摘要
函数加密作为一种多功能的新型公钥加密原语,因其能实现细粒度的密文计算,在云存储中有着广阔的应用前景,受到研究者们的广泛研究.因此,将数据的访问权限控制有机地融合到加解密算法中,实现“部分加解密可控、按需安全计算”是一个非常有意义的探索方向.但现有函数加密方案无法精细控制发送者权限且使用了较复杂的理论工具(如不可区分性混淆、多线性映射等),难以满足一些特定应用场合需求.面对量子攻击挑战,如何设计抗量子攻击的特殊、高效的函数加密方案成为一个研究热点.内积函数加密是函数加密的特殊形式,不仅能够实现更复杂的访问控制策略和策略隐藏,而且可以有效地控制数据的“部分访问”,提供更细粒度的查询,在满足数据机密性的同时提高隐私保护.针对更加灵活可控按需安全计算的难点,该文基于格上Learning with errors困难问题提出一种基于身份的细粒度访问控制内积函数加密方案.该方案首先将内积函数与通过原像抽样算法产生的向量相关联,生成函数私钥以此控制接收方的计算能力.其次,引入一个第三方(访问控制中心)充当访问控制功能实施者,通过剩余哈希引理及矩阵的秩检验密文的随机性,完成对密文的重随机化以实现控制发送者权限的目的.最后,接收者将转换后的密文通过内积函数私钥解密,仅计算得到关于原始消息的内积值.理论分析与实验评估表明,所提方案在性能上有明显优势,不仅可以抵御量子攻击,而且能够控制接收者的计算权限与发送者的发送权限,在保护用户数据机密性的同时,有效实现开放环境下数据可用不可见、数据可算不可识的细粒度权限可控密文计算的目标.
Functional encryption is a brand-new multi-functional public key encryption primitive that has received a lot of attention from researchers since it can produce fine-grained ciphertext computation and has a wide range of potential applications in cloud storage.For this reason,it is a very meaningful exploration direction to organically integrate the access control of data into the encryption and decryption algorithm to achieve“partial encryption and decryption controllable,on-demand security computing”.However,the existing functional encryption schemes have the following problems:on the one hand,the existing functional encryption schemes cannot precisely control the sender’s permissions;on the other hand,the current functional encryption schemes usually use more complex theoretical tools(such as indistinguishable confusion,multilinear map,etc.),which is difficult to meet the requirements of some specific access control applications.Facing the challenge of quantum attack,how to design a special and efficient functional encryption scheme against quantum attackhas become one of research highlights in recent years.Besides,inner product functional encryption is the most special form of functional encryption that executes the computation for the inner product of vectors.More importantly,inner product functional encryption can not only realize more complex access control strategies and policy hiding,but also effectively control“partial access”of data,provide finer grained queries,and improve privacy protection while meeting data confidentiality.In light of the challenges posed by more adaptable and programmable on-demand security computing,this paper proposes an identity-based access control inner product functional encryption scheme based on the learning with errors problem on the lattice.First,the designed scheme associates the inner product function with the vector generated by the SamplePre algorithm,and generates the function private key to control the computing capacity of the receiver.Second,a third party(access control center)is introduced to act as the implementer of the access control function.The purpose of controlling the sender’s sending authority is achieved through this access control center.What’s more,the randomness of the sender’s ciphertext is checked by the leftover hash lemma and the rank of the matrix.In addition,the re-randomization of the ciphertext is completed to achieve the purpose of controlling the authority of the sender.Finally,the receiver decrypts the converted ciphertext through their inner product function private key,and only calculates the inner product value of the original message after decryption.In addition,the security of the access control inner product functional encryption scheme is strictly proved by the provable security theory in this paper.Theoretical analysis and experimental evaluation are also given in this paper,and the results show that,the proposed scheme has obvious advantages in terms of functions,which can not only resist quantum attacks,but also control the computing authority of the receiver and the sending authority of the sender.While protecting the confidentiality of user data,it effectively realizes the goal of fine-grained permission controlled ciphertext computing where data can be used and invisible,and data can be calculated and unrecognized in an open environment.
作者
侯金秋
彭长根
谭伟杰
叶延婷
HOU Jin-Qiu;PENG Chang-Gen;TAN Wei-Jie;YE Yan-Ting(State Key Laboratory of Public Big Data,College of Computer Science and Technology,Guizhou University,Guiyang 550025;Guizhou Big Date Academy,Guizhou University,Guiyang 550025)
出处
《计算机学报》
EI
CAS
CSCD
北大核心
2023年第6期1172-1183,共12页
Chinese Journal of Computers
基金
国家自然科学基金项目(62272124)
贵州省科技计划基金项目([2018]3001,[2018]2159,[2020]5017)
贵州省研究生科研基金项目(YJSKYJJ[2021]028)资助。
关键词
访问控制加密
内积函数加密
容错学习问题
格
access control encryption
inner product functional encryption
learning with errors problem
lattice
