可外包解密和成员撤销的身份基加密方案

安全外包给云服务器，轻量级设备仅需少量运算即可解密密文。最后，基于判定双线性Diffie-Hellman逆转（DBDHI）假设，证明了所提方案的安全性。与BGK方案相比，该方案的密钥更新效率提高了85.7%，轻量级设备的解密过程减少到一个椭圆曲线指数运算，非常适合于轻量级设备解密密文。

关键词：身份基加密;成员撤销;完全子树方法;外包解密技术;轻量级设备

中图分类号： TP309.7文献标志码：A

Revocable identity-based encryption scheme with outsourcing decryption and

member revocation

WANG Zhanjun1， MA Haiying2*， WANG Jinhua1， LI Yan2

（1. School of Sciences， Nantong University， Nantong Jiangsu 226019， China;

2. School of Information Science and Technology， Nantong University， Nantong Jiangsu 226019， China）

Abstract： For the drawbacks of low key updating efficiency and high decryption cost of the Revocable Identity-Based Encryption （RIBE）， which make it unsuitable for lightweight devices， an RIBE with Outsourcing Decryption and member revocation （RIBE-OD） was proposed. Firstly， a full binary tree was created and a random one-degree polynomial was picked for each node of this tree. Then， the one-degree polynomial was used to create the private keys of all the users and the update keys of the uevoked users by combining the IBE scheme based on exponential inverse model and the full subtree method， and the revoked users’ decryption abilities were deprived due to not obtaining their update keys. Next， the majority of decryption calculation was securely outsourced to cloud servers after modifying the private key generation algorithm by the outsourcing decryption technique and adding the ciphertext transformation algorithm. The lightweight devices were able to decrypt the ciphertexts by only performing a little simple computation. Finally， the proposed scheme was proved to be secure based on the Decisional Bilinear Diffie-Hellman Inversion （DBDHI） assumption. Compared with Boldyreva-Goyal-Kumar （BGK） scheme， the proposed scheme not only improves the efficiency of key updating by 85.7%， but also reduces the decryption cost of lightweight devices to an exponential operation of elliptic curve， so it is suitable for lightweight devices to decrypt ciphertexts.

Key words： Identity-Based Encryption （IBE）; member revocation; full subtree method; outsourcing decryption technology; lightweight device

0 引言

1984年，文獻[1]首次提出了身份基加密机制（Identity-Based Encryption， IBE）的概念。在IBE中，用户可以使用一个唯一的字符串（例如家庭住址、身份证号、E-mail地址等）表示自己的身份信息，密钥生成中心（Key Generation Center， KGC）利用该身份信息和系统主密钥为其生成用户私钥，加密者利用接收者身份信息和系统公钥加密消息。IBE删除了传统公钥加密机制中证书验证过程，提高了加密效率。2001年，文献[2]利用椭圆曲线上的双线性映射提出了第一个实用且可行的IBE方案，并在随机预言模型下证明了此方案的安全性。随后，学者们提出了许多实用的IBE方案[2-4]。依据密文和私钥的构造模式不同，身份基加密可分为交换隐藏、全域哈希和指数逆三种类型[3]。其中，基于指数逆模式构造的IBE方案效率较高，因此，本文采用文献[5]提出的基于指数逆模式构造的IBE方案来构造本文的方案。然而，在实际应用中用户私钥可能会泄漏、丢失或者到期，因此，IBE需要提供一种有效的成员撤销机制。