The Research Of Ciphertext-policy Attribute-Based Encryption

With the development of the network, the traditional public key encryption was unable to meet requirements. In order to solve the certificate management and other issues,identity-based encryption system came into being.Attribute-based encryption system is the extension of identity-based encryption system, which support many to many communication.ABE can be roughly divided into three categories:early attribute encryption without accessstructure.key-policy attribute-based encryption, ciphertext-policy atribute-based encryption. Encryption does not need to specify a specific recipient, the recipient only to satisfy the access structure to decrypt the message.Attribute-based encryption was first proposed by Sahai and Waters in 2005. In their scheme, the user’s identity information is no longer a simple single message, but composed by a series of attributes. Algorithm which generates a private key takes a set of attributes as input, ie the private key was associated with a set of attributes corresponding to each user, the encryption algorithm takes message and a set of attributes as input, which generated ciphertext corresponds to a set of attributes. Only when the user’s private key set of attributes and the attribute set intersected the ciphertext number greater than a certain threshold value, the ciphertext can be decrypted. In 2006, Goyal divide attribute-based encryption into ciphertext-policy attribute encryption (CP-ABE) and key-policy attribute-based encrypiton (KP-ABE) depending on the access policy, and achieved the first KP-ABE program. In 2007 Bethencourt presented the first CP-ABE program.Firstly,the study attribute-based encryption system in recent years has been introduced,including the details of Brent Waters’s ciphertext-policy encryption scheme. After careful analysis of the paper,the original scheme can be improved from the following three aspects:1) To improve the efficiency of the scheme,the research about hierarchical attribute-based cryptography is significant, on the basis of the original scheme,this paper designed hierarchical scheme, the user’s private key not only can be generated by the root, but also can be generated by the ancestor node.2) The original scheme achieved the IND-CPA security which is the basic security requirements, but in actual use, the adversary can often obtain decryption services, so this paper using a strong one-way signature scheme to improve the original program, thus achieve the IND-CCA security.After careful analysis of the original-program, we found that the original scheme cannot resist ciphertext tampering attack. We use strong signature scheme to sign the ciphertext of the original scheme,when decryption we firstly verificate the signature to ensure that the original ciphertext not been tampered, and thus achieve the goal of the resistance to ciphertext tampering attack.