发明名称 |
Method for attribute based broadcast encryption with permanent revocation |
摘要 |
The invention is a method for broadcast encryption that allows a broadcaster to send encrypted data to a set of users such that only a subset of authorized users can decrypt said data. The method comprises modifications to the four stages of the basic Cipher-text Policy Attribute-Based Encryption techniques. The method can be adapted to transform any Attribute-Based Encryption scheme that supports only temporary revocation into a scheme that supports the permanent revocation of users. |
申请公布号 |
US9413528(B2) |
申请公布日期 |
2016.08.09 |
申请号 |
US201214239580 |
申请日期 |
2012.08.22 |
申请人 |
Ben-Gurion University of the Negev Research and Development Authority |
发明人 |
Dolev Shlomi;Gilboa Niv;Kopeetsky Marina |
分类号 |
H04L9/08;H04N21/2347;H04N21/266;H04N21/4405;H04N21/4623;H04L9/30 |
主分类号 |
H04L9/08 |
代理机构 |
Roach Brown McCarthy & Gruber, P.C. |
代理人 |
Roach Brown McCarthy & Gruber, P.C. ;McCarthy Kevin D. |
主权项 |
1. A method of modifying the four stages of the Cipher-text Policy Attribute-Based Encryption (CP-ABE) method that allows a broadcaster to send encrypted data to a set of users such that only a subset of authorized users can decrypt the data, wherein the method supports permanent revocation of users;
the modified CP-ABE method comprising:
a) in the setup stage—the broadcaster adds a secret random component CTRεZp to random secrets α,βεZp included in a master key MK, which is used to produce a public key PK;b) in the key generation stage—a component Ei=e(g,g)ri·CTR, which securely encapsulates the random control component CTR, is added to a set of attributes of a user that encodes the state of each user Ui to generate the secret private key SK that the broadcaster sends to Ui, wherein g is a random generator of a bilinear group G0 of prime order p, e: G0×G0→G1 is a proper bilinear map, ri is a random number chosen from Zp is a different random integer for each user, and CTRεZp is the global state;c) in the encrypt stage: the broadcaster uses an algorithm that includes a random secret for sharing sεzp to construct a ciphertext, the global secret key is encrypted by the private keys of the subset of authorized users, the broadcaster updates the global state by
CTR=CTR+s and the broadcaster updates s upon a revocation event as
s2=−s−CTR mod p and shares s2 with non-revoked users from an updated set of attributes; and
d) in the decrypt stage: user i computes a parameter
Ai=e(g,g)ris and then user i updates its local state by
Ei=Ei·Ai=e(g,g)riCTR·e(g,g)ris=e(g,g)ri(CTR+s). |
地址 |
Beer Sheva IL |