双系统加密在属性基密码方案的应用
|
摘要
信息分布存储系统中需要复杂的访问结构控制以及被保护信息的多种属性标签。在传统系统中,为了实现访问结构控制,由一台服务器明文存储所以信息,并作为控制服务器接受信息的访问请求。信息是以明文形式存储在服务器上,攻击者如果直接访问存储介质即可获取信息。Sahai和Waters提出的属性基密码方案(ABE),恰好迎合了这种信息访问控制的需求。属性基密码方案是将访问控制结构以及属性集合分别与私钥或密文相结合,存储服务器上的信息都已密文形式存储,用户可以直接取得密文而不在需要认证服务器,是否能获得秘密信息取决于属性集合是否满足访问控制结构。应用了这样一个系统后,同时解决了数据存储服务器的压力与信息的访问控制问题。
除了访问控制问题,在有些情况下,用户可能在获得访问权限后又遇到必须剥夺该权限的问题,例如付费电视等的互联网应用。因此,还需要在密钥系统中加入私钥撤销的密钥操作功能。之前的属性基加密系统多是在选择安全模型下规约证明的,并且都没有是想用户私钥的撤销机制。该论文将提出一个属性基加密系统,该系统将应用双系统加密的技术来实现完全安全模型下的可证明安全,并且实现了私钥的撤销功能。
主要贡献如下:
1.我们将应用双系统加密技术来帮助我们的属性基密码系统实现完全安全模型下的可证明安全。
2.方案的安全性证明将应用游戏序列的证明方式即逐步将方案中的密文和询问私钥都转变为半状态模式。
3.我们将应用完全二叉树技术来实现用户私钥的撤销管理功能。
Distributed information systems require complex access control which depends upon attributes of protected data and access policies.
Traditionally, to enforce the access control, a file server is used to restore all data and acts as a reference to check the user. Apparently, the drawback of this system's security is based on the file server and the data is restored in plaintext. Attribute based encryption(ABE) was introduced first by Sahai and Waters that enables an access control mechanism over encrypted data by specifying the users' attributes. Employs this mechanism, even the file server is compromised, we can still keep the security of the data. Besides the access control, user may be deprived of the ability in some situation, for example pay TV. More previous ABE constructions were proven secure in the selective model of security, and few of them realize revocation of the users' key. This paper will present an ABE scheme that supports revocation and has full security by adapting the dual system encryption methodology.
The major contributions include:
1. We adapt the dual system encryption technique to ABE case to gain full security.
2. The proof employs a sequence of security games which the ciphertext and queried keys are changed to semi-functional one by one.
3. We add the Complete Binary Tree technique to realize user's revocation.
除了访问控制问题,在有些情况下,用户可能在获得访问权限后又遇到必须剥夺该权限的问题,例如付费电视等的互联网应用。因此,还需要在密钥系统中加入私钥撤销的密钥操作功能。之前的属性基加密系统多是在选择安全模型下规约证明的,并且都没有是想用户私钥的撤销机制。该论文将提出一个属性基加密系统,该系统将应用双系统加密的技术来实现完全安全模型下的可证明安全,并且实现了私钥的撤销功能。
主要贡献如下:
1.我们将应用双系统加密技术来帮助我们的属性基密码系统实现完全安全模型下的可证明安全。
2.方案的安全性证明将应用游戏序列的证明方式即逐步将方案中的密文和询问私钥都转变为半状态模式。
3.我们将应用完全二叉树技术来实现用户私钥的撤销管理功能。
Distributed information systems require complex access control which depends upon attributes of protected data and access policies.
Traditionally, to enforce the access control, a file server is used to restore all data and acts as a reference to check the user. Apparently, the drawback of this system's security is based on the file server and the data is restored in plaintext. Attribute based encryption(ABE) was introduced first by Sahai and Waters that enables an access control mechanism over encrypted data by specifying the users' attributes. Employs this mechanism, even the file server is compromised, we can still keep the security of the data. Besides the access control, user may be deprived of the ability in some situation, for example pay TV. More previous ABE constructions were proven secure in the selective model of security, and few of them realize revocation of the users' key. This paper will present an ABE scheme that supports revocation and has full security by adapting the dual system encryption methodology.
The major contributions include:
1. We adapt the dual system encryption technique to ABE case to gain full security.
2. The proof employs a sequence of security games which the ciphertext and queried keys are changed to semi-functional one by one.
3. We add the Complete Binary Tree technique to realize user's revocation.
引文
[1] A. Beimel. Secure schemes for secret sharing and key distribution. PhD thesis, Israel Institute of Technology, Technion, Haifa, Israel, 1996.
[2] A. Lewko and B. Waters. New techniques for dual system encryption and fully secure hibe with short ciphertexts. In TCC, 2010
[3] A. Lewko, T. Okamoto, A. Sahai, K. Takashima, and B.Waters. Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In EUROCRYPT, pages 62-91, 2010.
[4] A. Lewko,. B. Waters: Decentralizing attribute-based encryption. Cryptology ePrint Archive, Report 2010/351 (2010), http://eprint.iacr.org/
[5] A. Shamir,“Identity-based cryptosystems and signature schemes”, In CRYPTO’84, LNCS vol. 196,pages 47-53. Springer, 1984
[6] Aiello, W., Lodha, S., Ostrovsky, R.: Fast digital identity revocation (extended abstract). In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 137–152. Springer, Heidelberg (1998)
[7] Amos Fiat and Moni Naor. Broadcast encryption. In CRYPTO, pages 480-491, 1993.
[8] B. Waters. Efficient identity-based ecnryption without random oracles. In EUROCRYPT, pages 114-127, 2005.
[9] B. Waters. Ciphertext-policy attribute-based encryption: Anexpressive, efficient, and provably secure realization. Cryptology ePrint Archive, Report 2008/290, 2008.
[10] B Waters. Dual system encryption: realizing fully secure IBE and HIBE under simple assumptions. In CRYPTO, pages 619-636, 2009.
[11] Boneh, X. Boyen, and E. Goh. Hierarchical identity based encryption with constant size ciphertext. In EUROCRYPT, pages 440-456, 2005.
[12] Beno?t Libert, Damien Vergnaud: Adaptive-ID Secure Revocable Identity-Based Encryption. CT-RSA 2009:1-15
[13] Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, pp. 321–334. IEEE Computer Society, Los Alamitos (2007)
[14] Boldyreva, A., Goyal, V., Kumar, V.: Identity-based encryption with efficient re- vocation. In: ACM Conference on Computer and Communications Security 2008, pp.417–426 (2008)
[15] Boneh, D., Franklin, M.: Identity Based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229.Springer, Heidelberg (2001)
[16] Craig Gentry: Practical identity-based encryption without random oracles. In EUROCRYPT 2006
[17] Craig Gentry and Brent Waters. Adaptive security in broadcast encryption systems. In Eurocrypt, 2009
[18] Dalit Naor, Moni Naor, Jeffery Lotspiech: Revocation and Tracing Schemes for Stateless Receivers Electronic Colloquium on Computational Complexity (ECCC) (ECCC)(043) (2002)
[19] Dan Boneh and Brent Waters. Conjunctive, subset, and range queries on encrypted data. In TCC, pages 535-554, 2007
[20] Dan Boneh and Xavier Boyen. Efficient selective-id secure identity-based encryption without random oracles. In EUROCRYPT, pages 223-238, 2004
[21] Dan Boneh and Xavier Boyen. Secure identity based encryption without random oracles. In CRYPTO, pages 443-459, 2004
[22] Dan Boneh, Giovanni Di Crescenzo, Rafail Ostrovsky, and Giuseppe Persiano. Public key encryption with keyword search. In EUROCRYPT, pages 506-522, 2004.
[23] F. Brickell. Some ideal secret sharing schemes. Journal of Combinatorial Mathematics and Combinatorial Computing, 6:105–113, 1989.
[24] Shi and B.Waters. Delegating capabilities in predicate encryption systems. In Automata, Languages and Programming, pages 560-578, 2008.
[25] Eiichiro Fujisaki, Tatsuaki Okamoto: Secure Integration of Asymmetric and Symmetric Encryption Schemes. CRYPTO 1999:537-554
[26] Emily Shen, Elaine Shi, Brent Waters: Predicate Privacy in Encryption Systems. TCC 2009:457-473
[27] Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute Based Encryption for Fine-Grained Access Conrol of Encrypted Data. In: ACM conference on Computer and Communications Security (ACM CCS) (2006)
[28] H. Anton and C. Rorres. Elementary Linear Algebra, 9th Edition. 2005.
[29] J. Katz, A. Sahai, and B.Waters. Predicate encryption supporting disjunctions, polynomial equations, and inner products. In EUROCRYPT, pages 146-162, 2008.
[30] Jae Hong Seo, Tetsutaro Kobayashi, Miyako Ohkubo, Koutarou Suzuki: Anonymous Hierarchical Identity-Based Encryption with Constant Size Ciphertexts. Public Key Cryptography 009:215-234
[31] Kaoru Kurosawa and Yvo Desmedt: A new paradigm of hybrid encryption scheme. in CRYPTO 2004.
[32] L. Cheung and C. Newport. Provably secure ciphertext policy abe. In CCS, pages456-465,2007.
[33] Libert, B., Vergnaud, D.: Adaptive-ID secure revocable identity-based encryption. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 1–15.Springer, Heidelberg (2009)
[34] Libert and J.-J. Quisquater. Efficient revocation and threshold pairing based cryptosystems. In PODC, pages 163–171, 2003.
[35] M. Naor and B. Pinkas. E?cient trace and revoke schemes. In Financial Cryptography, pages 1–20, 2000.
[36] M. Pirretti, P. Traynor, P. McDaniel, and B. Waters. Secure attribute-based systems. In CCS, pages 99-112, 2006.
[37] Mihir Bellare and Phillip Rogaway: Random oracles are practical: a paradigm for designing efficient protocols. In CCS 1993
[38] M. Chase. Multi-authority attribute based encryption. In TCC, pages 515-534, 2007.
[39] Nuttapong Attrapadung, Hideki Imai: Dual-Policy Attribute Based Encryption: Simultaneous Access Control with Ciphertext and Key Policies. IEICE Transactions (IEICET) 93-A(1):116-125 (2010)
[40] Nikov, V., Nikova, S.: New monotone span programs from old. Cryptology ePrint Archive, Report 2004/282 (2004), http://eprint.iacr.org/
[41] Ostrovsky, R., Sahai, A., Waters, B.: Attribute Based Encryption with Non-Monotonic Access Structures. In: ACM conference on Computer and Communications Security (ACM CCS) (2007)
[42] Ran Canetti, Shai Halevi, and Jonathan Katz. Chosen-ciphertext security from identity-based encryption. In EUROCRYPT, pages 207-222, 2004.
[43] Rafail Ostrovksy, Amit Sahai, and Brent Waters. Attribute Based Encryption with Non-Monotonic Access Structures. In CCS, 2007.
[44] Ronald Cramer and Victor Shoup: A practical public key cryptosystem provably secure agasinst adaptive choesen ciphertext attack. In CRYPTO 98
[45] Sahai, A., Waters, B.: Fuzzy Identity Based Encryption. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473.Springer, Heidelberg (2005)
[46] T. Okamoto and K. Takashima. Hierarchical predicate encryption for inner-products. In ASIACRYPT, 2009
[47] V. Goyal, A. Jain, O. Pandey, and A. Sahai. Bounded ciphertext policy attribute-based encryption. In ICALP, 2008.
[48] V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute Based Encryption for Fine-Grained Access Conrol of Encrypted Data. In CCS, 2006.
[49] V. Shoup. Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332, 2004. http://eprint.iacr.org/.
[50] W. Diffie, M.E. Hellman,“New direction in cryptography”, IEEE Trans. Inf. Theory, 22(6), pages 644-654, 1976
[51] Xavier Boyen: General ad hoc encryption from exponent inversion IBE. In EUROCRYPT 2007.
[52] Yvo Desmedt, Rosario Gennaro, Kaoru Kurosawa and Victor Shoup: A new and improved paradigm of hybrid encryption secure against chosen-ciphertext attack. In Journal of Cryptology, 2010
[53] Harry Buhrman, Nishanth Chandran, Serge Fehr, Ran Gelles, Vipul Goyal, Rafail Ostrovsky, Christian Schaffner: Position-Based Quantum Cryptography: Impossibility and Constructions CoRR abs/1009.2490 (2010)
[2] A. Lewko and B. Waters. New techniques for dual system encryption and fully secure hibe with short ciphertexts. In TCC, 2010
[3] A. Lewko, T. Okamoto, A. Sahai, K. Takashima, and B.Waters. Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In EUROCRYPT, pages 62-91, 2010.
[4] A. Lewko,. B. Waters: Decentralizing attribute-based encryption. Cryptology ePrint Archive, Report 2010/351 (2010), http://eprint.iacr.org/
[5] A. Shamir,“Identity-based cryptosystems and signature schemes”, In CRYPTO’84, LNCS vol. 196,pages 47-53. Springer, 1984
[6] Aiello, W., Lodha, S., Ostrovsky, R.: Fast digital identity revocation (extended abstract). In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 137–152. Springer, Heidelberg (1998)
[7] Amos Fiat and Moni Naor. Broadcast encryption. In CRYPTO, pages 480-491, 1993.
[8] B. Waters. Efficient identity-based ecnryption without random oracles. In EUROCRYPT, pages 114-127, 2005.
[9] B. Waters. Ciphertext-policy attribute-based encryption: Anexpressive, efficient, and provably secure realization. Cryptology ePrint Archive, Report 2008/290, 2008.
[10] B Waters. Dual system encryption: realizing fully secure IBE and HIBE under simple assumptions. In CRYPTO, pages 619-636, 2009.
[11] Boneh, X. Boyen, and E. Goh. Hierarchical identity based encryption with constant size ciphertext. In EUROCRYPT, pages 440-456, 2005.
[12] Beno?t Libert, Damien Vergnaud: Adaptive-ID Secure Revocable Identity-Based Encryption. CT-RSA 2009:1-15
[13] Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, pp. 321–334. IEEE Computer Society, Los Alamitos (2007)
[14] Boldyreva, A., Goyal, V., Kumar, V.: Identity-based encryption with efficient re- vocation. In: ACM Conference on Computer and Communications Security 2008, pp.417–426 (2008)
[15] Boneh, D., Franklin, M.: Identity Based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229.Springer, Heidelberg (2001)
[16] Craig Gentry: Practical identity-based encryption without random oracles. In EUROCRYPT 2006
[17] Craig Gentry and Brent Waters. Adaptive security in broadcast encryption systems. In Eurocrypt, 2009
[18] Dalit Naor, Moni Naor, Jeffery Lotspiech: Revocation and Tracing Schemes for Stateless Receivers Electronic Colloquium on Computational Complexity (ECCC) (ECCC)(043) (2002)
[19] Dan Boneh and Brent Waters. Conjunctive, subset, and range queries on encrypted data. In TCC, pages 535-554, 2007
[20] Dan Boneh and Xavier Boyen. Efficient selective-id secure identity-based encryption without random oracles. In EUROCRYPT, pages 223-238, 2004
[21] Dan Boneh and Xavier Boyen. Secure identity based encryption without random oracles. In CRYPTO, pages 443-459, 2004
[22] Dan Boneh, Giovanni Di Crescenzo, Rafail Ostrovsky, and Giuseppe Persiano. Public key encryption with keyword search. In EUROCRYPT, pages 506-522, 2004.
[23] F. Brickell. Some ideal secret sharing schemes. Journal of Combinatorial Mathematics and Combinatorial Computing, 6:105–113, 1989.
[24] Shi and B.Waters. Delegating capabilities in predicate encryption systems. In Automata, Languages and Programming, pages 560-578, 2008.
[25] Eiichiro Fujisaki, Tatsuaki Okamoto: Secure Integration of Asymmetric and Symmetric Encryption Schemes. CRYPTO 1999:537-554
[26] Emily Shen, Elaine Shi, Brent Waters: Predicate Privacy in Encryption Systems. TCC 2009:457-473
[27] Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute Based Encryption for Fine-Grained Access Conrol of Encrypted Data. In: ACM conference on Computer and Communications Security (ACM CCS) (2006)
[28] H. Anton and C. Rorres. Elementary Linear Algebra, 9th Edition. 2005.
[29] J. Katz, A. Sahai, and B.Waters. Predicate encryption supporting disjunctions, polynomial equations, and inner products. In EUROCRYPT, pages 146-162, 2008.
[30] Jae Hong Seo, Tetsutaro Kobayashi, Miyako Ohkubo, Koutarou Suzuki: Anonymous Hierarchical Identity-Based Encryption with Constant Size Ciphertexts. Public Key Cryptography 009:215-234
[31] Kaoru Kurosawa and Yvo Desmedt: A new paradigm of hybrid encryption scheme. in CRYPTO 2004.
[32] L. Cheung and C. Newport. Provably secure ciphertext policy abe. In CCS, pages456-465,2007.
[33] Libert, B., Vergnaud, D.: Adaptive-ID secure revocable identity-based encryption. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 1–15.Springer, Heidelberg (2009)
[34] Libert and J.-J. Quisquater. Efficient revocation and threshold pairing based cryptosystems. In PODC, pages 163–171, 2003.
[35] M. Naor and B. Pinkas. E?cient trace and revoke schemes. In Financial Cryptography, pages 1–20, 2000.
[36] M. Pirretti, P. Traynor, P. McDaniel, and B. Waters. Secure attribute-based systems. In CCS, pages 99-112, 2006.
[37] Mihir Bellare and Phillip Rogaway: Random oracles are practical: a paradigm for designing efficient protocols. In CCS 1993
[38] M. Chase. Multi-authority attribute based encryption. In TCC, pages 515-534, 2007.
[39] Nuttapong Attrapadung, Hideki Imai: Dual-Policy Attribute Based Encryption: Simultaneous Access Control with Ciphertext and Key Policies. IEICE Transactions (IEICET) 93-A(1):116-125 (2010)
[40] Nikov, V., Nikova, S.: New monotone span programs from old. Cryptology ePrint Archive, Report 2004/282 (2004), http://eprint.iacr.org/
[41] Ostrovsky, R., Sahai, A., Waters, B.: Attribute Based Encryption with Non-Monotonic Access Structures. In: ACM conference on Computer and Communications Security (ACM CCS) (2007)
[42] Ran Canetti, Shai Halevi, and Jonathan Katz. Chosen-ciphertext security from identity-based encryption. In EUROCRYPT, pages 207-222, 2004.
[43] Rafail Ostrovksy, Amit Sahai, and Brent Waters. Attribute Based Encryption with Non-Monotonic Access Structures. In CCS, 2007.
[44] Ronald Cramer and Victor Shoup: A practical public key cryptosystem provably secure agasinst adaptive choesen ciphertext attack. In CRYPTO 98
[45] Sahai, A., Waters, B.: Fuzzy Identity Based Encryption. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473.Springer, Heidelberg (2005)
[46] T. Okamoto and K. Takashima. Hierarchical predicate encryption for inner-products. In ASIACRYPT, 2009
[47] V. Goyal, A. Jain, O. Pandey, and A. Sahai. Bounded ciphertext policy attribute-based encryption. In ICALP, 2008.
[48] V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute Based Encryption for Fine-Grained Access Conrol of Encrypted Data. In CCS, 2006.
[49] V. Shoup. Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332, 2004. http://eprint.iacr.org/.
[50] W. Diffie, M.E. Hellman,“New direction in cryptography”, IEEE Trans. Inf. Theory, 22(6), pages 644-654, 1976
[51] Xavier Boyen: General ad hoc encryption from exponent inversion IBE. In EUROCRYPT 2007.
[52] Yvo Desmedt, Rosario Gennaro, Kaoru Kurosawa and Victor Shoup: A new and improved paradigm of hybrid encryption secure against chosen-ciphertext attack. In Journal of Cryptology, 2010
[53] Harry Buhrman, Nishanth Chandran, Serge Fehr, Ran Gelles, Vipul Goyal, Rafail Ostrovsky, Christian Schaffner: Position-Based Quantum Cryptography: Impossibility and Constructions CoRR abs/1009.2490 (2010)