論文使用權限 Thesis access permission:自定論文開放時間 user define
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available
博碩士論文 etd-0720117-152909 詳細資訊
Title page for etd-0720117-152909
論文名稱 Title |
屬性加密與金鑰聚合加密系統之轉換 Conversion Between Attribute-Based Encryptions and Key-Aggregate Cryptosystems |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
39 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2017-07-17 |
繳交日期 Date of Submission |
2017-08-21 |
關鍵字 Keywords |
金鑰聚合加密系統、金鑰封裝機制、通用架構、線性秘密分享、屬性加密機制、長度固定之私鑰 Attribute-Based Encryption, Key-Aggregation Cryptosystem, Constant-Size Private Key, Linear Secret Sharing, Key Encapsulation Mechanism, Generic Construction |
||
統計 Statistics |
本論文已被瀏覽 5779 次,被下載 23 次 The thesis/dissertation has been browsed 5779 times, has been downloaded 23 times. |
中文摘要 |
密碼元件的通用架構是連結兩個不同研究領域的好方法。若建立了這類的架構,一個領域中的問題將能從另一個領域的角度著手解決。在本論文中我們提出了兩種基於屬性之密碼元件的通用架構。首先,我們提出了一個方法將金鑰聚合加密系統與只支援OR閘的密鑰政策之屬性加密機制互相轉換。接著,我們提出了一個利用金鑰聚合金鑰封裝機制通用架構密文政策之屬性密鑰封裝機制,這個機制也可支援豐富的權限控管。利用第二個轉換方法我們可以建造出第一個密鑰大小不會隨屬性增減的密文政策之屬性密鑰封裝機制。緊接著,我們更證明了這些密碼元件會享有與底層元件相同的安全性。 |
Abstract |
Generic construction of cryptographic primitives is a way to connect two research areas. The problems in one area may be solved in the other area if such connections are built. In this thesis, two generic constructions of attribute-based primitives are proposed. First, we give a bi-directional conversion between a key-aggregate cryptosystem and a key-policy attribute-based encryption with OR-gate-only access structures. Second, we give a generic construction of a ciphertext-policy attribute-based key encapsulation mechanism (CP-ABKEM) from a key-aggregate key encapsulation mechanism. Moreover, the proposed CP-ABKEM supports expressive access structures. Based on our conversion, we can construct the first ciphertext-policy attribute based key encapsulation mechanism with constant-size private keys. We further prove that the proposed schemes achieves the same security properties as those of the underlying primitives. |
目次 Table of Contents |
論文審定書 i Acknowledgments iii 摘要 iv Abstract v List of Tables viii Chapter 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1 1.1 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Chapter 2 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 2.1 Access Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2 Linear Secret-Sharing Scheme (LSSS) . . . . . . . . . . . . . . . . . . . . . . . 5 2.3 Reproducibility Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.4 Syntax and Security Definition for Key-Policy Attribute-Based Encryption . . 6 2.4.1 Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.4.2 Security Notion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.5 Syntax and Security Definition for Ciphertext-Policy Attribute-Based Key Encapsulation Mechanism . . . . . . . . . 7 2.5.1 Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.5.2 Security Notion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.6 Syntax and Security Definition for Key-Aggregate Cryptosystem . . . . . . . . 9 2.6.1 Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.6.2 Security Notion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.7 Syntax and Security Definition for Key-Aggregate Key Encapsulation Mechanism 10 2.7.1 Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.7.2 Security Notion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Chapter 3 Our Construction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 3.1 The relationship between KAC and OR-gate-only KP-ABE . . . . . . . . . . . 13 3.1.1 Conversion between an access structure and a set of file indices . . . . 13 3.1.2 KP-ABE from KAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.1.3 KAC from KP-ABE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.2 CP-ABKEM from KAKEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.2.1 The extension from KAKEM to multi-identifier KAKEM (MIKAKEM) 16 3.2.2 CP-ABKEM from MIKAKEM . . . . . . . . . . . . . . . . . . . . . . . . . . .16 Chapter 4 Security Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . .19 4.1 The Security Proof for Confidentiality . . . . . . . . . . . . . . . . . . . . . . . . 19 4.1.1 The KP-ABE scheme from a KAC scheme . . . . . . . . . . . . . . . . 19 4.1.2 The KAC scheme from a KP-ABE scheme . . . . . . . . . . . . . . . . 21 4.1.3 The CP-ABKEM scheme from a MIKAKEM scheme . . . . . . . . . . 22 Chapter 5 Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . 25 Chapter 6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . 26 Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . 27 |
參考文獻 References |
[1] N. Attrapadung, B. Libert, and B.D. Panafieu. Expressive key-policy attribute-based encryption with constant-size ciphertexts. In International Workshop on Public Key Cryptography, pages 90–108. Springer, 2011. [2] A. Beimel. Secure schemes for secret sharing and key distribution. Technion-Israel Institute of technology, Faculty of computer science, 1996. [3] M. Bellare, A. Boldyreva, and J. Staddon. Randomness re-use in multi-recipient encryption schemeas. In International Workshop on Public Key Cryptography, pages 85–99. Springer, 2003. [4] J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-policy attribute-based encryption. In IEEE Symposium on Security and Privacy, 2007. SP’07., pages 321–334. IEEE, 2007. [5] L. Cheung and C. Newport. Provably secure ciphertext policy abe. In Proceedings of the 14th ACM conference on Computer and communications security, pages 456–465. ACM, 2007. [6] J. Chotard, D.H. Phan, and D. Pointcheval. Homomorphic-policy attribute-based key encapsulation mechanisms. PhD thesis, IACR Cryptology ePrint Archive, 2016. [7] C.K. Chu, S.S.M. Chow, W.G. Tzeng, J.Y. Zhou, and R. Deng. Key-aggregate cryptosystem for scalable data sharing in cloud storage. IEEE Transactions on Parallel and Distributed Systems, 25:468–477, 2014. [8] A.W. Dent. A brief history of provably-secure public-key encryption. In International Conference on Cryptology in Africa, pages 357–370. Springer, 2008. [9] K. Emura, A. Miyaji, A. Nomura, K. Omote, and M. Soshi. A ciphertext-policy attributebased encryption scheme with constant ciphertext length. In ISPEC, volume 9, pages 13–23. Springer, 2009. [10] C.I. Fan, Y.F. Tseng, and C.W. Lin. Attribute-based encryption from identity-based encryption. Cryptology ePrint Archive, Report 2017/219, 2017. http://eprint.iacr.org/2017/219. [11] V. Goyal, A. Jain, O. Pandey, and A. Sahai. Bounded ciphertext policy attribute based encryption. In International Colloquium on Automata, Languages, and Programming, pages 579–591. Springer, 2008. [12] V. Goyal, O. Pandey, A. Sahai, and B.Waters. Attribute-based encryption for fine-grained access control of encrypted data. In roceedings of the 13th ACM conference on Computer and communications security, pages 89–98, 2006. [13] F. Guo, Y. Mu, W. Susilo, D.S. Wong, and V. Varadharajan. Cp-abe with constant-size keys for lightweight devices. IEEE transactions on information forensics and security, 9(5):763–771, 2014. [14] J. Herranz. Attribute-based encryption implies identity-based encryption. IACR Cryptology ePrint Archive, 2017:54, 2017. [15] L. Ibraimi, M. Asim, and M. Petkovi´c. Secure management of personal health records by applying attribute-based encryption. In Wearable Micro and Nano Technologies for Personalized Health (pHealth), 2009 6th International Workshop on, pages 71–74. IEEE, 2009. [16] M. Li, S. Yu, Y. Zheng, K. Ren, and W. Lou. Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE transactions on parallel and distributed systems, 24(1):131–143, 2013. [17] X. Liang, Z. Cao, H. Lin, and D. Xing. Provably secure and efficient bounded ciphertext policy attribute based encryption. In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pages 343–352. ACM, 2009. [18] V. Odelu and A.K. Das. Design of a new cp-abe with constant-size secret keys for lightweight devices using elliptic curve cryptography. Security and Communication Networks, 9(17):4048–4059, 2016. [19] V. Odelu, A.K. Das, M.K. Khan, K.K.R. Choo, and M. Jo. Expressive cp-abe scheme for mobile devices in iot satisfying constant-size keys and ciphertexts. IEEE Access, 5:3273–3283, 2017. [20] R. Ostrovsky, A. Sahai, and B. Waters. Attribute-based encryption with non-monotonic access structures. In Proceedings of the 14th ACM conference on Computer and communications security, pages 195–203. ACM, 2007. [21] W. Qiuxin. A generic construction of ciphertext-policy attribute-based encryption supporting attribute revocation. China Communications, 11(13):93–100, 2014. [22] R.L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, 1978. [23] C. Wang and J. Luo. An efficient key-policy attribute-based encryption scheme with constant ciphertext length. [24] G. Wang, Q. Liu, and J. Wu. Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In Proceedings of the 17th ACM conference on Computer and communications security, pages 735–737. ACM, 2010. |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |
國立中山大學 圖書與資訊處 │ 諮詢服務:2452 論文審查小組 │ 服務信箱 │ 系統開發維運:圖資處知識創新組
Office of Library and Information Services, National Sun Yat-sen University │ Contact Us : 2452 Thesis Format Review Team , Mail │ Development and operations : Knowledge Innovation Division, LIS