一种基于异或运算的属性撤销CP-ABE方案

针对属性撤销CP-ABE方案中密钥更新时属性授权机构与用户之间的通信开销过大及密文更新时云存储中心的计算复杂度过高的问题，本文提出一种基于异或运算的、支持属性级撤销的密文策略属性基加密方案. 在该方案中，属性授权机构先将需要撤销的属性名称、被撤销用户的标识及新的时间参数发送给云存储中心，然后云存储中心根据用户标识和新的时间参数的异或结果与密文的一部分进行异或运算，得到新密文.收到新密文后，正常用户可以利用自己的密钥解密得到原密文，进而得到明文，而被撤销用户则只能使用已撤销属性的新密钥才能解密得到原密文，从而实现属性级撤销. 理论分析和数值模拟表明，在保证系统安全性的前提下，该方案能够减少属性授权机构与用户间的通信开销，降低云存储中心的计算复杂度.

A CP-ABE scheme for attribute revocation based on XOR operation

Aiming at the problems of high communication overhead between attribute authorization authority and normal users when the key is updated, high computational complexity in cloud center when the ciphertext is updated, an attribute-based ciphertext policy encryption scheme based on XOR operation is proposed to support attribute level revocation. Attribute authorization first sends the attribute name and the user ID to be revoked and the new time parameter to the cloud center. Then the cloud center uses the XOR result of the user ID and the new time parameter to perform the XOR operation with part of the ciphertext to obtain the new ciphertext. The normal user can decrypt the original ciphertext by using his own key, and further obtain the plaintext. The revoked user can decrypt the original ciphertext only by using the new key of the revoked attribute, thereby realizing attribute level revocation. The analysis shows that under the premise of ensuring system security, this scheme reduces the communication overhead between attribute authorization and users, and reduces the computing complexity in cloud center.