格上高效且可撤销的密文策略属性基加密方案

doi:10.12305/j.issn.1001-506X.2025.04.33

摘要/Abstract

摘要：

针对格上属性基加密方案中存在的运算效率低、访问策略表达能力不够灵活、不具备撤销功能的问题, 提出一种格上高效表达且可撤销的密文策略属性基加密方案。在环上带误差学习困难问题下, 采用小策略矩阵和更高基数的采样算法降低了方案的累计误差, 提升了运算效率。将线性秘密共享技术和环上带误差学习困难问题结合，实现了访问策略的高效灵活表达; 此外, 在该访问策略下加入直接撤销, 使方案在具有高效表达性的同时, 也具备了用户撤销功能。所提方案在环上带误差学习困难问题下可以抵抗选择性明文攻击。实验仿真比较结果表明了所提方案的有效性和实用性。

关键词: 属性基加密, 线性秘密共享, 用户撤销, 环上带误差学习, 小策略矩阵

Abstract:

To address the problems existing in attribute-based encryption schemes on lattice such as low computational efficiency, inflexible access policy expression, and lack of revocation, an efficient and revocable ciphertext-policy attribute-based encryption scheme on lattice is proposed. It uses small policy matrices and higher base sampling algorithms under the ring learning with errors assumption to reduce cumulative errors and improve computational efficiency of the proposed scheme. By integrating linear secret sharing and the ring learning with errors assumption, flexible and efficient access policy expression is achieved. Additionally, by adding direct revocation to the access policy, the proposed scheme not only has efficient expression, but also has the user revocation function. The proposed scheme can resist the chosen plaintext attack under the ring learning with errors assumption. The simulation results show the effectiveness and practicability of the proposed scheme.

Key words: attribute-based encryption, linear secret sharing, user revocation, ring learning with errors, small policy matrix

中图分类号:

TP309

姜美羡, 高军涛, 裴焘. 格上高效且可撤销的密文策略属性基加密方案[J]. 系统工程与电子技术, 2025, 47(4): 1364-1373.

Meixian JIANG, Juntao GAO, Tao PEI. Efficient and revocable ciphertext-policy attribute-based encryption scheme on lattice[J]. Systems Engineering and Electronics, 2025, 47(4): 1364-1373.

图/表 7

表1

表2

表3

图1

图2

表4

表5

参考文献 34

1	BACKENDAL M, HALLER M, PATERSON K G. MEGA: malleable encryption goes awry[C]//Proc. of the 44th IEEE Symposium on Security and Privacy, 2023: 146-163.
2	SAHAI A, WATERS B. Fuzzy identity-based encryption[C]//Proc. of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2005: 457-473.
3	叶青,陈晴晴,豆永鹏,等.格上身份基可追踪环签名方案[J].西安电子科技大学学报,2025,36(2):698-714.
	YEQ,CHENQ Q,DOUY P,et al.Identity-based traceable ring signature scheme on lattice[J].Journal of Xidian University,2025,36(2):698-714.
4	陈洁,楚乔涵,杜秋妍,等.标准模型下效率更高的身份基匹配加密[J].软件学报,2025,36(2):698-714.
	CHENJ,CHUQ H,DUQ Y,et al.More efficient identity-based matchmaking encryption under standard model[J].Journal of Software,2025,36(2):698-714.
5	王晓毅,陈虎,赵姜冬.带抵抗解密密钥暴露的可撤销身份基加密[J].计算机工程与应用,2024,60(19):268-277.
	WANGX Y,CHENH,ZHAOJ D.Revocable identity-based encryption with decryption key exposure resistance[J].Computer Engineering and Applications,2024,60(19):268-277.
6	GOYAL V, PANDEY O, SAHAI A, et al. Attribute-based encryption for fine-grained access control of encrypted data[C]//Proc. of the 13th ACM Conference on Computer and Communications Security, 2006: 89-98.
7	HEZ X,CHENY L,LUOY,et al.Revocable and traceable undeniable attribute-based encryption in cloud-enabled E-health systems[J].Entropy,2024,26(1):45.
8	陈丽莎,李雪莲,高军涛.支持数据完整性验证的可问责数据交易方案[J].系统工程与电子技术,2022,44(4):1364-1371. doi: 10.12305/j.issn.1001-506X.2022.04.35
	CHENL S,LIX L,GAOJ T.Accountable data trading scheme supporting data integrity verification[J].Systems Engineering and Electronics,2022,44(4):1364-1371. doi: 10.12305/j.issn.1001-506X.2022.04.35
9	LIX M,WANGH,MAS.An efficient ciphertext-policy weighted attribute-based encryption with collaborative access for cloud storage[J].Computer Standards & Interfaces,2025,91,103872.
10	LIY,WANGG Z,FENGH X,et al.Efficient and accountable anti-leakage attribute-based encryption scheme for cloud storage[J].Heliyon,2024,10(12):e32404.
11	郭丽峰,邢晓敏,郭慧.云存储中高效可追踪可撤销的属性基加密方案[J].密码学报,2023,10(1):131-145.
	GUOL F,XINGX M,GUOH.An efficient traceable and revocable attribute-based encryption scheme in cloud storage[J].Journal of Cryptologic Research,2023,10(1):131-145.
12	CHENS B,LIJ G,ZHANGY C,et al.Efficient revocable attribute-based encryption with verifiable data integrity[J].IEEE Internet of Things Journal,2024,11(6):10441-10451.
13	JOSEPHD,MISOCZKIR,MANZANOM,et al.Transitioning organizations to post-quantum cryptography[J].Nature,2022,605,237-243.
14	REGEV O. On lattices, learning with errors, random linear codes, and cryptography[C]//Proc. of the 37th Annual ACM Symposium on Theory of Computing, 2005: 84-93.
15	YAOY F,CHENH Y,GAOY,et al.A decentralized multi-authority CP-ABE scheme from LWE[J].Journal of Information Security and Applications,2024,82,103752.
16	LYUBASHEVSKY V, PEIKERT C, REGEV O. On ideal lattices and learning with errors over rings[C]//Proc. of the 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2010: 1-23.
17	ZHANG J, ZHANG Z F, GE A J. Ciphertext policy attribute-based encryption from lattices[C]//Proc. of the 7th ACM Symposium on Information, Computer and Communications Security, 2012: 16-17.
18	WANGY T.Lattice ciphertext policy attribute-based encryption in the standard model[J].International Journal of Network Security,2014,16(6):444-451.
19	CHENZ H,ZHANGP,ZHANGF G,et al.Ciphertext policy attribute-based encryption supporting unbounded attribute space from RLWE[J].KSII Trans.on Internet and Information Systems,2017,11(4):2292-2309.
20	GURK D,POLYAKOVY,ROHLOFFK,et al.Practical applications of improved Gaussian sampling for trapdoor lattices[J].IEEE Trans.on Computers,2019,68(4):570-584.
21	DATTA P, KOMARGODSKI I, WATERS B. Decentralized multi-authority ABE for DNFs from LWE[C]//Proc. of the 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2021: 177-209.
22	CHENE,ZHUY,LIANGK T,et al.Secure remote cloud file sharing with attribute-based access control and performance optimization[J].IEEE Trans.on Cloud Computing,2023,11(1):579-594.
23	SAHAI A, SEYALIOGLU H, WATERS B. Dynamic credentials and ciphertext delegation for attribute-based encryption[C]// Proc. of the 32nd Annual Cryptology Conference, 2012: 199-217.
24	WANGS P,ZHANGX,ZHANGY L.Efficient revocable and grantable attribute-based encryption from lattices with fine-grained access control[J].IET Information Security,2018,12(2):141-149.
25	CHENGL X,MENGF,MENGX M,et al.AKC-based revocable ABE schemes from LWE assumption[J].Security and Communication Networks,2020,2020(5):1-16.
26	YANGY,SUNJ G,LIUZ C,et al.Practical revocable and multi-authority CP-ABE scheme from RLWE for cloud computing[J].Journal of Information Security and Applications,2022,65,103108.
27	HUANGB X,GAOJ T,LIX L.Efficient lattice-based revocable attribute-based encryption against decryption key exposure for cloud file sharing[J].Journal of Cloud Computing,2023,12,37.
28	LUOF C,AL-KUWARIS,WANGH Y,et al.Revocable attribute-based encryption from standard lattices[J].Computer Standards & Interfaces,2023,84,103698.
29	AGRAWAL S, BONEH D, BOYEN X. Efficient lattice (H)IBE in the standard model[C]//Proc. of the 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2010: 553-572.
30	YANGX Y,WUL Q,ZHANGM Q,et al.An efficient CCA-secure cryptosystem over ideal lattices from identity-based encryption[J].Computers and Mathematics with Applications,2013,65(9):1254-1263.
31	DAIW,DOROZY,POLYAKOVY,et al.Implementation and evaluation of a lattice-based key-policy ABE scheme[J].IEEE Trans.on Information Forensics & Security,2018,13(5):1169-1184.
32	NAOR D, NAOR M, LOTSPIECH J. Revocation and tracing schemes for stateless receivers[C]//Proc. of the 21st Annual International Cryptology Conference, 2001: 19-23.
33	陈娥. 面向公钥群组密码的高效签名与加密技术研究[D]. 北京: 北京科技大学, 2022.
	CHEN E. Research on efficient signature and encryption technologies for public-key group-oriented cryptography[D]. Beijing: University of Science and Technology, 2022.
34	孟飞. 将属性加密体制应用于云存储中关键问题的研究[D]. 济南: 山东大学, 2021.
	MENG F. Research on key issues of applying attribute-based encryption to cloud storage[D]. Ji'nan: Shandong University, 2021.

方案	LSSS访问结构	撤销	困难假设
文献[17]	×	－	LWE
文献[22]	√	－	LWE
文献[25]	×	直接撤销	LWE
文献[19]	×	－	RLWE
文献[16]	×	间接撤销	RLWE
文献[27]	×	间接撤销	RLWE
本文所提方案	√	直接撤销	RLWE

方案	公钥尺寸	密钥尺寸	密文尺寸	明文尺寸
文献[17]	$\left[\left(2+2 s_t\right) m+1\right] n \log q$	$2\left(s_t+s_u\right) m \log q$	$\left[\left(s_t+s_a-s_d+2\right) m+1\right] \log q$	{0, 1}
文献[19]	$\left[\left(2+2 s_t\right) m+1\right] n \log q$	$4\left(s_u+s_t\right) m \cdot n \cdot \log q$	$\left[\left(s_t+s_a-s_d+2\right) m+1\right] n \log q$	{0, 1}ⁿ
文献[22]	$[3 m+1] n \log q$	$2 s_u m \log q$	$\left[2 s_a m+s_a l+1\right] \log q$	{0, 1}
文献[25]	$\left[\left(2 s_t+2 N+1\right) m+1\right] n \log q$	$3 N_1\left(s_u+s_t\right) m \log q$	$\left[\left(s_t+s_a-s_d+2+N_2\right) m+1\right] \log q$	{0, 1}
文献[26]	$\left[\left(4 s_t+T+2\right) m+1\right] n \log q$	$\leqslant 4\left(s_u+s_t\right) m \cdot n \cdot \log q$	$\left[\left(2\left(s_t+s_a-s_d+1\right)+1\right) m+1\right] n \log q$	{0, 1}ⁿ
文献[27]	$\left[\left(s_t+3 T+1\right) m+1\right] n \log q$	$\left(s_t+3 T\right) m \cdot n \cdot \log q$	$\left[\left(2 s_t+3 T\right) m \cdot n \cdot \log q\right.$	{0, 1}ⁿ
本文所提方案	$[(2 N+2) m+1] n \log q$	$3 N_1 s_u m \cdot n \cdot \log q$	$\left[\left(2 s_a+N_2\right) m+s_a l+1\right] n \cdot \log q$	{0, 1}ⁿ

方案	密钥生成	加密	解密
文献[17]	$\left(s_u+s_t\right) \hat{t}_l$	$\left(\left(s_a+s_t-s_d+1\right) m+m+1\right) n^2$	$2\left(s_a+s_t-s_d+1\right) m \cdot n^2$
文献[19]	$\left(s_u+s_t\right) t_l$	$\left[\left(s_a+s_t-s_d+1\right) m+m+1\right] n \log _2 n$	$2 s_t m \cdot n \cdot \log _2 n$
文献[22]	$s_u \hat{t}_l$	$2 s_a m \cdot n^2$	$2 s_d m \cdot n^2$
文献[25]	$\left(s_u+s_t\right) N_1 \hat{t}_l$	$\left[\left(s_a+s_t-s_d+1+N_2\right) m+m+1\right] n^2$	$3\left(s_a+s_t-s_d+1\right) m \cdot n^2$
文献[26]	$2\left(s_u+s_t\right) t_l$	$\left[2\left(s_a+s_t-s_d+1\right) m+T \cdot m+1\right] n \log _2 n$	$4 s_t m \cdot n \cdot \log _2 n$
文献[27]	$\leqslant s_r t_l$	$\left(2 s_t-s_a+3 T\right) m \cdot n \cdot \log _2 n$	$\leqslant 2 s_t m \cdot n \cdot \log _2 n$
本文所提方案	$N_1 s_u t_l$	$\left(2 s_a+N_2\right) m \cdot n \cdot \log _2 n$	$3 s_d m \cdot n \cdot \log _2 n$

基数	初始化	密钥生成	加密
64	19.8/20.2/21.1/20.1/20.2	298.8/383.0/472.8/577.1/690.4	13.6/16.7/20.8/26.7/30.7
128	17.4/17.2/18.1/17.6/18.2	280.7/363.4/442.0/560.1/662.7	10.3/14.2/18.1/23.0/24.5
256	15.3/15.4/15.1/15.2/15.3	266.9/341.3/417.8/528.6/617.0	8.9/12.4/15.3/19.6/20.6
512	13.6/13.2/13.5/13.7/13.4	256.5/323.6/379.1/488.5/579.2	8.5/10.2/14.1/17.8/18.9

基数	初始化	密钥生成	加密
64	10.3/9.9/10.2/10.3/10.1	228.4/304.4/315.8/328.5/341.9	7.2/8.8/9.8/11.8/13.7
128	8.3/8.1/8.2/8.3/8.2	211.8/290.8/286.8/300.6/318.2	6.1/7.9/8.4/9.8/11.2
256	6.8/6.9/6.8/6.8/6.9	202.3/253.6/268.5/283.6/292.3	5.2/6.1/7.3/8.5/10.0
512	6.5/6.4/6.6/6.5/6.5	200.5/233.5/252.2/273.0/288.0	4.9/5.6/6.6/8.1/8.7