The encryption of user data is crucial when employing electronic health record services to guarantee the security of the data stored on cloud servers.Attribute-based encryption(ABE)scheme is considered a powerful encr...The encryption of user data is crucial when employing electronic health record services to guarantee the security of the data stored on cloud servers.Attribute-based encryption(ABE)scheme is considered a powerful encryption technique that ofers fexible and fne-grained access control capabilities.Further,the multi-user collaborative access ABE scheme additionally supports users to acquire access authorization through collaborative works.However,the existing multi-user collaborative access ABE schemes do not consider the diferent weights of collaboration users.Therefore,using these schemes for weighted multi-user collaborative access results in redundant attributes,which inevitably reduces the efciency of the ABE scheme.This paper proposes a revocable and verifable weighted attribute-based encryption with collaborative access scheme(RVWABE-CA),which can provide efcient weighted multi-user collaborative access,user revocation,and data integrity verifcation,as the fundamental cornerstone for establishing a robust framework to facilitate secure sharing of electronic health records in a public cloud environment.In detail,this scheme employs a novel weighted access tree to eliminate redundant attributes,utilizes encryption version information to control user revocation,and establishes Merkle Hash Tree for data integrity verifcation.We prove that our scheme is resistant against chosen plaintext attack.The experimental results demonstrate that our scheme has signifcant computational efciency advantages compared to related works,without increasing storage or communication overhead.Therefore,the RVWABE-CA scheme can provide an efcient and fexible weighted collaborative access control and user revocation mechanism as well as data integrity verifcation for electronic health record systems.展开更多
Hierarchical Identity-Based Broadcast Encryption (HIBBE) organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of us...Hierarchical Identity-Based Broadcast Encryption (HIBBE) organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of users while only intended users can decrypt. However, current HIBBE schemes do not support efficient revocation of private keys. Here, a new primitive called Revocable Hierarchical Identity-Based Broadcast Encryption (RHIBBE) is formalized that allows revocation of the HIBBE. Ciphertext indistinguishability is defined against the selectively Bounded Revocable Identity-Vector-Set and Chosen-Plaintext Attack (IND-sBRIVS-CPA). An IND-sBRIVS-CPA secure RHIBBE scheme is constructed with efficient revocation on prime-order bilinear groups. The unbounded version of the scheme is also shown to be secure but a little weaker than the former under the decisional n-Weak Bilinear Diffie-Hellman inversion assumption.展开更多
基金supported in part by the National Natural Science Foundation of China under Grant 61872409,Grant 61872152 and Grant 62272174in part by Guangdong Basic and Applied Basic Research Foundation under Grant 2020A1515010751+2 种基金in part by the Guangdong Major Project of Basic and Applied Basic Research under Grant 2019B030302008in part by the Science and Technology Program of Guangzhou under Grant 201902010081in part by Guangdong Basic and Applied Basic Research Foundation under Grant 2023A1515011194.
文摘The encryption of user data is crucial when employing electronic health record services to guarantee the security of the data stored on cloud servers.Attribute-based encryption(ABE)scheme is considered a powerful encryption technique that ofers fexible and fne-grained access control capabilities.Further,the multi-user collaborative access ABE scheme additionally supports users to acquire access authorization through collaborative works.However,the existing multi-user collaborative access ABE schemes do not consider the diferent weights of collaboration users.Therefore,using these schemes for weighted multi-user collaborative access results in redundant attributes,which inevitably reduces the efciency of the ABE scheme.This paper proposes a revocable and verifable weighted attribute-based encryption with collaborative access scheme(RVWABE-CA),which can provide efcient weighted multi-user collaborative access,user revocation,and data integrity verifcation,as the fundamental cornerstone for establishing a robust framework to facilitate secure sharing of electronic health records in a public cloud environment.In detail,this scheme employs a novel weighted access tree to eliminate redundant attributes,utilizes encryption version information to control user revocation,and establishes Merkle Hash Tree for data integrity verifcation.We prove that our scheme is resistant against chosen plaintext attack.The experimental results demonstrate that our scheme has signifcant computational efciency advantages compared to related works,without increasing storage or communication overhead.Therefore,the RVWABE-CA scheme can provide an efcient and fexible weighted collaborative access control and user revocation mechanism as well as data integrity verifcation for electronic health record systems.
基金supported by the National Key Research and Development Program of China (No. 2017YFB0802502)the National Natural Science Foundation of China (Nos. 61672083, 61370190, 61532021, 61472429, 61402029, 61702028, and 61571024)+3 种基金the National Cryptography Development Fund (No. MMJJ20170106)the Planning Fund Project of Ministry of Education (No. 12YJAZH136)the Beijing Natural Science Foundation (No. 4132056)the Fund of the State Key Laboratory of Information Security, the Institute of Information Engineering, and the Chinese Academy of Sciences (No. 2017-MS-02)
文摘Hierarchical Identity-Based Broadcast Encryption (HIBBE) organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of users while only intended users can decrypt. However, current HIBBE schemes do not support efficient revocation of private keys. Here, a new primitive called Revocable Hierarchical Identity-Based Broadcast Encryption (RHIBBE) is formalized that allows revocation of the HIBBE. Ciphertext indistinguishability is defined against the selectively Bounded Revocable Identity-Vector-Set and Chosen-Plaintext Attack (IND-sBRIVS-CPA). An IND-sBRIVS-CPA secure RHIBBE scheme is constructed with efficient revocation on prime-order bilinear groups. The unbounded version of the scheme is also shown to be secure but a little weaker than the former under the decisional n-Weak Bilinear Diffie-Hellman inversion assumption.
