在做毕业设计, 所以顺便把做的实验总结成文章.
CP-ABE原理
另一篇文章总结了
搭建CP-ABE系统
注意必须先确保正确安装了Charm-crypto环境. 安装比较坑, 可以根据我的文章安装.
/qq_33976344/article/details/115383904
系统结构图
算法
(1) Setup()Setup()Setup(): 生成主密钥MK, 公开参数PK. MK是只有算法构造者掌握, PK被所有相同参与者接收
(2) CTT=Encrypt(PK,T,M)CT_T = Encrypt(PK, T, M)CTT=Encrypt(PK,T,M): 使用PK, 访问结构T, 将明文M加密为密文CTTCT_TCTT
(3) SKS=KeyGen(MK,S)SK_S = KeyGen(MK, S)SKS=KeyGen(MK,S): 用MK, 用户属性值S生成用户私钥SKSSK_SSKS
(4) M=Decrypt(CTT,SKS)M = Decrypt(CT_T, SK_S)M=Decrypt(CTT,SKS): 用户用私钥SKSSK_SSKS解密CTTCT_TCTT得到明文M, 当且仅当用户属性S满足访问结构T时才能解密成功.
角色
可信权威: 维护属性和密钥的对应, 负责执行算法的(1), (3); 持有MK, 同时要为用户分发密钥SKSSK_SSKS数据所有者: 通过数据服务者向用户分享数据, 负责定义访问结构T, 执行算法的(2), 加密要分享的数据.用户: 持有可信权威分发的属性密钥SKSSK_SSKS, 执行算法(4), 可以解密相应的数据.服务提供者: 只做数据存储功能的提供者, 不参与任何算法执行.
实现系统配置、密钥分发、加密和解密,属性结构树设置,并测试加解密时间. 代码如下:
from charm.toolbox.pairinggroup import PairingGroup, GTfrom charm.schemes.abenc.abenc_bsw07 import CPabe_BSW07from time import *def Print_Time(T_encrypt: list, T_decrypt1: list, T_decrypt2:list):print('Time of Encryption:')for _ in range(len(T_encrypt)):print(T_encrypt[_], end = ' ')print('')print('Average time used: ', sum(T_encrypt) / len(T_encrypt), '\n')print('Time of Decryption#1:')for _ in range(len(T_decrypt1)):print(T_decrypt1[_], end = ' ')print('')print('Average time used: ', sum(T_decrypt1) / len(T_decrypt1), '\n')print('Time of Decryption#2:')for _ in range(len(T_decrypt2)):print(T_decrypt2[_], end = ' ')print('')print('Average time used: ', sum(T_decrypt2) / len(T_decrypt2), '\n')def main():# instantiate a bilinear pairing mappairing_group = PairingGroup('SS512')# CP-ABE under DLIN (2-linear)cpabe = CPabe_BSW07(pairing_group)# run the set up(pk, msk) = cpabe.setup()# generate a secret_keyattributes = ['ONE', 'TWO', 'THREE', 'FOUR']secret_key = cpabe.keygen(pk, msk, attributes)# generate a Practitioiner#1 keypractitioner1_attr_list = ['ONE', 'THREE', 'FOUR']practitioner1_key = cpabe.keygen(pk, msk, practitioner1_attr_list)# generate a Practitioiner#2 keypractitioner2_attr_list = ['THREE', 'FOUR']practitioner2_key = cpabe.keygen(pk, msk, practitioner2_attr_list)# test encryption and decryption time# test for 10 roundstimes_p1 = []times_p2 = []times_enc = []times_dec = []Rounds = 10policy_str = '((ONE and THREE) and (TWO OR FOUR))'for _ in range(Rounds):# choose a random message pretend to be owner's recordmsg = pairing_group.random(GT)# generate a ciphertextstart_time = time()ctxt = cpabe.encrypt(pk, msg, policy_str)end_time = time()times_enc.append(end_time - start_time)# decryption as Ownerstart_time = time()rec_msg = cpabe.decrypt(pk, secret_key, ctxt)end_time = time()times_dec.append(end_time - start_time)if rec_msg == msg:print ("Successful decryption as Owner.")else:print ("Decryption as a Owner failed.")# decryption as Practitionerstart_time = time()rec_msg = cpabe.decrypt(pk, practitioner1_key, ctxt)end_time = time()times_p1.append(end_time - start_time)if rec_msg == msg:print ("Successful decryption as a Practitioner#1.")else:print ("Decryption as a Practitioner#1 failed.")# decryption as Practitioner#2start_time = time()rec_msg = cpabe.decrypt(pk, practitioner2_key, ctxt)end_time = time()times_p2.append(end_time - start_time)if rec_msg == msg:print ("Successful decryption as a Practitioner#2.")else:print ("Decryption as a Practitioner#2 failed.")Print_Time(times_enc, times_dec, times_p1)if __name__ == "__main__":main()
