新的格上多机构属性基加密方案

第40卷第4期电子与信息学报 Vol.40No.4 2018年4月Journal of Electronics & Information Technology Apr. 2018

新的格上多机构属性基加密方案

闫玺玺①刘媛①李子臣②汤永利*①叶青①

①(河南理工大学计算机学院焦作 454003)

②(北京印刷学院信息工程学院北京 102600)

摘要：针对基于双线性映射的属性基加密方案中无法抵抗量子攻击的问题，该文提出一种新的格上多机构属性基加密方案。先利用格上左抽样算法为用户生成密钥，使得用户私钥尺寸与级联矩阵的列数和用户属性个数相关，缩短用户私钥尺寸；然后采用Shamir门限秘密共享技术构造访问树，实现属性的与、或、门限3种操作，密文允许基于任意的访问结构生成，表达能力更加丰富，解决了大多方案中访问策略单一问题；方案证明可在标准模型下归约到判定性带误差学习问题的难解性。对比分析表明，方案系统公私钥、用户私钥和密文尺寸均有所优化，并较优于大多数单机构方案，此外方案存在多个属性机构，支持任意单调访问结构，安全性和实用性更满足云环境需求。

关键词：属性基加密；格；多机构；带误差学习；标准模型

中图分类号：TP309 文献标识码：A 文章编号：1009-5896(2018)04-0811-07 DOI: 10.11999/JEIT170628

New Multi-authority Attribute-based Encryption Scheme on Lattices YAN Xixi① LIU Yuan① LI Zichen② TANG Yongli① YE Qing①

①(School of Computer Science and Technology, Henan Polytechnic University, Jiaozuo454003, China)

②(School of Information Engineering, Beijing Institute of Graphic Communication, Beijing 102600, China)

Abstract: To resolve the problem of poor security on quantum attack in attribute-based encryption over the bilinear maps, a new multi-authority attribute-based encryption scheme on lattices is proposed. Firstly, the SamepleLeft algorithm was used to extract the user’s private key, so it can reduce the size of private key which is related to the dimensions of concatenation matrix and the quantity of users’ attributes. Secondly, aiming at the problem of single access policy, the new scheme employed the Shamir secret sharing scheme which is used to construct an access tree to realized “AND, OR, THRESHOLD” operations on attributes, so the ciphertext can be generated by any access structure, and the expressive skill of access policy is more extensive. Lastly, the security of the proposed scheme could reduce to the hardness of decisional learning with errors problem under standard model.

Comparative analysis shows that, the size of public parameters, master secret key, user’s private key and ciphertext are all optimized, and it has better performance than single authority schemes in some degree. Furthermore, from perspective of security and practicability, the new multi-authority attribute-based encryption scheme is more suitable for the demand of cloud environment.

Key words: Attribute-based encryption; Lattices; Multi-authority; Learning With Errors (LWE); Standard model

1引言

近年来，随着计算机和云计算的高速发展，人们趋于将数据存储在云端，然而这些数据往往包含用户的敏感信息，需加密处理。属性基加密[1]

收稿日期：2017-06-29；改回日期：2018-01-05；网络出版：2018-03-01 *通信作者：汤永利 yltang@https://www.360docs.net/doc/941267555.html,

基金项目：国家自然科学基金(61300216)，河南省教育厅科研项目(16A520013)，国家密码管理局“十三五”国家密码发展基金(MMJJ20170122)

Foundation Items: The National Natural Science Foundation of China (61300216), The Scientific Research Project of Henan Province (16A520013), The “13th Five-Year” National Crypto Development Foundation (MMJJ20170122)(Attribute-Based Encryption, ABE)作为一种新型的公钥加密技术，实现了一对多的通信以及对文件的细粒度访问控制，具有更高的灵活性和实用性。然而，大多现有的ABE方案是以双线性映射为基础的，计算复杂，存储开销大，且在后量子时代无法抵抗量子攻击，基于格的密码系统很难被量子计算机攻破，且具有较高的实用性和安全性。1997年，Ajtai等人[2]提出第1个基于格的公钥密码方案，该方案被证明解决密码系统中平均困难问题等价于解决最坏困难问题(worst-case)，但该系统的效率极低。文献[3]中提出格密码中的带误差学习问题(Learning With Errors, LWE)问题，并且证明其在

万方数据