A key policy attribute-based encryption fast decryption method based on SM9

By proposing a fast decryption method for key policy attribute-based encryption based on SM9, utilizing public key aggregation technology and a linear secret sharing scheme, the problem of low decryption efficiency in key policy attribute-based encryption systems is solved, achieving efficient decryption and flexible access control, and is suitable for lightweight devices with limited computing and storage.

CN117200987BActive Publication Date: 2026-07-03FUJIAN NORMAL UNIV

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
FUJIAN NORMAL UNIV
Filing Date
2023-03-16
Publication Date
2026-07-03

AI Technical Summary

Technical Problem

Existing key policy attribute-based encryption systems have high computational costs during decryption, affecting system efficiency, especially in "one-to-many" scenarios where decryption operations are frequent, resulting in low system decryption efficiency.

Method used

A fast decryption method based on SM9 key policy attribute-based encryption is designed. The decryption process is constructed using public key aggregation technology, requiring only two pairing operations. The access control policy is implemented by combining a linear secret sharing scheme. The key structure of the SM9 identifier encryption algorithm is preserved. It is suitable for lightweight devices with limited computing, bandwidth and storage space.

Benefits of technology

It improves decryption efficiency, enhances the flexibility and adaptability of the method, supports fixed-length ciphertext and personalized trade-offs between key length and decryption time, and promotes the application of the SM9 algorithm in lightweight devices.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN117200987B_ABST
    Figure CN117200987B_ABST
Patent Text Reader

Abstract

This invention relates to a fast decryption method for attribute-based encryption using a key policy based on SM9. The method includes: a key generation center first generates system public parameters and a system master private key based on given system security parameters; secondly, it defines the system's attribute space based on the attributes used in the system; finally, it publishes the system public parameters but keeps the master private key secret; the data owner encrypts the message based on the attribute set corresponding to the data, generating corresponding ciphertext; the key generation center sets an access policy based on the user's decryption permissions, where a matrix is ​​used to map rows in the matrix to attributes in the attribute set, generating a private key corresponding to the corresponding access policy; after receiving the ciphertext, the data receiver can successfully decrypt it if and only if the attribute set in the ciphertext satisfies the access policy on the key; otherwise, decryption fails. This invention overcomes the decryption efficiency problem in attribute-based encryption algorithms using a key policy based on SM9.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of information security technology, specifically a fast decryption method for key policy attribute-based encryption based on SM9. Background Technology

[0002] With the rise of distributed network architectures and service environments such as cloud computing, big data, the Internet of Things, and blockchain, security issues related to the storage and transmission of national economic, managerial, and social affairs information, as well as citizens' personal information, are becoming increasingly prominent. Simultaneously, with the growth in the number of users and the volume of data within these systems, along with the increasing demands for data access control, the access control capabilities provided by traditional public-key encryption mechanisms are no longer sufficient to meet the growing practical needs of users.

[0003] Attribute-based encryption provides data privacy and fine-grained access control for distributed computing systems. It is a public-key encryption technique that associates users and ciphertext with policies and attribute sets, respectively. Attribute-based encryption is divided into ciphertext-policy attribute-based encryption and key-policy attribute-based encryption. In ciphertext-policy attribute-based encryption, the user key is associated with a set of attributes. The data owner encrypts the data using an access policy. Decryption is successful only if the attribute set associated with the user key satisfies the access policy in the ciphertext; otherwise, decryption fails. Key-policy attribute-based encryption works in the opposite way: the user key is associated with an access policy, and the ciphertext is associated with a set of attributes. Decryption is successful only if the attribute set associated with the ciphertext satisfies the access policy in the key; otherwise, decryption fails.

[0004] Most current key-policy attribute-based encryption systems are designed based on elliptic curve bilinear groups, and their decryption processes generally involve computationally expensive bilinear pairing operations. In "one-to-many" key-policy attribute-based encryption, decryption operations are used more frequently than encryption operations. Time-consuming decryption operations hinder the system's decryption efficiency and affect its practical application.

[0005] In response to this situation and the critical need for secure, controllable, and independently advanced information systems, this invention, based on my country's independently designed commercial cryptosystem SM9, proposes a fast decryption method for SM9-based key policy attribute-based encryption without altering the fundamental architecture of SM9 identifier encryption. This method achieves fast decryption and fixed-length ciphertext generation in SM9 key policy attribute-based encryption, demonstrating promising application prospects in lightweight devices with limited computing, bandwidth, and storage space. Summary of the Invention

[0006] The purpose of this invention is to provide a fast decryption method for SM9-based key policy attribute base encryption, so as to overcome the decryption efficiency problem in SM9-based key policy attribute base encryption algorithms.

[0007] To achieve the above objectives, the technical solution of the present invention is: a fast decryption method for key policy attribute-based encryption based on SM9, comprising the following steps:

[0008] S1. The key generation center first determines the security parameters given by the system. Generate system common parameters and system master private key Secondly, the system's attribute space is defined based on the attributes used in the system. Finally, the system's public parameters are made public, while the master private key remains confidential.

[0009] S2, The data owner, based on the set of attributes corresponding to the data. Encrypted messages This generates the corresponding ciphertext. ;

[0010] S3. The key generation center sets access policies based on the user's decryption permissions. ,in It is The matrix, It is a general The mapping from rows in the attribute set to attributes in the attribute set generates a private key corresponding to the respective access policy. ;

[0011] S4. After receiving the ciphertext, the data receiver can successfully decrypt it if and only if the set of attributes on the ciphertext satisfies the access policy on the key; otherwise, decryption will fail.

[0012] In one embodiment of the present invention, step S1 specifically includes:

[0013] The key generation center first selects the encryption level based on the SM9 identifier encryption algorithm. addition group , level Multiplication group and generator Secondly, choose a random number. Computational group elements in ,group elements in Define the attribute space as ,and ,make The front of the middle Each element is treated as a complete set of attributes, i.e. Finally from Random selection Each distinct element , ,... , , respectively corresponding to the attribute space Different attributes;

[0014] Define the system's public parameters, i.e., the master public key, as follows: The master private key is The system discloses its public parameters, namely the master public key, while keeping the master private key confidential.

[0015] in:

[0016] Cyclic group The order, and is prime numbers;

[0017] : greater than 0 and less than or equal to The set of integers;

[0018] Bilinear mapping;

[0019] A collision-resistant hash function;

[0020] : An identifier for an encrypted generation function, represented by one byte;

[0021] : Integer, representing the number of attributes in the attribute space.

[0022] In one embodiment of the present invention, the encryption algorithm used in step S2 for the encrypted message is implemented as follows:

[0023] The data owner enters the master public key. Messages to be encrypted Attribute set (Attribute Space) (a subset of the set); select random numbers Output ciphertext :

[0024]

[0025] in:

[0026] : and The splicing, among which and It is a bit string or a byte string;

[0027] The message to be encrypted belongs to the group. middle;

[0028] Partial encrypted text, among which Belongs to the group , Belongs to the group , Belongs to the group ;

[0029] Random numbers, belonging to ;

[0030] Random group elements, belonging to the group ;

[0031] In one embodiment of the present invention, the key generation center in step S3 employs a key generation algorithm, specifically including:

[0032] Input master key at key generation center An access strategy for an LSSS structure The key generation center first selects a random vector. These values ​​will be used to share the master key. Secondly, for arrive ,calculate ,in It is a matrix The first in Row vectors; finally, a random value is selected. Output private key for:

[0033]

[0034] in:

[0035] : Greater than or equal to 0 and less than or equal to The set of integers;

[0036] :Depend on In A vector consisting of n elements;

[0037] :belong Random numbers in the data;

[0038] :function In the access control matrix The attribute that the row is mapped to;

[0039] Partial decryption key, belonging to the group ;

[0040] Partial decryption key, belonging to the group ;

[0041] Partial decryption key, belonging to the group ;

[0042] : refers to the set of different attributes of the row mapping in the secret sharing matrix;

[0043] Remove the different attribute sets appearing in the key , ;

[0044] : An element in the text represents an attribute;

[0045] : Integers representing the number of rows and columns in the secret sharing matrix;

[0046] : Corresponding to , ,... , One of them, among which .

[0047] In one embodiment of the present invention, the decryption operation in step S4 is performed as follows:

[0048] Data receiver input access policy corresponding private key and attribute set Corresponding ciphertext ;if Access policy not satisfied Output Otherwise set and ,make For a set of constants that satisfy the following condition: if It is the master key Effective sharing of secrets has ;definition It refers to the set of different attributes used during decryption, obviously ,and Perform the following steps:

[0049] 1) Calculation:

[0050] ;in

[0051] 2) Calculation

[0052]

[0053] in:

[0054] Partial decryption key, belonging to the group , ;

[0055] 3) Calculation

[0056]

[0057] Final calculation Received news .

[0058] Compared to existing technologies, this invention has the following advantages: Without altering the basic architecture of the SM9 identifier encryption algorithm, this invention utilizes public key aggregation technology to construct a fast decryption method based on SM9 key policy attribute-based encryption. It has the following advantages:

[0059] 1. The method retains the key structure of the SM9 identifier encryption algorithm to the greatest extent, which can be effectively integrated with existing information systems that use SM9;

[0060] 2. The decryption operation in the method only uses two pairing operations, which is more efficient than existing key policy attribute base encryption methods;

[0061] 3. The method adopts a linear secret sharing scheme to implement the access control policy. Compared with the access tree, the linear secret sharing scheme is more expressive.

[0062] 4. The method is highly flexible and adaptable. Fixed-length ciphertext can be achieved by using public-key aggregation technology on the ciphertext in the encryption algorithm, or a personalized trade-off can be made between key length and decryption time. These can be achieved with only slight modifications to the method.

[0063] Based on the above advantages, the implementation of the method of the present invention can greatly promote the application of the SM9 key policy attribute-based encryption algorithm in lightweight devices with limited computing, bandwidth and storage space. Attached Figure Description

[0064] Figure 1 This is a flowchart of a key policy attribute-based encryption system based on SM9.

[0065] Figure 2 This is a schematic diagram of the encryption and decryption algorithm process. Detailed Implementation

[0066] The technical solution of the present invention will now be described in detail with reference to the accompanying drawings.

[0067] This invention discloses a fast decryption method for attribute-based encryption using a key policy based on SM9, comprising the following steps:

[0068] S1. The key generation center first determines the security parameters given by the system. Generate system common parameters and system master private key Secondly, the system's attribute space is defined based on the attributes used in the system. Finally, the system's public parameters are made public, while the master private key remains confidential.

[0069] S2, The data owner, based on the set of attributes corresponding to the data. Encrypted messages This generates the corresponding ciphertext. ;

[0070] S3. The key generation center sets access policies based on the user's decryption permissions. ,in It is The matrix, It is a general The mapping from rows in the attribute set to attributes in the attribute set generates a private key corresponding to the respective access policy. ;

[0071] S4. After receiving the ciphertext, the data receiver can successfully decrypt it if and only if the set of attributes on the ciphertext satisfies the access policy on the key; otherwise, decryption will fail.

[0072] The following are specific implementation examples of the present invention.

[0073] Please refer to Figure 1 A fast decryption method for key policy attribute-based encryption based on SM9, characterized by the following steps:

[0074] S1. The authoritative center (key generation center) first determines the security parameters given by the system. Generate common parameters of the system and system master private key Secondly, the system's attribute space is defined based on the attributes used in the system. Finally, the system's public parameters are made public, while the master and private keys remain confidential.

[0075] S2, The data owner, based on the set of attributes corresponding to the data. Encrypted messages This generates the corresponding ciphertext. .

[0076] S3, the Authority Center (Key Generation Center), sets access policies based on users' decryption permissions. ,in It is The matrix, It is a general The mapping from rows in the attribute set to attributes in the attribute set generates a private key corresponding to that access policy. .

[0077] S4. After receiving the ciphertext, the data receiver can successfully decrypt it if and only if the set of attributes on the ciphertext satisfies the access policy on the key; otherwise, decryption will fail.

[0078] Furthermore, the system establishment phase in step S1 specifically includes:

[0079] The key generation center first selects the encryption level based on the SM9 identifier encryption algorithm. addition group , level Multiplication group and generator Secondly, choose a random number. Computational group elements in ,group elements in Define the attribute space as ,and ,make The front of the middle Each element is treated as a complete set of attributes, i.e. Finally from Random selection Each distinct element , ,... , , respectively corresponding to the attribute space Different attributes;

[0080] Define the system's public parameters, i.e., the master public key, as follows: The master private key is The system discloses its public parameters, namely the master public key, while keeping the master private key confidential.

[0081] in:

[0082] Cyclic group The order, and is prime numbers;

[0083] : greater than 0 and less than or equal to The set of integers;

[0084] Bilinear mapping;

[0085] A collision-resistant hash function;

[0086] : An identifier for an encrypted generation function, represented by one byte;

[0087] : Integer, representing the number of attributes in the attribute space.

[0088] The encryption algorithm used in step S2 specifically includes:

[0089] The data owner enters the master public key. Messages to be encrypted Attribute set (Attribute Space) (a subset of the set); select random numbers Output ciphertext :

[0090]

[0091] in:

[0092] : and The splicing, among which and It is a bit string or a byte string;

[0093] The message to be encrypted belongs to the group. middle;

[0094] Partial encrypted text, among which Belongs to the group , Belongs to the group , Belongs to the group ;

[0095] Random numbers, belonging to ;

[0096] Random group elements, belonging to the group ;

[0097] The key generation algorithm used by the key generation center in step S3 specifically includes:

[0098] Input master key at key generation center An access strategy for an LSSS structure The key generation center first selects a random vector. These values ​​will be used to share the master key. Secondly, for arrive ,calculate ,in It is a matrix The first in Row vectors; finally, a random value is selected. Output private key for:

[0099]

[0100] in:

[0101] : Greater than or equal to 0 and less than or equal to The set of integers;

[0102] :Depend on In A vector consisting of n elements;

[0103] :belong Random numbers in the data;

[0104] :function In the access control matrix The attribute that the row is mapped to;

[0105] Partial decryption key, belonging to the group ;

[0106] Partial decryption key, belonging to the group ;

[0107] Partial decryption key, belonging to the group ;

[0108] : refers to the set of different attributes of the row mapping in the secret sharing matrix;

[0109] Remove the different attribute sets appearing in the key , ;

[0110] : An element in the text represents an attribute;

[0111] : Integers representing the number of rows and columns in the secret sharing matrix;

[0112] : Corresponding to , ,... , One of them, among which .

[0113] The decryption operation in step S4 specifically includes:

[0114] Data receiver input access policy corresponding private key and attribute set Corresponding ciphertext ;if Access policy not satisfied Output Otherwise set and ,make For a set of constants that satisfy the following condition: if It is the master key Effective sharing of secrets has ;definition It refers to the set of different attributes used during decryption, obviously ,and Perform the following steps:

[0115] 1) Calculation:

[0116] ;in

[0117] 2) Calculation

[0118]

[0119] in:

[0120] Partial decryption key, belonging to the group , ;

[0121] 3) Calculation

[0122]

[0123] Final calculation Received news .

[0124] This invention, without altering the basic architecture of the SM9 identifier encryption algorithm, utilizes public-key aggregation technology to construct a fast decryption method based on SM9 key policy attribute-based encryption. It has the following advantages:

[0125] 1. The method retains the key structure of the SM9 identifier encryption algorithm to the greatest extent, which can be effectively integrated with existing information systems that use SM9;

[0126] 2. The decryption operation in the method only uses two pairing operations, which is more efficient than existing key policy attribute base encryption methods;

[0127] 3. The method adopts a linear secret sharing scheme to implement the access control policy. Compared with the access tree, the linear secret sharing scheme is more expressive.

[0128] 4. The method is highly flexible and adaptable. Fixed-length ciphertext can be achieved by using public-key aggregation technology on the ciphertext in the encryption algorithm, and personalized trade-offs can be made between key length and decryption time. These operations can be implemented with only slight modifications to the method.

[0129] 4.1 Implementation of Fixed Ciphertext Length

[0130] The key and ciphertext structure in the method are improved as follows:

[0131] The ciphertext structure is as follows:

[0132]

[0133] The key structure is as follows:

[0134]

[0135] 4.2 Trade-off between key length and decryption time

[0136] Defined in the method Decomposed into Non-intersecting Define function , making when hour, Then for each ,calculate

[0137]

[0138] For each ,calculate and calculation Recover Finally, remove those keys that are not in the same subset. In Reduce the length of the key.

[0139] Based on the above advantages, the implementation of the method of the present invention can greatly promote the application of the SM9 key policy attribute-based encryption algorithm in lightweight devices with limited computing, bandwidth and storage space.

[0140] The above are preferred embodiments of the present invention. Any changes made to the technical solution of the present invention that do not exceed the scope of the technical solution of the present invention shall fall within the protection scope of the present invention.

Claims

1. A fast decryption method for attribute-based encryption using a key policy based on SM9, characterized in that, Includes the following steps: S1. The key generation center first determines the security parameters given by the system. Generate system common parameters and system master private key Secondly, the system's attribute space is defined based on the attributes used in the system. Finally, the system's public parameters are made public, while the master private key remains confidential. S2, The data owner, based on the set of attributes corresponding to the data. Encrypted messages This generates the corresponding ciphertext. ; S3. The key generation center sets access policies based on the user's decryption permissions. ,in It is The matrix, It is a general The mapping from rows in the attribute set to attributes in the attribute set generates a private key corresponding to the respective access policy. ; S4. After receiving the ciphertext, the data receiver can successfully decrypt it if and only if the set of attributes on the ciphertext satisfies the access policy on the key; otherwise, decryption will fail. Step S1 specifically includes: The key generation center first selects the encryption level based on the SM9 identifier encryption algorithm. addition group , level Multiplication group and generator Secondly, choose a random number. Computational group elements in ,group elements in Define the attribute space as ,and ,make The front of the middle Each element is treated as the complete set of attributes, i.e. Finally from Random selection Each distinct element , ,... , , respectively corresponding to the attribute space Different attributes; Define the system's public parameters, i.e., the master public key, as follows: The master private key is The system discloses its public parameters, namely the master public key, while keeping the master private key confidential. in: Cyclic group The order, and is prime numbers; : greater than 0 and less than or equal to The set of integers; Bilinear mapping; : Integer, representing the number of attributes in the attribute space; The encryption algorithm used in step S2 is as follows: The data owner enters the master public key. Messages to be encrypted Attribute set It is an attribute space A subset; select random numbers Output ciphertext : in: : and The splicing, among which and It is a bit string or a byte string; A collision-resistant hash function; : An identifier for an encrypted generation function, represented by one byte; The message to be encrypted belongs to the group. middle; Partial encrypted text, among which Belongs to the group , Belongs to the group , Belongs to the group ; Random group elements, belonging to the group .

2. The fast decryption method for key policy attribute-based encryption based on SM9 according to claim 1, characterized in that, In step S3, the key generation center employs a key generation algorithm, specifically including: Input the master private key at the key generation center An access strategy for an LSSS structure The key generation center first selects a random vector. These values ​​will be used to share the master private key. Secondly, for arrive ,calculate ,in It is a matrix The first in Row vectors; finally, a random value is selected. Output private key for: in: : Greater than or equal to 0 and less than or equal to The set of integers; :Depend on In A vector consisting of n elements; :belong Random numbers in the data; :function In the access control matrix The attribute that the row is mapped to; Partial decryption key, belonging to the group ; Partial decryption key, belonging to the group ; Partial decryption key, belonging to the group ; : refers to the set of different attributes of the row mapping in the secret sharing matrix; Remove the different attribute sets appearing in the key , ; : An element in the text represents an attribute; : Integers representing the number of rows and columns in the secret sharing matrix; : Corresponding to , ,... , One of them, among which .

3. The fast decryption method for key policy attribute-based encryption based on SM9 according to claim 2, characterized in that, The decryption operation in step S4 is as follows: Data receiver input access policy corresponding private key and attribute set Corresponding ciphertext ;if Access policy not satisfied Output Otherwise set and ,make For a set of constants that satisfy the following condition: if It is the master private key Effective sharing of secrets has ;definition It refers to the set of different attributes used during decryption, obviously ,and Perform the following steps: 1) Calculation: ;in ; 2) Calculation in: Partial decryption key, belonging to the group , ; 3) Calculation Final calculation Received news .