云端中支持细粒度访问控制策略的属性基加密

项目名称： 云端中支持细粒度访问控制策略的属性基加密

项目编号： No.61472307

项目类型： 面上项目

立项/批准年度： 2015

项目学科： 自动化技术、计算机技术

项目作者： 张乐友

作者单位： 西安电子科技大学

项目金额： 83万元

中文摘要： 属性基加密(ABE)是近年来公钥密码领域研究热点，其接入准则既保证了信息的安全，又为云端中加密数据提供了有效访问控制策略，已有的方案在设计原理、分析理论，扩展应用等方面远未成熟，本课题针对这些关键问题展开研究，内容如下：(1) 基于格上陷门的新型设计与分析理论。利用新的原像抽样算法既解决已有格公钥存在的密钥、密文空间大的缺陷，又解决已有属性基加密在效率及安全方面的瓶颈问题。(2) 访问控制策略的新设计。结合布尔运算及算术电路运算的优点，采用可验证随机函数及对偶-对向量、双峰高斯抽样等新技术实现密钥、密文的层次设计策略，以及同时实现基于密钥策略ABE及密文策略ABE的对偶策略ABE，以此实现更加灵活的访问控制策略。(3) 扩展研究。利用格基属性基加密与向量内积设计谓词加密及功能加密，为云中数据共享提供更高效访问控制策略，同时解决在属性密钥撤销、多授权机构等应用方面的缺陷。

中文关键词： 云计算；云存储安全；属性基加密；细粒度访问控制；后量子安全

英文摘要： Attribute -based encryption (ABE) has been an active topic of public key cryptography in recent years. The access policy in ABE not only ensures the security of messages, but also provides efficient access control to encrypted data in Cloud. The existing works have evident defects in design principles, analysis theory , the expansion of applications.We take aim at these issues and will deal with the following topics. (1)To provide new design and analysis theory based on trapdoor over lattice. The new schemes will be constructed by using new Pre-Sampling Function to overcome the shortcomings in the expansion of key space and ciphertext space in the existing works.In addition, the new works will also possess a better mutual compatibility between security and efficiency. (2) To provide new access control policy. The new schemes will support double hierarchy design policy of the private key and ciphertext by combining the advantages of Boolean operator formula and arithmetic circuits with some new techniques such as verifiable random functions and dual-pair vector and bimodal Gaussian sampling. Futhermore, the new constructions will also support Dual-Policy ABE by combining ciphertext-policy ABE and key-policy ABE. All works will propose much moreflexible access control policy than the existing schemes. (3) To support much extension study. Based on the ABE over lattice, we will propose new constructions of predicate encryption and functional encryption, which will provide more choice of access control policy for sharing encrypted data in cloud computing. In additon, we also pay attention to some current hot issue and difficult problem in ABE such as the revocation of attribute-based key, multi-authority ABE. Our topics have the distinctive characteristics and our accumulation of professional knowledge can support us to complete succefully this project.

英文关键词： Cloud Computing;Secure Cloud Storage;Attribute-based Encryption;Fine-grained Access Control;Post-quantum Security