和属性私钥的泄漏有效的方案，同时密文长度恒定；课题组首先将哈希证明系统推广到属性基加密，提出密文策略基于属性的哈希证明系统和密钥策略基于属性的哈希证明系统。利用双系统加密技巧，课题组提出匿名的抗泄漏ABE方案。同时课题组构造了CCA2安全的方案，该方案可取得较大的泄漏界值log(p)-w(log k)。.4) 应用方面，设计了基于属性的匿名广播加密体制，该方案可抵抗恶意用户对密文的DDH测试；设计了分层属性基加密，实现了细粒度访问控制下主要授权和使用者同时分层，同时拥有较短的密文。

内容获取失败，请点击重试