Abstract:Attribute-Based Encryption (ABE) scheme is widely used in the cloud storage due to its fine-grained access control. However, the single authority can lead to the trust issue and the computation bottleneck of distributing private keys in the original ABE schemes. To solve these problems, a distributed ABE scheme that consists of a number of central authorities and multiple attribute authorities, is constructed based on the prime-order bilinear group in this paper. Here, the central authority is responsible for establishing the system and generating the private key for the user, and a single private key is generated by only one central authority. In order to improve the stability of the system and reduce the calculation of the center authority, a plenty of central authorities are adopted. The attribute authority, which is independent of each other, is responsible for managing different attribute domains. At the same time, the ciphertext length of the proposed scheme has nothing to do with the number of attributes, therefore, it is a constant. The most important thing is that the decryption computation needs only two bilinear pair operations. The scheme is proved selectively secure based on q-Bilinear Diffie-Hellman Exponent (q-BDHE) assumption in the random oracle model. Finally, the functionality and efficiency of the proposed scheme are analyzed and verified. The experimental results show that the proposed scheme has both constant-size ciphertext and the ability of fast decryption, which greatly reduces the storage burden and improves the system efficiency.
ZHANG Yuqing, WANG Xiaofei, LIU Xuefeng, et al. Survey on cloud computing security[J]. Journal of Software, 2016, 27(6): 1328-1348. doi: 10.13328/j.cnki.jos.005004.
[2]
BETHENCOURT J, SAHAI A, and WATERS B. Ciphertext-policy attribute-based encryption[C]. IEEE Symposium on Security and Privacy, Los Alamitos, CA, USA, 2007: 321-334. doi: 10.1109/SP.2007.11.
[3]
JUNG T, Li X Y, WAN Z, et al. Control cloud data access privilege and anonymity with fully anonymous attribute- based encryption[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(1): 190-199. doi: 10.1109/ TIFS.2014.2368352.
TANG Qiang and JI Dongyao. Multi-authority verifiable attribute-based encryption[J]. Journal of Wuhan University (Natural Science Edition), 2008, 54(5): 607-610. doi: 10.14188 /j.1671-8836.2008.05.029.
[5]
CHASE M. Multi-authority attribute based encryption[C]. Theory of Cryptography Conference, Amsterdam, The Netherlands, 2007: 515-534. doi: 10.1007/978-3-540-70936 -7_28.
XIAO Siyu, GE Aijun, and MA Chuangui. Decentralized attribute-based encryption scheme with constant-size ciphertexts[J]. Journal of Computer Research and Development, 2016, 53(10): 2207-2215. doi: 10.7544/issn1000 -1239.2016.20160459.
[7]
CHASE M and CHOW S S M. Improving privacy and security in multi-authority attribute-based encryption[C]. Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, Illinois, USA, 2009: 121-130. doi: 10.1145/1653662.1653678.
[8]
LEWKO A and WATERS B. Decentralizing attribute-based encryption[C]. Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia, 2011: 568-588. doi: 10.1007/978-3-642- 20465-4_31.
[9]
LIU Z, CAO Z, HUANG Q, et al. Fully secure multi-authority ciphertext-policy attribute-based encryption without random oracles[C]. European Symposium on Research in Computer Security, Leuven, Belgium, 2011: 278-297. doi: 10.1007/978- 3-642-23822-2_16.
[10]
ROUSELAKIS Y and WATERS B. Efficient statically-secure large-universe multi-authority attribute-based encryption[C]. International Conference on Financial Cryptography and Data Security, San Juan, Puerto Rico, 2015: 315-332. doi: 10.1007/978-3-662-47854-7_19.
[11]
ZHONG H, ZHU W, XU Y, et al. Multi-authority attribute- based encryption access control scheme with policy hidden for cloud storage[J]. Soft Computing, 2016: 1-9. doi: 10.1007 /s00500-016-2330-8.
[12]
SCOTT-HAYWARD S, NATARAJAN S, and SEZER S. A survey of security in software defined networks[J]. IEEE Communications Surveys & Tutorials, 2016, 18(1): 623-654. doi: 10.1109/COMST.2015.2453114.
[13]
BLENK A, BASTA A, REISSLEIN M, et al. Survey on network virtualization hypervisors for software defined networking[J]. IEEE Communications Surveys & Tutorials, 2016, 18(1): 655-685. doi: 10.1109/COMST.2015.2489183.
[14]
CHOW S S M. A framework of multi-authority attribute- based encryption with outsourcing and revocation[C]. Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies, Shanghai, China, 2016: 215-226. doi: 10.1145/2914642.2914659.
[15]
LUO E, LIU Q, and WANG G. Hierarchical multi-authority and attribute-based encryption friend discovery scheme in mobile social networks[J]. IEEE Communications Letters, 2016, 20(9): 1772-1775. doi: 10.1109/LCOMM.2016.2584614.
WEI Jianghong, HU Xuexian, and LIU Wenfen. Attribute- based authenticated key exchange protocol in multiple attribute authorities environment[J]. Journal of Electronics & Information Technology, 2012, 34(2): 451-456. doi: 10.3724 /SP.J.1146.2011.00701.
FENG Dengguo and CHEN Cheng. Research on attribute- based cryptography[J]. Journal of Cryptologic Research, 2014, 1(1): 1-12. doi: 10.13868/j.cnki.jcr.000001.
[18]
LYNN B. The pairing-based cryptography (PBC) library[OL]. http://crypto.stanford.edu/pbc.2006.
[19]
BETHENCOURT J, SAHAI A, and WATERS B. Advanced crypto software collection: The cpabetoolkit[OL]. http://acsc. cs.utexas.edu/cpabe. 2011.