在做毕业设计, 所以顺便把做的实验总结成文章.
CP-ABE原理
另一篇文章总结了
搭建CP-ABE系统
注意必须先确保正确安装了Charm-crypto环境. 安装比较坑, 可以根据我的文章安装.
https://blog.csdn.net/qq_33976344/article/details/115383904
系统结构图
算法
(1)
S
e
t
u
p
(
)
Setup()
Setup(): 生成主密钥MK, 公开参数PK. MK是只有算法构造者掌握, PK被所有相同参与者接收
(2)
C
T
T
=
E
n
c
r
y
p
t
(
P
K
,
T
,
M
)
CT_T = Encrypt(PK, T, M)
CTT=Encrypt(PK,T,M): 使用PK, 访问结构T, 将明文M加密为密文
C
T
T
CT_T
CTT
(3)
S
K
S
=
K
e
y
G
e
n
(
M
K
,
S
)
SK_S = KeyGen(MK, S)
SKS=KeyGen(MK,S): 用MK, 用户属性值S生成用户私钥
S
K
S
SK_S
SKS
(4)
M
=
D
e
c
r
y
p
t
(
C
T
T
,
S
K
S
)
M = Decrypt(CT_T, SK_S)
M=Decrypt(CTT,SKS): 用户用私钥
S
K
S
SK_S
SKS解密
C
T
T
CT_T
CTT得到明文M, 当且仅当用户属性S满足访问结构T时才能解密成功.
角色
- 可信权威: 维护属性和密钥的对应, 负责执行算法的(1), (3); 持有MK, 同时要为用户分发密钥 S K S SK_S SKS
- 数据所有者: 通过数据服务者向用户分享数据, 负责定义访问结构T, 执行算法的(2), 加密要分享的数据.
- 用户: 持有可信权威分发的属性密钥 S K S SK_S SKS, 执行算法(4), 可以解密相应的数据.
- 服务提供者: 只做数据存储功能的提供者, 不参与任何算法执行.
实现系统配置、密钥分发、加密和解密,属性结构树设置,并测试加解密时间. 代码如下:
from charm.toolbox.pairinggroup import PairingGroup, GT
from charm.schemes.abenc.abenc_bsw07 import CPabe_BSW07
from time import *
def Print_Time(T_encrypt: list, T_decrypt1: list, T_decrypt2:list):
print('Time of Encryption:')
for _ in range(len(T_encrypt)):
print(T_encrypt[_], end = ' ')
print('')
print('Average time used: ', sum(T_encrypt) / len(T_encrypt), '\n')
print('Time of Decryption#1:')
for _ in range(len(T_decrypt1)):
print(T_decrypt1[_], end = ' ')
print('')
print('Average time used: ', sum(T_decrypt1) / len(T_decrypt1), '\n')
print('Time of Decryption#2:')
for _ in range(len(T_decrypt2)):
print(T_decrypt2[_], end = ' ')
print('')
print('Average time used: ', sum(T_decrypt2) / len(T_decrypt2), '\n')
def main():
# instantiate a bilinear pairing map
pairing_group = PairingGroup('SS512')
# CP-ABE under DLIN (2-linear)
cpabe = CPabe_BSW07(pairing_group)
# run the set up
(pk, msk) = cpabe.setup()
# generate a secret_key
attributes = ['ONE', 'TWO', 'THREE', 'FOUR']
secret_key = cpabe.keygen(pk, msk, attributes)
# generate a Practitioiner#1 key
practitioner1_attr_list = ['ONE', 'THREE', 'FOUR']
practitioner1_key = cpabe.keygen(pk, msk, practitioner1_attr_list)
# generate a Practitioiner#2 key
practitioner2_attr_list = ['THREE', 'FOUR']
practitioner2_key = cpabe.keygen(pk, msk, practitioner2_attr_list)
# test encryption and decryption time
# test for 10 rounds
times_p1 = []
times_p2 = []
times_enc = []
times_dec = []
Rounds = 10
policy_str = '((ONE and THREE) and (TWO OR FOUR))'
for _ in range(Rounds):
# choose a random message pretend to be owner's record
msg = pairing_group.random(GT)
# generate a ciphertext
start_time = time()
ctxt = cpabe.encrypt(pk, msg, policy_str)
end_time = time()
times_enc.append(end_time - start_time)
# decryption as Owner
start_time = time()
rec_msg = cpabe.decrypt(pk, secret_key, ctxt)
end_time = time()
times_dec.append(end_time - start_time)
if rec_msg == msg:
print ("Successful decryption as Owner.")
else:
print ("Decryption as a Owner failed.")
# decryption as Practitioner
start_time = time()
rec_msg = cpabe.decrypt(pk, practitioner1_key, ctxt)
end_time = time()
times_p1.append(end_time - start_time)
if rec_msg == msg:
print ("Successful decryption as a Practitioner#1.")
else:
print ("Decryption as a Practitioner#1 failed.")
# decryption as Practitioner#2
start_time = time()
rec_msg = cpabe.decrypt(pk, practitioner2_key, ctxt)
end_time = time()
times_p2.append(end_time - start_time)
if rec_msg == msg:
print ("Successful decryption as a Practitioner#2.")
else:
print ("Decryption as a Practitioner#2 failed.")
Print_Time(times_enc, times_dec, times_p1)
if __name__ == "__main__":
main()