Revocable attribute encryption method based on complete binary tree

A complete binary tree and attribute encryption technology, applied in the field of revocable attribute encryption, which can solve the problems of incomplete revocation user information and high complexity

Active Publication Date: 2015-12-23
重庆涔信科技有限公司
3 Cites 12 Cited by

AI-Extracted Technical Summary

Problems solved by technology

[0004] The purpose of the present invention is to provide a revocable attribute encryption method based on a complete binary tree, which...
View more

Method used

The present invention is based on the revocable attribute encryption method of complete binary tree, can finish revoking to user under the situation that does not update system public key and the private key of any user, has realiz...
View more

Abstract

The present invention discloses a revocable attribute encryption method based on a complete binary tree. The method comprises the steps of firstly carrying out system parameter initialization, then carrying out a key generation process, carrying out encryption, and finally carrying out decryption. According to the method, the technology that all information of a node corresponding user is revoked after revoking a binary tree leaf node is realized, through the intersection of the corresponding path of the user in the binary tree and the coverage set corresponding to a revoking list, whether the user has decryption ability is judged, once the user is revoked, the user does not have the decryption ability any more, and the overall safety of the scheme is proved based on a determination bilinear Diffie-Hellman problem.

Application Domain

Key distribution for secure communication

Technology Topic

Key generationBinary tree +1

Image

  • Revocable attribute encryption method based on complete binary tree
  • Revocable attribute encryption method based on complete binary tree
  • Revocable attribute encryption method based on complete binary tree

Examples

  • Experimental program(1)

Example Embodiment

[0034] The present invention will be described in detail below with reference to specific embodiments.
[0035] The present invention is based on the revocable attribute encryption method of the complete binary tree, and is specifically implemented according to the following steps:
[0036] Step 1. System parameter initialization:
[0037] The specific steps are as follows:
[0038] Enter the security parameter λ and randomly select α∈Z p , where Z p ={0,1,...,p-1}, use the set {1,2,...,m} to represent the attribute set, where m is the maximum number of attributes in the system, and use a complete binary tree for each The leaf node represents the unique identifier of a user, and defines the set of all users in the system as U. According to the system naming rules, U is transformed into in represents the entire set of leaf nodes transformed by all users, let is the set of nodes in the binary tree determined according to the system naming rules, for each leaf node make Indicates the path from the leaf node to the root node, for the partially marked leaf node set set overlay node Cover(L) is the minimum coverage set of unmarked leaf nodes, and defines the maximum number of nodes in the covered nodes as d. What this method revokes is the unique identifier of the user, which corresponds to the revoke of the leaf nodes in the binary tree. Let R t Represents the list of revoked user identities at time t, that is, R t The elements within are the revoked leaf nodes of the binary tree at time t, where For each attribute i∈[1,m], choose s at random i ∈Z p ,definition Randomly choose d+1 values ​​h 0 ,h 1 ,...,h d ∈Z p ,definition Also define H ( x ) = Π j = 0 d ( H j ) x j , output master private key and public parameters :
[0039]
[0040] Step 2. Key generation:
[0041] Specifically, follow the steps below:
[0042] Step (2.1), convert the access policy into an access structure (M, ρ) through the linear secret sharing technique LSSS, where the matrix M is an l×k matrix, M i is the corresponding i-th row of matrix M, and the mapping ρ converts M i Mapped to the attribute ρ(i);
[0043] Step (2.2), randomly select α 1 ,α 2 make it satisfy α=α 1 +α 2 , select the vector where z 2 ,...,z k ∈Z p ,calculate and randomly selected For any node in a binary tree choose r at random x ∈Z p Correspondingly, the private key sk with the ID under (M, ρ) is output ID,(M,ρ) =(D 1 ,D 2 ,D 3 ,D 4 ):
[0044] D 1 = { D i ( 1 ) | D i ( 1 ) = g λ i T i β i , i ∈ [ 1 , l ] } ; D 2 = { D i ( 2 ) | D i ( 2 ) = g β i , i ∈ [ 1 , l ] } ; D 3 = { D x ( 3 ) | D x ( 3 ) = g α 2 H ( x ) r x , x ∈ P a t h [ I D ] } ;
[0045] D 4 = { D x ( 4 ) | D x ( 4 ) = g r x , x ∈ P a t h ( I D ) } ;
[0046] Step 3. Encryption:
[0047] Specifically, follow the steps below:
[0048] Step (3.1), randomly select s∈Z p ,calculate C (1) =g s , for the attribute set For each attribute i∈ω, compute
[0049] Step (3.2), according to the system revocation list R at time t t , the system revocation list R t Represents the set of revoked user identities at time t, looking for Cover(R t ), so that Cover(R t ) is the minimum cover of U\R, and calculate Cover(R t ) covering leaf nodes:
[0050] x ∈ C o v e r ( R t ) : C x ( t ) = H ( x ) s ,
[0051] In summary, the output ciphertext CT:
[0052] C T = ( C 0 , C ( 1 ) , { C i ( 2 ) } i ∈ ω , { C x ( t ) } x ∈ C o v e r ( R t ) ) ;
[0053] Step 4. Decryption:
[0054] Specifically, follow the steps below:
[0055] Step (4.1), when the attribute set ω satisfies the access structure (M, ρ), the user The user implements decryption and defines I={i:ρ(i)∈ω}. According to the reconstructability of LSSS, there is an array μ i Satisfy Σ I μ i M i = ( 1 , 0 , ... , 0 ) ;
[0056] Step (4.2), because Then there is x∈Path(ID)∩Cover(R t ),calculate:
[0057]
[0058]
[0059] exist combine successfully decrypted the message
[0060] The security analysis of the revocable attribute encryption method based on the complete binary tree of the present invention is carried out below:
[0061] Proof of correctness:
[0062] If all data are generated as described in the inventive method, the decryption calculation is as follows:
[0063]
[0064]
[0065] therefore,
[0066]
[0067] Summarize the present invention:
[0068] The present invention is based on the revocable attribute encryption method based on the complete binary tree, which is an important progress of the revocable attribute encryption method, specifically: 1) constructing a complete binary tree, and using each leaf node of the binary tree as the unique identifier of the user; 2) revoking During the process, once the user's identifier is revoked, the user will be revoked. At this time, regardless of whether the user's attributes satisfy the access structure constituted by the access policy, the user no longer has the ability to decrypt; 3) Input the security parameters to construct the system master secret. 4) According to the path of the binary tree where the user is located, establish the user's private key; 5) Encrypt the message through the cover set of the known revocation user list; 6) Find the user path corresponding to the revocation list The intersection of the covering set to implement the decryption operation.
[0069] The present invention is based on the revocable attribute encryption method of the complete binary tree, which can complete the revocation of the user without updating the public key of the system and the private key of any user, and realizes the purpose of revoking all the information of the user, and the cost is small. The construction of is simpler, and the security of the scheme is guaranteed on the basis of the discriminative bilinear Diffie-Hellman problem.

PUM

no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products