Fine-grained cooperative access control scheme with hidden policies

作     者：Han Gang Xing Qixuan Zhang Yinghui Han Gang;Xing Qixuan;Zhang Yinghui

作者机构：School of Cyberspace SecurityXi'an University of Posts and TelecommunicationsXi'an 710121China National Engineering Laboratory for Wireless SecurityXi'an University of Posts and TelecommunicationsXi'an 710121China 

出 版 物：《The Journal of China Universities of Posts and Telecommunications》 (中国邮电高校学报（英文版）)

年 卷 期：2021年第28卷第6期

页      面：13-25页

核心收录：

学科分类：0839[工学-网络空间安全] 08[工学] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：supported by the National Natural Science Foundation of China (62072369,62072371,61772418) the Innovation Capability Support Program of Shaanxi (2020KJXX-052) the Shaanxi Special Support Program Youth Top-notch Talent Program the Key Research and Development Program of Shaanxi (2020ZDLGY08-04,2021ZDLGY06-02) the Natural Science Basic Research Program of Shaanxi (2021JQ-722) 

主　　题：attribute-based encryption hidden policy group collaboration blockchain 

摘      要：The traditional ciphertext policy attribute-based encryption(CP-ABE) has two problems: one is that the access policy must be embedded in the ciphertext and sent, which leads to the disclosure of user s privacy information, the other is that it does not support collaborative decryption, which cannot meet the actual demand of conditional collaborative decryption among multiple users. In order to deal with the above two problems at the same time, a fine-grained cooperative access control scheme with hidden policies(FCAC-HP) is proposed based on the existing CP-ABE schemes combined with blockchain technology. In FCAC-HP scheme, users are grouped by group identifier so that only users within the same group can cooperate. In the data encryption stage, the access policy is encrypted and then embedded in the ciphertext to protect the privacy information of the access policy. In the data access stage, the anonymous attribute matching technology is introduced so that only matched users can decrypt ciphertext data to improve the efficiency of the system. In this process, a smart contract is used to execute the verification algorithm to ensure the credibility of the results. In terms of security, FCAC-HP scheme is based on the prime subgroup discriminative assumption and is proved to be indistinguishable under chosen plaintext attack(CPA) by dual system encryption technology. Experimental verification and analysis show that FCAC-HP scheme improves computational efficiency while implementing complex functions.