CN105915333A

CN105915333A - High-efficiency secret key distribution method based on attribute encryption

Info

Publication number: CN105915333A
Application number: CN201610146573.4A
Authority: CN
Inventors: 孙知信; 洪汉舒; 徐睿; 李冬军; 宫婧
Original assignee: Nanjing Post and Telecommunication University
Current assignee: Nanjing Post and Telecommunication University
Priority date: 2016-03-15
Filing date: 2016-03-15
Publication date: 2016-08-31
Anticipated expiration: 2036-03-15
Also published as: CN105915333B

Abstract

The invention discloses an efficient key update method based on attribute encryption. The system of attribute encryption is widely used, but objectively requires a strategy that can reduce the burden on the attribute authentication center and ensure system security in the process of attribute revocation and key update. The system involved in the method of the present invention includes six modules including an attribute authentication center, a key assistant, a data sender, a data receiver, a base station and a data server. The attribute authentication center is responsible for managing the user's attributes and distributing the user's initial private key. The key helper is responsible for updating the user's private key at the beginning of each time slice in the system. The invention divides the life cycle of the system into several time segments, and can ensure the forward and backward security of the system by updating the private key of the legitimate user when attribute revocation or key leakage occurs. The key assister can help users update their private keys, effectively reducing the burden on the authentication center.

Description

An Efficient Key Distribution Method Based on Attribute Encryption

技术领域technical field

本发明涉及数字信息传输的保密或安全通信技术，具体涉及一种基于属性加密的高效密钥更新方法The invention relates to a confidential or secure communication technology for digital information transmission, in particular to an efficient key update method based on attribute encryption

背景技术：Background technique:

属性加密的体制近年来引来了广泛的应用。在传统的属性加密机制中，属性鉴权中心承担着重要的任务，既要管理系统内的所有属性，又要为每个用户生成密钥，运算量过大，容易造成节点的单点失效从而影响系统的性能。此外，在属性撤销的过程中往往伴随着公共参数的更新，由于属性加密机制内的公共参数较大，频繁的更新会造成的大量的计算及通信资源消耗。另一方面，在属性密码系统中，常常伴随着用户私钥泄露的情况发生。如果密钥得不到及时的更新，大量的隐私数据会暴露给非法用户，整个系统也会面临着巨大的安全威胁。因此，基于属性的加密体制需要一种策略，既能减轻属性鉴权中心的负担，又能在属性撤销和密钥更新的过程中保证系统安全。此外，应将密钥更新的开销降到最低，避免大量公共参数更新带来的巨大通信负荷。The system of attribute encryption has attracted a wide range of applications in recent years. In the traditional attribute encryption mechanism, the attribute authentication center undertakes important tasks. It not only manages all attributes in the system, but also generates keys for each user. The calculation is too large, and it is easy to cause a single point of node failure and thus affect system performance. In addition, the process of attribute revocation is often accompanied by the update of public parameters. Since the public parameters in the attribute encryption mechanism are large, frequent updates will cause a large amount of computing and communication resource consumption. On the other hand, in the attribute cryptosystem, it is often accompanied by the leakage of the user's private key. If the key is not updated in time, a large amount of private data will be exposed to illegal users, and the entire system will also face a huge security threat. Therefore, an attribute-based encryption system needs a strategy that can not only reduce the burden on the attribute authentication center, but also ensure system security in the process of attribute revocation and key update. In addition, the overhead of key updates should be minimized to avoid the huge communication load brought by a large number of public parameter updates.

申请号为CN201510407611.2，名称为《基于多线性映射的可撤销分权威密钥策略的属性加密方法》的专利提出了一种基于多线性映射的可撤销分权威密钥策略的属性加密方法,构造针对撤销用户的单个属性，只有密文的属性集满足用户的密钥策略，用户才能完成解密过程。方案采取由权威中心构造分权威的策略，每个分权威掌握各自主密钥并参与公共参数的建立过程，利用线性秘密共享算法将访问策略转为访问结构，生成相应访问结构下的用户私钥，根据属性集和已知的撤销列表，对消息进行加密，判断用户是否在撤销列表中，完成解密过程，结合已知私钥和用户，建立追踪算法，判定用户与私钥的关联性，并且解决了撤销用户单个属性而非用户的全体属性的问题，验证了用户与私语的关联性，提高了运算效率和整体安全性。然而，由于多权威中心存在时间和参数同步共享的问题，当用户的属性需要撤销时，系统中公共参数更新会占用很大的计算资源，使得系统密钥更新的整体效率偏低，不适合应用于无线通信、传感网等场景。此外，方案中全部的密钥更新工作都由属性鉴权中心完成，节点负担过重，容易造成单点失效等问题。The application number is CN201510407611.2, and the patent titled "Reversible Authoritative Key Strategy Based on Multilinear Mapping Attribute Encryption Method" proposes an attribute encryption method based on multilinear mapping and revocable authoritative key strategy. Construct a single attribute for the revoked user, only if the attribute set of the ciphertext satisfies the user's key policy, the user can complete the decryption process. The scheme adopts the strategy of sub-authority constructed by the authority center, each sub-authority masters its own private key and participates in the establishment of public parameters, uses the linear secret sharing algorithm to transform the access strategy into an access structure, and generates the user's private key under the corresponding access structure , according to the attribute set and the known revocation list, encrypt the message, judge whether the user is in the revocation list, complete the decryption process, combine the known private key and the user, establish a tracking algorithm, and determine the relevance between the user and the private key, and It solves the problem of revoking a single attribute of a user instead of all attributes of the user, verifies the correlation between the user and the whisper, and improves the computing efficiency and overall security. However, due to the problem of time and parameter synchronization sharing in multiple authoritative centers, when the user's attributes need to be revoked, the update of public parameters in the system will occupy a lot of computing resources, making the overall efficiency of system key update low, which is not suitable for applications. It is used in wireless communication, sensor network and other scenarios. In addition, all the key update work in the scheme is completed by the attribute authentication center, and the burden on the nodes is too heavy, which is easy to cause problems such as single point failure.

发明内容Contents of the invention

本发明要解决的技术问题是寻求一种加密策略能减轻属性鉴权中心的负担，又能在属性撤销和密钥更新的过程中保证系统安全，降低密钥更新的开销，避免大量公共参数更新带来的巨大通信负荷。The technical problem to be solved by the present invention is to seek an encryption strategy that can reduce the burden on the attribute authentication center, ensure system security in the process of attribute revocation and key update, reduce the cost of key update, and avoid a large number of public parameter updates huge communication load.

为解决上述问题，本发明提出的技术方案是一种基于属性加密的高效密钥分发方法,包含以下步骤：In order to solve the above problems, the technical solution proposed by the present invention is an efficient key distribution method based on attribute encryption, which includes the following steps:

步骤一：系统初始化Step 1: System initialization

1.定义G₁,G₂为两个循环群，其阶数均为p.定义g为G₁上的一个生成元。1. Define G ₁ and G ₂ as two cyclic groups whose order is p. Define g as a generator on G ₁ .

2.定义为一个双线性映射，并定义一个哈希函数H₁:{0,1}^*→G₁，该函数的功能为将任意长度的字符串投射到G₁上。2. Definition is a bilinear mapping, and define a hash function H ₁ :{0,1} ^* →G ₁ , the function of which is to project a string of any length onto G ₁ .

3.属性鉴权中心在有限域内为每个属性选择一个随机数此外还选取则系统的主私钥为{t_i,g^y,s},协助器密钥为h,系统公共参数为 3. The attribute authentication center is in the finite field Choose a random number for each attribute in Also select Then the main private key of the system is {t _i , g ^y , s}, the assistant key is h, and the system public parameter is

步骤二：初始密钥分发Step 2: Initial Key Distribution

在初始阶段TP₀,不失一般性，假设一个用户的唯一标识符为u₁,所拥有的属性集合为{A_i},则该用户在TP₀时刻的初始密钥被定义为 At the initial stage TP ₀ , without loss of generality, assuming that a user’s unique identifier is u ₁ , and the set of attributes he owns is {A _i }, then the user’s initial key at TP ₀ is defined as

步骤三：密钥更新Step 3: Key update

1.当系统的时间片段从TP_n-1进化到TP_n时，密钥协助器计算为每个属性计算密钥的更新信息 1. When the time slice of the system evolves from TP _n-1 to TP _n , the key helper calculates the update information for each attribute calculation key

2.用户得到后，将自己之前的密钥更新到最新版本，计算步骤方法如下： 2. The user gets After that, update your previous key to the latest version. The calculation steps are as follows:

步骤四：数据加密Step 4: Data Encryption

1.数据发送者选取并且定义一个l行n列的矩阵作为访问控制矩阵。1. Data sender selection And define a matrix with l rows and n columns as an access control matrix.

2.假设的第i行值为矩阵数据发送者选取一个列向量并且令 2. Hypothesis The ith row value of The matrix data sender picks a column vector and order

3.根据系统的公共参数，数据发送者计算以下信息：3. According to the public parameters of the system, the data sender calculates the following information:

C₁＝g^x, C ₁ = g ^x ,

4.数据发送者将{C₀,C₁,C_2,i,C_3,i,C_4,i}打包作为密文上传至数据服务器。4. The data sender packs {C ₀ , C ₁ , C _2,i ,C _3,i ,C _4,i } as ciphertext and uploads it to the data server.

步骤五：数据解密Step 5: Data decryption

1.数据接收者从数据服务器处下载相应的密文。1. The data receiver downloads the corresponding ciphertext from the data server.

2.数据接收者利用当前的私钥进行如下计算获得明文，其中ω_i为一常量使得∑_i∈lλ_iω_i＝x.2. The data receiver utilizes the current private key Perform the following calculation to obtain the plaintext, where ω _i is a constant such that ∑ _i∈l λ _i ω _i = x.

$M m = = \frac{{C C}_{00} \cdot &Center Dot; {Π Π}_{i i &Element; &Element; l l} ((\overset{^^}{e e} (({TD TD}_{r r,, {TP TP}_{n no}},, {C C}_{33,, i i})) \cdot &Center Dot; \overset{^^}{e e} (({C C}_{22,, i i},, {D D.}_{22})) \cdot &Center Dot; \overset{^^}{e e} {(({C C}_{44,, i i},, {g g}^{h h}))}^{{ω ω}_{i i}}))}{\overset{^^}{e e} (({C C}_{11},, {D D.}_{11}))}$

上述公式正确性说明如下：The correctness of the above formula is explained as follows:

$\begin{matrix} M m = = \frac{{C C}_{00} \cdot &Center Dot; {Π Π}_{i i &Element; &Element; l l} ((\overset{^^}{e e} (({TD TD}_{i i,, {TP TP}_{n no}},, {C C}_{33,, i i})) \cdot &Center Dot; \overset{^^}{e e} (({C C}_{22,, i i},, {D D.}_{22})) \cdot &Center Dot; \overset{^^}{e e} {(({C C}_{44,, i i},, {g g}^{h h}))}^{{ω ω}_{i i}}))}{\overset{^^}{e e} (({C C}_{11},, {D D.}_{11}))} \\ = = \frac{{C C}_{00} \cdot &Center Dot; {Π Π}_{i i &Element; &Element; l l} ((\overset{^^}{e e} {(({g g}^{{u u}_{22} {t t}_{i i}} {H h}_{11} {(({T T}_{i i},, {TP TP}_{n no}))}^{h h},, {g g}^{{r r}_{i i}}))}^{{ω ω}_{i i}}))}{\overset{^^}{e e} (({g g}^{x x},, {g g}^{y the y + + {u u}_{22} s the s}))} . . \end{matrix}$

$\begin{matrix} \frac{{Π Π}_{i i &Element; &Element; l l} ((\overset{^^}{e e} {(({g g}^{- - {t t}_{i i} {r r}_{i i}} \cdot &Center Dot; {g g}^{{sλ sλ}_{i i}},, {g g}^{{u u}_{22}}))}^{{ω ω}_{i i}} \cdot &Center Dot; \overset{^^}{e e} {(({H h}_{11} {(({T T}_{i i},, {TP TP}_{n no}))}^{- - {r r}_{i i}},, {g g}^{h h}))}^{{ω ω}_{i i}}))}{\overset{^^}{e e} (({g g}^{x x},, {g g}^{y the y + + {u u}_{22} s the s}))} \\ = = \frac{{C C}_{00} \cdot &Center Dot; {Π Π}_{i i &Element; &Element; l l} {((\overset{^^}{e e} (({g g}^{{u u}_{22} {t t}_{i i}},, {g g}^{{r r}_{i i}})) \cdot \cdot \overset{^^}{e e} (({H h}_{11} {(({T T}_{i i},, {TP TP}_{n no}))}^{h h},, {g g}^{{r r}_{i i}}))))}^{{ω ω}_{i i}}}{\overset{^^}{e e} {((g g,, g g))}^{y the y x x} \cdot &Center Dot; \overset{^^}{e e} {((g g,, g g))}^{{u u}_{22} s the s x x}} . . \end{matrix}$

$\frac{{Π Π}_{i i &Element; &Element; l l} ((\overset{^^}{e e} (({g g}^{- - {t t}_{i i} {r r}_{i i}},, {g g}^{{u u}_{22}})) \cdot &Center Dot; \overset{^^}{e e} (({g g}^{{sλ sλ}_{i i}},, {g g}^{{u u}_{22}})) \cdot \cdot \overset{^^}{e e} {(({g g}^{- - {hr hr}_{i i}},, {H h}_{11} (({T T}_{i i},, {TP TP}_{n no}))))}^{{ω ω}_{i i}}))}{\overset{^^}{e e} {((g g,, g g))}^{y the y x x} \cdot \cdot \overset{^^}{e e} {((g g,, g g))}^{{u u}_{22} s the s x x}}$

$\begin{matrix} = = \frac{{C C}_{00} \cdot \cdot {Π Π}_{i i &Element; &Element; l l} ((\overset{^^}{e e} {(({g g}^{{sλ sλ}_{i i}},, {g g}^{u u}))}^{{ω ω}_{i i}}))}{\overset{^^}{e e} {((g g,, g g))}^{y the y x x} \cdot \cdot \overset{^^}{e e} {((g g,, g g))}^{{u u}_{22} s the s x x}} \\ = = \frac{M m \overset{^^}{e e} {((g g,, g g))}^{y the y x x} \cdot \cdot \overset{^^}{e e} {((g g,, g g))}^{u u s the s {Σ Σ}_{i i &Element; &Element; l l} {λ λ}_{i i} {ω ω}_{i i}}}{\overset{^^}{e e} {((g g,, g g))}^{y the y x x} \cdot \cdot \overset{^^}{e e} {((g g,, g g))}^{{u u}_{22} s the s x x}} \\ = = M m \end{matrix}$

进一步，本发明还提供了能实现基于属性加密的高效密钥分发方法的系统，包含属性鉴权中心,密钥协助器，数据发送者，数据接收者，基站和数据服务器。其中，属性鉴权中心负责管理用户的属性，并分发用户的初始私钥。密钥协助器负责在系统每个时间片段开始时更新用户的私钥。基站为各个实体间的通信提供安全的信道。数据发送者制定明文的加密策略，之后将密文上传至数据服务器。数据服务器是由计算机集群组成的物理节点，负责安全的存储数据。数据接收者下载相应密文，并通过自身拥有私钥解密获得明文。Further, the present invention also provides a system capable of implementing an efficient key distribution method based on attribute encryption, including an attribute authentication center, a key assister, a data sender, a data receiver, a base station and a data server. Among them, the attribute authentication center is responsible for managing the user's attribute and distributing the user's initial private key. The key helper is responsible for updating the user's private key at the beginning of each time slice in the system. The base station provides a secure channel for communication between entities. The data sender formulates an encryption strategy for the plaintext, and then uploads the ciphertext to the data server. The data server is a physical node composed of computer clusters, which is responsible for securely storing data. The data receiver downloads the corresponding ciphertext and decrypts it with its own private key to obtain the plaintext.

有益效果：Beneficial effect:

1，本发明提供的密钥分发方法中，将系统的生命周期划分为若干时间片段，当属性撤销或密钥泄露发生时，可以通过更新合法用户的私钥来确保系统的前向和后项安全。即某一时间片段用户的私钥泄露不影响系统其他时间片段的安全。1. In the key distribution method provided by the present invention, the life cycle of the system is divided into several time segments. When attribute revocation or key leakage occurs, the forward and backward items of the system can be guaranteed by updating the private key of the legitimate user. Safety. That is, the disclosure of the user's private key in a certain time segment does not affect the security of the system in other time segments.

2，针对现有属性加密机制鉴权中心负担过重特点,在系统内引入一个密钥协助器，帮助用户更新私钥，减轻了鉴权中心的负担，避免造成节点宕机的情况。且在密钥更新的过程中，系统公共参数不会发生任何变化，只需更新用户的部分私钥，大大减少了密钥更新的代价。2. In view of the heavy burden on the authentication center of the existing attribute encryption mechanism, a key assister is introduced in the system to help users update the private key, which reduces the burden on the authentication center and avoids node downtime. And in the process of key updating, the public parameters of the system will not change in any way, only part of the private key of the user needs to be updated, which greatly reduces the cost of key updating.

3，采用了高效的属性密钥更新方法，只更新了用户的部分私钥，而系统的公共参数不需要改变，极大的提高了系统的效率。数据发送者可以制定加密控制策略，从而实现自主的数据访问控制。3. An efficient attribute key update method is adopted, only part of the private key of the user is updated, and the public parameters of the system do not need to be changed, which greatly improves the efficiency of the system. Data senders can formulate encryption control policies to achieve autonomous data access control.

附图说明Description of drawings

图1为本发明的系统示意图。Fig. 1 is a schematic diagram of the system of the present invention.

具体实施方式detailed description

下面结合附图对本发明的具体实施做进一步详细的说明。The specific implementation of the present invention will be further described in detail below in conjunction with the accompanying drawings.

图1为本发明的系统示意图。从中可以看出基于属性加密的高效密钥分发系统，包含六个功能实体，即属性鉴权中心,密钥协助器，数据发送者，数据接收者，基站和数据服务器。其中，属性鉴权中心负责管理用户的属性，并分发用户的初始私钥。为了减轻属性鉴权中心的计算负荷，在系统内引入另一设备密钥协助器。密钥协助器负责生成用户私钥的更新信息；为了保证系统的前后向安全，将系统划分为若干离散的时间片段；当用户的私钥发生泄漏或者需要属性重定向时，系统进入下一时间片段，并通过密钥协助器负责在系统每个时间片段开始时更新用户的私钥；密钥协助器负责在系统每个时间片段开始时更新用户的私钥。基站为各个实体间的通信提供安全的信道。数据发送者制定明文的加密策略，之后将密文上传至数据服务器。数据服务器是由计算机集群组成的物理节点，负责安全的存储数据。数据接收者下载相应密文，并通过自身拥有私钥解密获得明文。Fig. 1 is a schematic diagram of the system of the present invention. It can be seen that the efficient key distribution system based on attribute encryption includes six functional entities, namely attribute authentication center, key assister, data sender, data receiver, base station and data server. Among them, the attribute authentication center is responsible for managing the user's attribute and distributing the user's initial private key. In order to reduce the computational load of the attribute authentication center, another device key assistant is introduced in the system. The key assister is responsible for generating the update information of the user's private key; in order to ensure the forward and backward security of the system, the system is divided into several discrete time segments; when the user's private key is leaked or attribute redirection is required, the system enters the next time segment segment, and the key assister is responsible for updating the user's private key at the beginning of each time segment of the system; the key assister is responsible for updating the user's private key at the beginning of each time segment of the system. The base station provides a secure channel for communication between entities. The data sender formulates an encryption strategy for the plaintext, and then uploads the ciphertext to the data server. The data server is a physical node composed of computer clusters, which is responsible for securely storing data. The data receiver downloads the corresponding ciphertext and decrypts it with its own private key to obtain the plaintext.

现对基于属性加密的高效密钥更新及数据共享的过程进行说明，包含以下步骤：The process of efficient key update and data sharing based on attribute encryption is now described, including the following steps:

步骤一：系统初始化Step 1: System initialization

步骤二：初始密钥分发Step 2: Initial Key Distribution

步骤三：密钥更新Step 3: Key update

步骤四：数据加密Step 4: Data Encryption

2.假设的第i行值为矩阵数据发送者选取一个列向量并且令 2. Hypothesis The ith row value of The matrix data sender picks a column vector and make

C₁＝g^x, C ₁ = g ^x ,

步骤五：数据解密Step 5: Data decryption

$M m = = \frac{{C C}_{00} \cdot \cdot {Π Π}_{i i &Element; &Element; l l} ((\overset{^^}{e e} (({TD TD}_{r r,, {TP TP}_{n no}},, {C C}_{33,, i i})) \cdot \cdot \overset{^^}{e e} (({C C}_{22,, i i},, {D D.}_{22})) \cdot \cdot \overset{^^}{e e} {(({C C}_{44,, i i},, {g g}^{h h}))}^{{ω ω}_{i i}}))}{\overset{^^}{e e} (({C C}_{11},, {D D.}_{11}))}$

以上公式的正确性说明如下：The correctness of the above formula is explained as follows:

$\begin{matrix} M m = = \frac{{C C}_{00} \cdot \cdot {Π Π}_{i i &Element; &Element; l l} ((\overset{^^}{e e} (({TD TD}_{i i,, {TP TP}_{n no}},, {C C}_{33,, i i})) \cdot \cdot \overset{^^}{e e} (({C C}_{22,, i i},, {D D.}_{22})) \cdot \cdot \overset{^^}{e e} {(({C C}_{44,, i i},, {g g}^{h h}))}^{{ω ω}_{i i}}))}{\overset{^^}{e e} (({C C}_{11},, {D D.}_{11}))} \\ = = \frac{{C C}_{00} \cdot &Center Dot; {Π Π}_{i i &Element; &Element; l l} ((\overset{^^}{e e} {(({g g}^{{u u}_{22} {t t}_{i i}} {H h}_{11} {(({T T}_{i i},, {TP TP}_{n no}))}^{h h},, {g g}^{{r r}_{i i}}))}^{{ω ω}_{i i}}))}{\overset{^^}{e e} (({g g}^{x x},, {g g}^{y the y + + {u u}_{22} s the s}))} . . \end{matrix}$

$\begin{matrix} \frac{{Π Π}_{i i &Element; &Element; l l} ((\overset{^^}{e e} (({g g}^{- - {t t}_{i i} {r r}_{i i}},, {g g}^{{u u}_{22}})) \cdot &Center Dot; \overset{^^}{e e} (({g g}^{{sλ sλ}_{i i}},, {g g}^{{u u}_{22}})) \cdot &Center Dot; \overset{^^}{e e} {(({g g}^{- - {hr hr}_{i i}},, {H h}_{11} (({T T}_{i i},, {TP TP}_{n no}))))}^{{ω ω}_{i i}}))}{\overset{^^}{e e} {((g g,, g g))}^{y the y x x} \cdot &Center Dot; \overset{^^}{e e} {((g g,, g g))}^{{u u}_{22} s the s x x}} \\ = = \frac{{C C}_{00} \cdot &Center Dot; {Π Π}_{i i &Element; &Element; l l} ((\overset{^^}{e e} {(({g g}^{{sλ sλ}_{i i}},, {g g}^{u u}))}^{{ω ω}_{i i}}))}{\overset{^^}{e e} {((g g,, g g))}^{y the y x x} \cdot &Center Dot; \overset{^^}{e e} {((g g,, g g))}^{{u u}_{22} s the s x x}} \\ = = \frac{M m \overset{^^}{e e} {((g g,, g g))}^{y the y x x} \cdot \cdot \overset{^^}{e e} {((g g,, g g))}^{u u s the s {Σ Σ}_{i i &Element; &Element; l l} {λ λ}_{i i} {ω ω}_{i i}}}{\overset{^^}{e e} {((g g,, g g))}^{y the y x x} \cdot \cdot \overset{^^}{e e} {((g g,, g g))}^{{u u}_{22} s the s x x}} \\ = = M m \end{matrix}$

为了保证系统的前后向安全并解决属性密钥吊销的问题，本发明将整个系统的生命周期划分为若干个离散的时间片段，每个时间片段的信息都会被嵌入到用户当前的私钥中。当系统内发生用户属性撤销、更新或者用户私钥泄露等情况时，通过更新合法用户的私钥来确保系统内的前后向安全。In order to ensure the forward and backward security of the system and solve the problem of attribute key revocation, the present invention divides the life cycle of the entire system into several discrete time segments, and the information of each time segment will be embedded in the user's current private key. When the user attributes are revoked, updated, or the user's private key is leaked in the system, the forward-backward security in the system is ensured by updating the private key of the legitimate user.

特别需要说明的是，为了减轻属性鉴权中心的计算负担，在系统内引入一个密钥协助器，帮助用户在新的时间片段到来时更新私钥。在整个系统的生命周期内，系统的公共参数不发生任何改变，故属性撤销不需要牵涉参数的更新，除了用户部分私钥需要更新外无需同步系统参数，故密钥更新的效率大大提高。In particular, in order to reduce the computational burden of the attribute authentication center, a key assister is introduced in the system to help users update the private key when a new time segment arrives. During the life cycle of the entire system, the public parameters of the system do not change in any way, so attribute revocation does not need to involve the update of parameters, and there is no need to synchronize system parameters except for the update of some private keys of users, so the efficiency of key update is greatly improved.

以上所述仅为本发明的一个具体实施例，并不用以限制本发明，本实施例中所用数据集和攻击模式仅限于本实施例，凡在本发明的精神和原则之内，所作的任何修改、等同替换、改进等，均应包含在本发明的保护范围之内。The above description is only a specific embodiment of the present invention, and is not intended to limit the present invention. The data sets and attack modes used in this embodiment are limited to this embodiment. Within the spirit and principles of the present invention, any Modifications, equivalent replacements, improvements, etc., should all be included within the protection scope of the present invention.

Claims

1. an efficient key distribution method based on encryption attribute, it is characterised in that comprise the steps of

Step one: system initialization

1) definition G₁,G₂Being two cyclic groups, it is G that its exponent number is p., definition g₁On one generation unit；

2) definitionIt is a bilinear map, and defines a hash function H₁: { 0,1}^*→G₁, this letter The function of number is that the character string of random length is projected G₁On；

3) attribute AUC is at finite fieldInterior is one random number of each Attributions selectionAdditionally chooseThen the main private key of system is { t_i,^y, s}, aid key is h, and system common parameter is

Step 2: initial key is distributed

At starting stage TP₀, without loss of generality, it is assumed that the unique identifier of a user is u₁, the community set being had is { A_i, then should User is at TP₀The initial key in moment is defined as

Step 3: key updating

1) when the time slice of system is from TP_n-1Evolve to TP_nTime, key aid is calculated as the renewal of each property calculation key Information

2) user obtainsAfter, by the key updating before oneself to latest edition, calculation procedure method is as follows:

{SK}_{{TP}_{n + 1}} = {D_{1}, D_{2}, {TD}_{i, {TP}_{n}} \cdot {UP}_{i, T_{n + 1}}} = {g^{y + u_{1} s}, g^{u_{1}}, g^{u_{1} t_{i}} H_{1} {(T_{i}, {TP}_{n + 1})}^{h}};

Step 4: data encryption

1) data sender choosesAnd define the matrix of l row n rowAs access control matrix；

2) assumeThe i-th row value beMatrix data sender chooses a column vectorAnd And order

3) according to the common parameter of system, data sender calculates following information:

4) data sender is by { C₀,C₁,C_2,i,C_3,i,C_4,iPacking is uploaded to data server as ciphertext；

Step 5: data deciphering

1) Data receiver downloads corresponding ciphertext at data server；

2) Data receiver utilizes current private keyCarry out acquisition calculated as below in plain text, wherein ω_iIt is that a constant makes

2. the system of the efficient key distribution method based on encryption attribute realized described in claim 1, it is characterised in that Comprise attribute AUC, key aid, data sender, Data receiver, base station and data server, wherein, described Attribute AUC is responsible for the attribute of user, and the initial private key of dispatch user；Described key aid is responsible in system The private key of user is updated when each time slice starts；The communication that described base station is each inter-entity provides the channel of safety；Institute State data sender and formulate encryption of plaintext strategy, afterwards ciphertext is uploaded to data server；Described data server be by The physical node of computer cluster composition, is responsible for the storage data of safety；Described Data receiver downloads corresponding ciphertext, and passes through The deciphering of owned private key obtains in plain text.