Cloud storage outsourced decryption attribute-based encryption method capable of limiting access times

Abstract

The invention discloses a cloud storage outsourced decryption attribute-based encryption method capable of limiting access times, wherein a data user generates a corresponding conversion key accordingto a decryption key distributed by an attribute authority mechanism; the conversion key is outsourced to a cloud server when a decryption service needs to be outsourced; and a conversion ciphertext returned by the cloud server is subjected to outsourced decryption verification. In the method, an access structure of LSSS is adopted, a verifiable random function (VRF) is used to limit the access times of the user, a decryption operation of the client is outsourced to the cloud by using an outsourcing computing technology, a secure decryption outsourcing service is realized by using a key blinding technology, and the correctness of the outsourced decryption is verified through a verification token generated by using a cryptographic hash function. The fine-grained access control mode capableof limiting the access times of the users in a fixed time realizes public verification of the correctness of outsourced decryption in the attribute-based encryption.

Description

technical field [0001] The invention relates to the research field of cloud storage ciphertext access control, in particular to an attribute-based encryption method for cloud storage outsourcing decryption that can limit the number of visits. Background technique [0002] Attribute-based encryption (ABE) is a public-key-based one-to-many encryption mechanism that allows users to encrypt and decrypt data based on user attributes. A promising application of ABE is flexible access control of encrypted data stored in the cloud. The main flaw of traditional ABE schemes is that decryption involves costly pairing operations, and the number of such operations increases with the complexity of access policies, which is a fatal problem for resource-constrained mobile devices such as mobile phones. Use bottlenecks. To this end, someone proposed the concept of "outsourcing decryption" (Green M, Hohenberger S, Waters B. Outsourcing the decryption of ABE ciphertexts[C] / / USENIX Conference...

AI Technical Summary

Problems solved by technology

Originally based on Gentry's fully homomorphic encryption system (Gennaro R, Gentry C, Parno B. Non-interactive verifiable computing: outsourcing computation to untrusted workers[C] / / Conference on Advances in Cryptology. Springer-Verlag, 2010: 465- 482.), which is impractical for the current ABE system, because the "bootstrap" operation of a homomorphic operation with high security parameters takes about 30 minutes; Users can publicly verify the ABE scheme of the correctness of outsourced decryption (Junzuo Lai, Robert H. Deng, Chaowen Guan, et al. Attribute-Based Encryption WithVerifiable Outsourced Decryption [J]. IEEE Transactions on Information Forensics and Security, 2013, 8(8) :1343-1354.), however, this scheme introduces a lot of overhead in ciphertext transmission and decryption operations; in order to reduce the overhead, some scholars proposed an ABE with verifiable outsourcing decryption based on hash functions under the standard model Scheme (Baodong Qin, Robert H. Deng, Shengli Liu, et al. Attribute-based encryption with efficient verifiable outsourced encryption [J]. IEEE Transactions on Information Forensics and Security, 2015, 10(7): 1384–1393.), the The ciphertext size of the scheme is reduced by half, and the decryption cost is reduced by more than half, but the scheme does not provide a fine-grained access control method that can limit the number of user visits within a certain period of time; then someone proposed CPA based on the ABE scheme of outsourced decryption for CPA security. Safe and RCCA-safe Verifiable Outsourced Decryption ABE Generic Structure (Mao X, Lai J, Mei Q, et al. Generic and Efficient Constructions of Attribute-Based Encryption with Verifiable Outsourced Decryption[J].IE EE Transactions on Dependable & Secure Computing, 2016,13(5):533-546.), however, this scheme does not provide a fine-grained access control method that can limit the number of user visits within a certain period of time; recently, some scholars based on Rouselakis and Waters Prime order CP-ABE scheme and verifiable random function, a CP-ABE scheme that can verify the correctness of outsourced decryption is proposed (J.Ning, Z.Cao, X.Dong, et al.Auditableσ-Time Outsourced Attribute-Based Encryption for Access Control in Cloud Computing[J].IEEE Transactions on Information Forensics and Security,2018,13(1):94–105.), this scheme can also limit the number of visits of users within a certain period of time, but this scheme needs to be controlled by Trust a third party to perform the verification process

[0005] To sum up, the above schemes either do not support a limited number of visits within a certain period of time, or require a trusted third party to verify the correctness of outsourced decryption, or the calculation efficiency is too low or the overhead is too high to support a limited number of visits within a certain period of time. Access control of times and efficient public verification of outsourced decryption

Images