ABE 中的隐藏属性:DIPPE(去中心化内积谓词加密)

1. 引言

相关论文有:

利用基于属性的加密(Attribute-Based Encryption,ABE)(见Amit Sahai 和 Brent Waters 2005年论文 Fuzzy identity-based encryption ,发表于EUROCRYPT 2005。),允许具有某些属性的用户解密数据。这可能与位置或登录网络的权限有关。
ABE有两个关键特性:

  • 1)提供多个权威方来提供属性(multi-authority,即MA-ABE),
  • 2)隐藏所使用的访问策略。

利用 DIPPE(Decentralized Inner-Product Predicate Encryption,去中心化内积谓词加密)(详情见:Yan Michalevsky 和 Marc Joye 2018年论文 Decentralized policy-hiding ABE with receiver privacy,发表于23rd European Symposium on Research in Computer Security, ESORICS 2018。):

  • 既可以执行多个权威方提供的属性,
  • 也可以执行访问策略隐藏。

DIPPE为 ABE 提供了一种去中心化的方法。

对于策略隐藏,DIPPE 使用去中心化内积谓词加密方案,其中有一个正交的策略向量和一个用户向量。为此,它们的内积应该为零。

有两个向量u和v,如果它们的内积为零,则它们是正交的:

⟨ u , v ⟩= 0

如对于:
在这里插入图片描述
有:

⟨ u , v ⟩=(0×1)+(−1×1)+(1×1)+(0×−3)+(0×−4)=0

DIPPE基本流程为:

  • 1)Setup:将接受一个输入参数,然后创建公共参数 (pp):
a , err := abe.NewDIPPE ( 3 )
  • 2)AuthSetup:采用公共参数和权威方索引i,并输出权威方的私钥 (sk) 和公钥 (pk):
 // 创建权威方及其公钥
 auth := make([]*abe.DIPPEAuth, vecLen)
 pubKeys := make([]*abe.DIPPEPubKey, vecLen)
 for i := range auth {
  auth[i], err = a.NewDIPPEAuth(i)
  if err != nil {
   fmt.Printf("New authority generation failed: %v\n", err)
  }
  pubKeys[i] = &auth[i].Pk
 }
  • 3)GenKey:采用公共参数、权威方索引 (i)、私钥、来自其他权威方的公共参数、用户全局 ID 和属性向量,并输出一个私钥:
 // 为用户定义 GID
userGID := "Bob" 
 // 设置用户向量。要解密,用户和策略向量必须正交
v=toArray(vector2) 
userVector := data.Vector([]*big.Int{big.NewInt(v[ 0 ]), big.NewInt(v[ 1 ]), 
  big.NewInt(v[ 2 ]), big.NewInt(v[ 3 ]), big.NewInt(v[ 4 ])}) 

 // 从授权机构生成密钥
userKeys := make ([]data.VectorG2, vecLen) 
 for i := range auth { 
  userKeys[i], err = auth[i].DeriveKeyShare(userVector, pubKeys, userGID) 
  if err != nil { 
   fmt.Printf( "User key generation failed: %v\n" , err) 
  } 
}
  • 4)加密:可使用公钥和策略向量进行加密:
v:= toArray (vector1) 
policyVector := data. Vector ([]*big.Int{big .NewInt (v[ 0 ]), big .NewInt (v[ 1 ]), 
  big .NewInt (v[ 2 ]), big .NewInt (v[ 3 ]), big .NewInt (v[ 4 ])}) 

 // 使用策略向量给出的所选策略加密消息,
 cipher, err := a.Encrypt ( msg, policyVector, pubKeys) 
if err != nil { 
  fmt .Printf ("加密失败:%v\n", err) 
}
  • 5)解密:可使用用户密钥、用户向量和 userGID 解密密码:
msgRecovered, err := a.Decrypt(cipher, userKeys, userVector, userGID)

完整代码见https://asecuritysite.com/abe/go_abe05

package main
import (
 "fmt"
 "os"
 "github.com/fentec-project/gofe/abe"
 "github.com/fentec-project/gofe/data"
 "math/big"
 "strings"
 "strconv"
)
func toArray(s string) []int64 {

 strs := strings.Split(s, " ")
 a := make([]int64, len(strs))
 for i := range a {
         a[i],_ = strconv.ParseInt(strs[i], 10, 64)
     }
 return a
 
}

func main() {

 msg:="Hello"
 vector1:="1 -1 1 0 0"
 vector2:="0 1 1 -3 4"
 argCount := len(os.Args[1:])
        if (argCount>0) { msg= (os.Args[1]) }
        if (argCount>1) { vector1= (os.Args[2]) }
        if (argCount>2) { vector2= (os.Args[3]) }
 a, err := abe.NewDIPPE(3)
 if err != nil {
  fmt.Printf("New scheme generation failed: %v\n", err)
 }
 vecLen := 5
 // create authorities and their public keys
 auth := make([]*abe.DIPPEAuth, vecLen)
 pubKeys := make([]*abe.DIPPEPubKey, vecLen)
 for i := range auth {
  auth[i], err = a.NewDIPPEAuth(i)
  if err != nil {
   fmt.Printf("New authority generation failed: %v\n", err)
  }
  pubKeys[i] = &auth[i].Pk
 }

 // Policy vector
 v:=toArray(vector1)
 policyVector := data.Vector([]*big.Int{big.NewInt(v[0]), big.NewInt(v[1]),
  big.NewInt(v[2]), big.NewInt(v[3]), big.NewInt(v[4])})

 // encrypt the message with the chosen policy give by a policy vector,
 cipher, err := a.Encrypt(msg, policyVector, pubKeys)
 if err != nil {
  fmt.Printf("Encryption failure: %v\n", err)
 }
 // Define GID for the user
 userGID := "Bob"
 // Setup user vector. To decrypt, the users and policy vector must be orthogonal
 v=toArray(vector2)
 userVector := data.Vector([]*big.Int{big.NewInt(v[0]), big.NewInt(v[1]),
  big.NewInt(v[2]), big.NewInt(v[3]), big.NewInt(v[4])})

 // Generate keys from authorities
 userKeys := make([]data.VectorG2, vecLen)
 for i := range auth {
  userKeys[i], err = auth[i].DeriveKeyShare(userVector, pubKeys, userGID)
  if err != nil {
   fmt.Printf("User key generation failed: %v\n", err)
  }
 }
 // Decryption by the user
 msgRecovered, err := a.Decrypt(cipher, userKeys, userVector, userGID)
 if err != nil {
  fmt.Printf("Decryption failed: %v\n", err)
 }
 fmt.Printf("Policy vector: %v\nUser vector: %v\n\n",policyVector,userVector)
 fmt.Printf("Message: %v\nRecovered %v",msg, msgRecovered)

}

相关示例有:

参考资料

[1] Prof Bill Buchanan OBE FRSE 2024年11月18日博客 Hidding Attributes in ABE: DIPPE (Decentralized Inner-Product Predicate Encryption)

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值