Abstract

(基于属性的) 条件代理重加密方案 (AB-CPRE) 可以使一个委托人通过不同的控制策略向其他人授权解密权限, 这为加密数据外包存储的细粒度访问权限控制问题提供了一个很好的解决方案. 最近, Liang 等人在 ESORICS 2021 上给出了第一个格上基于属性的条件代理重加密方案, 该方案在选择属性的条件下可以抵抗任意多项式时间敌手的选择明文攻击. 但普通的 AB-CPRE 方案可能面临密钥管理繁琐等问题. 本文给出了可撤销的、基于身份的单跳条件代理重加密方案 (RIB-AB-CPRE) 的定义、安全模型并给出了具体构造. 所构造的可撤销的、基于身份的单跳条件代理重加密方案是基于 (密钥策略) 属性的, 即采用密钥策略来进行访问权限的细粒度控制. 在选择身份、系统时刻和属性的条件下, 基于 LWE 假设可以证明所提方案抵抗任意多项式时间敌手的选择明文攻击. 同时, 方案也抵抗解密密钥泄露攻击.

Alternate abstract:

(Attribute-based) conditional proxy re-encryption schemes (AB-CPREs) enable a delegator to delegate his decryption rights via different policies, and offer an efficient solution for enforcing fine-grained access control on outsourced encrypted data. Recently, Liang et al. proposed the first lattice-based AB-CPREs with selective attribute security against chosen-plaintext attacks (CPA) at ESORICS 2021. Nevertheless, AB-CPREs may suffer some problems such as complicated key management. In this paper, definitions, security models and concrete constructions of revocable identity-based conditional proxy re-encryption schemes are given. The proposed revocable identity-based conditional proxy re-encryption schemes are key-policy attributed-based in the sense that key policy is used to enforce fine grained access control. It is shown that the proposed scheme is selective identity, selective time period, and selective attribute secure against chosen plaintext attacks under the assumption that corresponding LWE problems are hard. At the same time, the proposed scheme is also secure against the decryption key exposure attack.