属性撤销是基于属性的加密(attribute based encryption,简称 ABE)在实际应用中所必须解决的问题.在直接撤销模式下,已有的支持属性撤销的 ABE 方案只能以撤销用户身份的方式对用户所拥有的全部属性进行撤销,而无法做到针对属性的细粒度撤销.提出了直接模式下支持完全细粒度属性撤销的 CP-ABE(cipher policy ABE)模型,在合数阶双线性群上,基于双系统加密的思想构造了具体的方案,并在标准模型下给出了严格的安全性证明.该方案能够对用户所拥有的任意数量的属性进行撤销,解决了已有方案中属性撤销粒度过粗的问题.
Abstract:
Attribute revocation is crucial to use of ABE. The existing ABE schemes that support attributerevocation under the direct revocation model can only revoke the whole attributes that the user possesses byrevoking the user’s identity, so the attribute revocation is coarse-grained. This paper proposes the model of CP-ABEthat supports fully fine-grained attribute revocation. Based on the dual encryption system proposed by Waters, aconcrete CP-ABE scheme that fully supports fine-grained attribute revocation is constructed over the compositeorder bilinear groups, and the study proves its security under the standard model. Compared to the existing relatedschemes, this scheme is much more flexible and can revoke an arbitrary number of attributes that user possesses.