Attribute-Based Encryption Method and System for Traceable and Revokable Malicious Users with Policy Hiding

Abstract

The present invention provides an attribute-based encryption method that can trace and revoke malicious users with hidden policies, including steps: S1, the authorization mechanism generates public parameters PP, user revocation lists R, and reserved system master keys MSK; S2, the authorization mechanism establishes and includes System attribute name set A, system attribute value set T′ system attribute set, data owner defines access policy W based on system attribute set; S3, data owner passes encryption algorithm according to PP, W, message m, R to be encrypted, Generate the ciphertext CT containing R and the incomplete access policy, and store CT in the cloud storage; S4. The authority generates a decryption key SK for user u; S5. User u decrypts CT through SK, only when user u is not in R , and the user u can decrypt and obtain m only when the matching verification of CT is passed; S6, the authority tracks the malicious user based on SK and PP, and updates R; S7, the cloud storage updates CT based on the updated R and the updated key X' . The invention protects user privacy through incomplete access policies, and can track and revoke malicious users.

Description

technical field [0001] The invention relates to the field of information security, in particular to an attribute-based encryption method for policy hiding that can trace and revoke malicious users. Background technique [0002] With the development of cloud computing technology, cloud storage system provides users with convenient data storage services, but as users outsource more and more sensitive data to cloud storage, data security issues and user privacy protection become a problem. Therefore, it is necessary to encrypt outsourced sensitive data, but how to achieve fine-grained access to shared data has also become a difficult problem for cloud storage services. [0003] Attribute-based encryption technology can ensure data security while realizing fine-grained access to shared data. There are two types of attribute-based encryption: key-policy attribute-based encryption (KP-ABE) and ciphertext-policy attribute-based encryption (CP-ABE). In CP-ABE, the ciphertext is re...

AI Technical Summary

Problems solved by technology

However, the access policy may also contain sensitive information, which may leak the user's privacy, so it is necessary to hide the access policy to achieve privacy protection

However, in the ABE (Attribute-BaseEncryption) system, there are also some legitimate users who will disclose their private keys to third parties. Since the decryption key is associated with the attribute, the user who leaks the decryption key cannot be determined. Therefore, it is necessary to apply the tracking mechanism to the traditional attribute-based encryption scheme

Images