Ciphertext Policy 속성기반 암호화의 효율적인 속성값 철회 기법

Abstract

속성기반 암호화는 2005년 Sahai등이 최초로 제안했으며 이후 암호문에 대한 접근을 제어하는 Access Tree의 위치에 따라 Key-Policy 속성기반 암호화(KP-ABE)와 Ciphertext-Policy 속성기반 암호화(CP-ABE)로 나눠 연구가 진행됐다. 속성값 철회에 대한 연구는 속성기반 암호화 초창기에는 고려되지 않았으며 2007년에 Bethencourt와 Ostrovsky에 의해 제안됐다. 하지만 기존의 속성값 철회에 대한 연구는 주로 KP-ABE에서 이루어지고 있을 뿐만 아니라 메시지 전송 횟수, 철회자 목록의 유지, NOT연산을 위한 추가적인 제한사항 요구 등에서 효율성이 떨어지는 단점이 있다. 본 논문에서는 CP-ABE에서 효율적인 속성값 철회 기법을 제안한다. 이를 위해 먼저 CP-ABE를 소개하고, 기존에 제안된 속성값 철회 기법의 특징과 문제점을 제시하며, 본 논문에서 제안하는 방법을 설명한 후, 제안하는 방법에 대한 안전성 분석과 기존의 기법과의 효율성 분석을 한다. 제안하는 기법은 CP-ABE에서 사용되는 두 가지 값을 이용한다. 먼저 사용자 개인키에 존재하는 사용자 고유의 값을 이용해 철회자를 구별하며, 개인키와 암호문에서 속성에 대해 공유하는 값을 이용해 속성값을 갱신한다. 이 두가지 값은 하나의 메시지로 묶어 사용하며, 전체 속성과 전체 사용자의 속성값 갱신을 한번의 메시지로 처리한다. 제안하는 방법을 통해 철회를 위한 통신비용을 감소시키고 철회리스트를 유지할 필요가 없어 효율적인 속성값 철회가 가능하다.| In 2005, Attribute Based Encryption was developed by Sahai et al. at the first time and after that period, Key-Policy Attibute Based Encryption(KP-ABE) and Ciphertext-Policy Attibute Based Encryption(CP-ABE) have been studied. Attribute revocation was not considered in the initial stage of Attribute Based Encryption and Bethencourt and Ostrovsky suggested this in 2007. However, conventional studies about Attribute revocation have been mainly progressed in KP-ABE and have some disadvantages such as low efficiency number of sending message, maintaing of revoked user list and demanding of additional restriction for NOT calculation. In this paper, efficient attribute revocation scheme at CP-ABE was suggested. For this suggestion, CP-ABE was introduced as a preliminary research and then some properties and problems related with conventional attribute revocation schemes were showed. After this preliminary research, I will explain efficient attribute revocation scheme which is suggested in this paper and security analysis and efficient analysis. The suggested scheme is that using the two values, one is user’s distinct value which is existed in user’s private key and the other is sharing attribute value between private key and ciphertext, deal with the total attribute and total user’s renewal attribute value as a single message. Through this suggested scheme, efficient attribute revocation is feasible because communication cost will be decreased and there is no need to maintain the revoked list.; In 2005, Attribute Based Encryption was developed by Sahai et al. at the first time and after that period, Key-Policy Attibute Based Encryption(KP-ABE) and Ciphertext-Policy Attibute Based Encryption(CP-ABE) have been studied. Attribute revocation was not considered in the initial stage of Attribute Based Encryption and Bethencourt and Ostrovsky suggested this in 2007. However, conventional studies about Attribute revocation have been mainly progressed in KP-ABE and have some disadvantages such as low efficiency number of sending message, maintaing of revoked user list and demanding of additional restriction for NOT calculation. In this paper, efficient attribute revocation scheme at CP-ABE was suggested. For this suggestion, CP-ABE was introduced as a preliminary research and then some properties and problems related with conventional attribute revocation schemes were showed. After this preliminary research, I will explain efficient attribute revocation scheme which is suggested in this paper and security analysis and efficient analysis. The suggested scheme is that using the two values, one is user’s distinct value which is existed in user’s private key and the other is sharing attribute value between private key and ciphertext, deal with the total attribute and total user’s renewal attribute value as a single message. Through this suggested scheme, efficient attribute revocation is feasible because communication cost will be decreased and there is no need to maintain the revoked list.