Method and System for Group-oriented Encryption and Decryption with Selection and Exclusion Functions

Abstract

A method and system for group-oriented encryption and decryption that supports the implementation of the designation and revocation functions of decryption users in a large-scale group. During the encryption, the system acquires a corresponding aggregate function according to an encryption mode; acquires any selected subset S and public parameters, and outputs an aggregate value of the subset S; generates a ciphertext of to-be-transmitted information according to the public parameters, a to-be-transmitted message and the aggregate value; acquires the encryption mode and the subset S comprised in the received ciphertext, operates the subset S and an identity of a current decryptor according to the encryption mode, and outputs a new subset S′; acquires an aggregate function corresponding to the encryption mode during the decryption; outputs an aggregate value of the new subset S′; and decrypts the received ciphertext according to the public parameters and the aggregate value, so as to obtain the to-be-transmitted information.

Claims

1. A method for performing group-oriented encryption and decryption with selection and exclusion functions, comprising: acquiring an encryption mode of a to-be-transmitted message, and setting an aggregation function corresponding to the encryption mode during encryption according to a preset mapping relationship between the encryption mode and the aggregation function; acquiring any selected subset S and public parameters, and outputting an aggregated value of the subset S by using the acquired aggregation function corresponding to the encryption mode during encryption, the subset S and the public parameters; generating a ciphertext of the to-be-transmitted message according to the public parameters, the to-be-transmitted message and the aggregated value of the subset S; receiving the ciphertext, acquiring the encryption mode and the subset S comprised in the received ciphertext, and operating the subset S and an identity of a current decryptor according to the encryption mode to output a new subset S′; acquiring an aggregation function corresponding to the encryption mode during decryption according to the preset mapping relationship between the encryption mode and the aggregation function; acquiring the public parameters, and outputting an aggregated value of the new subset S′ by using the acquired aggregation function corresponding to the encryption mode during decryption, the new subset S′ and the public parameters; and acquiring a private decryption key of the current decryptor, decrypting the received ciphertext according to the public parameters, the aggregated value of the new subset S′ and the private decryption key, so as to obtain the to-be-transmitted message.

2. The method according to claim 1, wherein the encryption mode comprises two modes: a Select-mode and an Exclude-mode; if the encryption mode is the Select-mode, it means that: only users in the subset S are allowed to decrypt the received ciphertext; and if the subset S is a set of all users in the group, it means that all users in the group are selected to decrypt the received ciphertext; if the encryption mode is the Exclude-mode, it means that: any other users in the group except those in the subset S are allowed to decrypt the received ciphertext; if the subset S is null, it means that: no user in the group is excluded to decrypt the received ciphertext; during the encryption, the preset mapping relationship between the encryption mode and the aggregation function comprises: the Select-mode maps a poles-based aggregation function; and the Exclude-mode maps a zeros-based aggregation function;

3. The method according to claim 2, wherein the acquiring any selected subset S and public parameters, and outputting an aggregated value of the subset S by using the acquired aggregation function, the subset S and the public parameters comprises: if the acquired encryption mode is the Select-mode, invoking a poles-based aggregation function to output an aggregated value of the subset S according to any selected subset S and the public parameters; and if the acquired encryption mode is the Exclude-mode, invoking a zeros-based aggregation function to output an aggregated value of the subset S according to any selected subset S and the public parameters.

4. The method according to claim 1, wherein the operating the subset S and an identity of a current decryptor according to the encryption mode to output a new subset S′ comprises: if the acquired encryption mode is the Select-mode and an identity ID of a current decryptor belongs to the subset S, i.e., ID∈S, operating the identity ID and the subset S to obtain a new subset S.sub.−′=S\{ID}; and if the acquired encryption mode is the Exclude-mode and the identity ID of the current decryptor does not belong to the subset S, i.e. ID.Math.S, operating the identity ID and the subset S to obtain a new subset S.sub.+′=S∪{ID}.

5. The method according to claim 4, wherein during the decryption, the preset mapping relationship between the encryption mode and the aggregation function comprises: a select-mode maps a zeros-based aggregation function; and an Exclude-mode maps a poles-based aggregation function; wherein the acquiring the public parameters, and outputting an aggregated value of the new subset S′ by using the acquired aggregation function, the new subset S′ and the public parameters comprises: if the acquired encryption mode is the Select-mode, invoking a zeros-based aggregation function to output an aggregated value of the subset S.sub.−′ according to the new subset S.sub.−′ and the public parameters; and if the acquired encryption mode is the Exclude-mode, invoking a poles-based aggregation function to output an aggregated value of the subset S.sub.+′ according to the new subset S.sub.+′ and the public parameters.

6. The method according to claim 1, wherein the ciphertext comprises a subset S, an encryption mode and a ciphertext body, wherein the ciphertext body is of a constant size.

7. The method according to claim 1, wherein the acquiring a private decryption key of the current decryptor comprises: generating a private decryption key of the current decryptor according to a unique identity of the current decryptor, wherein the private decryption key is of a constant size and unique, and supports a group-oriented cryptosystem in which multiple private decryption keys correspond to one public key; and the identity comprises an arbitrary character string; a to-be-transmitted message can be encrypted as long as a sender knows an identity of a user, and the identity is further used for generating a group, that is, this identity corresponds to one element in the group.

8. A method for performing group-oriented encryption and decryption with selection and exclusion functions, comprising: acquiring an encryption mode of a to-be-transmitted message and setting an aggregation function corresponding to the encryption mode during encryption according to a preset mapping relationship between the encryption mode and the aggregation function; acquiring any selected subset S and public parameters, and outputting an aggregated value of the subset S according to the acquired aggregation function, the subset S and the public parameters; and generating a ciphertext of the to-be-transmitted message according to the public parameters, the to-be-transmitted message and the aggregated value.

9. (canceled)

10. A system for performing group-oriented encryption and decryption with selection and exclusion functions, comprising: an encryption selection unit, which is configured to acquire an encryption mode of a to-be-transmitted message, and set an aggregation function corresponding to the encryption mode during encryption according to a preset mapping relationship between the encryption mode and the aggregation function; an encryption aggregation unit, which is configured to acquire any selected subset S and public parameters, and output an aggregated value of the subset S by using the acquired aggregation function corresponding to the encryption mode during encryption, the subset S and the public parameters; a ciphertext generating unit, which is configured to generate a ciphertext of the to-be-transmitted message according to the public parameters, the to-be-transmitted message and the aggregated value of the subset S; a set operation unit, which is configured to receive the ciphertext, acquire the encryption mode and the subset S comprised in the received ciphertext, and operate the subset S and an identity of a current decryptor according to the encryption mode to output a new subset S′; a decryption selection unit, which is configured to acquire an aggregation function corresponding to the encryption mode during decryption according to the preset mapping relationship between the encryption mode and the aggregation function; a decryption aggregation unit, which is configured to acquire the public parameters, and output an aggregated value of the new subset S′ by using the acquired aggregation function corresponding to the encryption mode during decryption, the new subset S′ and the public parameters; and a plaintext generating unit, which is configured to acquire a private decryption key of the current decryptor, decrypt the received ciphertext according to the public parameters, the aggregated value of the new subset S′ and the private decryption key, so as to obtain the to-be-transmitted message.

11. The method for performing group-oriented encryption and decryption with selection and exclusion functions according to claim 8, further comprising: acquiring an encryption mode and a subset S in the ciphertext, operating the subset S and an identity of a current decryptor according to the encryption mode to output a new subset S′. acquiring an aggregation function corresponding to the encryption mode during decryption according to a preset mapping relationship between the encryption mode and the aggregation function; acquiring public parameters, and outputting an aggregated value of the new subset S′ according to the acquired aggregation function, the subset S′ and the public parameters; and acquiring a private decryption key of the current decryptor, and decrypting the received ciphertext according to the public parameters, the aggregated value of the new subset S′ and the private decryption key, so as to obtain the to-be-transmitted message.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0062] FIG. 1 is a flow diagram illustrating the method of group-oriented encryption and decryption with selection and exclusion functions in accordance with the embodiment of the invention.

[0063] FIG. 2 is a structure diagram illustrating the system of group-oriented encryption and decryption with selection and exclusion functions in accordance with the embodiment of the invention.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

[0064] In order to make the purposes, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below in combination with the accompanying drawings and the embodiments. It should be understood that the specific embodiments described herein are merely used for interpreting the present invention, rather than limiting the present invention.

[0065] On the contrary, the present invention covers any substation, modification, equivalent method and solution defined by the claims within the essence and scope of the present invention. Further, in order to make the public better understand the present invention, some specific details are described below in the detail description of the present invention.

Embodiment 1

[0066] In the embodiment of the present invention, the provided method of group-oriented encryption and decryption with selection and exclusion functions comprises:

[0067] 1. Acquiring the encryption mode Mode of the to-be-transmitted information M. According to the predetermined mapping between the encryption mode Mode and the aggregation function Aggregation, setting the corresponding aggregation function Aggregation corresponding to the encryption mode Mode during encrypting.

[0068] 2. Acquiring any selected subset S and the public parameter mpk, the aggregated value R.sub.S of the subset S is outputted by reference to the aggregation function Aggregation corresponding to the encryption mode during encryption, the subset S and the public parameter mpk.

[0069] 3. Generating the ciphertext C of the to-be-transmitted information M according to the public parameter mpk, the to-be-transmitted message M and the aggregated value R.sub.S.

[0070] 4. Receiving the ciphertext, acquiring the encryption mode Mode and the subset S comprised in the received ciphertext C, operating the subset S and the identity of a current decryptor according to the encryption mode Mode, and outputting a new subset S′;

[0071] 5. According to the predetermined mapping between the encryption mode Mode and the aggregation function Aggregation acquiring an aggregation function Aggregation corresponding to the encryption mode Mode during decryption.

[0072] 6. Acquiring the public parameter mpk, and outputting the aggregated value of the new subset S′ based on the aggregation function Aggregation corresponding to the encryption mode during decryption, the new subset S′ and the public parameter mpk.

[0073] 7. Acquiring the private key of the current decryptor, decrypting the received ciphertext C according to the public parameter mpk, the aggregated value of the new subset S′ and the private decryption key, so as to acquire the to-be-transmitted information M.

[0074] According to the method of group-oriented encryption and decryption in the embodiment of the present invention, the implementation of the cryptographic decision-making method of positive and negative membership between element and set based on the aggregation functions, makes it possible to achieve the encryption and decryption method for selecting and excluding the authorization of specified users (the subset S) within a group, to transform the to-be-transmitted message into a constant-sized ciphertext body included in the ciphertext C, so as to promote the security of group-oriented encryption. Moreover, there is no limit to the scale of users and the size of the subset S in the group of cryptosystem.

[0075] In the embodiment of the present invention, the encryption mode referred includes: Select-mode and Exclude-mode.

[0076] If the encryption mode is the Select-mode (u∈S), it means that: only users in the subset S are allowed to decrypt the received ciphertext; and if the subset S is a set of all users in the group, it means that all users in the group are selected to decrypt the received ciphertext;

[0077] If the encryption mode is the Exclude-mode (u.Math.S), it means that: any other users in the group except those in the subset S are allowed to decrypt the received ciphertext; if the subset S is null, it means that: no user in the group is excluded to decrypt the received ciphertext;

[0078] In the embodiment of the present invention, during the encryption of the to-be-transmitted information M, the Poles-based aggregation function will be mapped if the encryption mode is the Select-Mode; while the Zeros-based aggregation function will be mapped if the encryption mode is the Exclude-Mode. During the decryption of the ciphertext, the Zeros-based Aggregation function will be mapped if the acquired encryption mode is the Select-Mode; While the Poles-based Aggregation function will be mapped if the acquired encryption mode is the Exclude-Mode. In order that the Poles-based Aggregation function and the Zeros-based Aggregation function can be better understood, the set-based aggregation algorithm will be briefly described as follows:

[0079] For a given set U={e.sub.1, . . . , e.sub.n} of any size (the set U denotes a complete set that consists of all users in a group or community) and the subset S of the set U (the subset S denotes a set of specified users), all elements of the set S can be aggregated into one or multiple cryptographic random numbers or random vectors through the aggregation function Aggregation. The set-based aggregate algorithm for generating the aggregation function is defined as follows:

[0080] In a cryptosystem, let PK denote the public key space over a group G and S={e.sub.1′, . . . , e.sub.n′}⊂U be arbitrary set of elements. The function Aggregate: PK×2.sup.U custom-character C is a polynomial-time (deterministic or non-deterministic) algorithm satisfying:

Aggregate(mpk,S)=R.sub.S, (1)

where mpk is the public key in PK, mpk∈PK. The public parameter mpk is open for anyone to ensure that the process of aggregation function can be dealt with openly. Meanwhile, the aggregation function Aggregation is a compressing function that compresses all of elements in the set S into a constant-size random number or random vector R, that is, the outputted aggregate value R is constant-sized, and further, the aggregation function Aggregation may be used to implement the cryptographic decision-making of “positive” and “negative” membership between an element and a set. Therefore, the cryptographic decision-making method of “positive” membership may be used to implement the encryption and decryption method with specified “selected” users, meanwhile the cryptographic decision-making method of “negative” membership may be used to implement the encryption and decryption method with specified “excluded” users. Let us see an example in group-oriented broadcast encryption. A data sender wants to send an encrypted sensitive message to all users, but only the specified users can use their private keys to decrypt received messages. To realize this, let the set S be a set of identities of these specified users. The cryptographic decision-making method of positive membership can be employed to determine whether the user's identity e.sub.i is included in the set S. If the element is in the set, the receiver can decrypt the received message; otherwise, the user, even if he has the private key, is unable to decrypt the received message.

[0081] The above-mentioned aggregate algorithm can be used to construct different aggregate functions. The embodiment of the present invention will takes Poles-based aggregation function and Zeros-based aggregation function as examples. The Poles-based aggregation function and Zeros-based aggregation function is briefly addressed as follows:

[0082] 1) Zeros-Based Aggregation Function

[0083] Given any subset S={e.sub.1′, e.sub.2′, . . . , e.sub.m′}⊂U and a cyclic group G of prime order p, where p is a prime number, an algorithm is called Zeros-based aggregation function if there exists a polynomial-time algorithm ZeroAggr outputting G.sub.S=ZerosAggr(mpk,S)= custom-character , where g is the generator of the cyclic group G of prime order p, γ is the introduced random secret and x.sub.i=hash(e.sub.i) is a random point in the cryptography space converted from each element e.sub.i in the set S.

[0084] 2) Poles-Based Aggregation Function

[0085] Given any subset S={e.sub.1′, e.sub.2′, . . . , e.sub.m′}⊂U and a cyclic group G of prime order p, where p is a prime number, an algorithm is called Poles-based aggregation function if there exists a polynomial-time algorithm PolesAggr outputting

[00001] $H_{S} = PolesAggr (mpk, S) = h^{\frac{1}{\underset{e_{i}^{'} \in S}{.Math.} .Math. .Math. (γ + x_{i})}},$

where h is the generator of the cyclic group G of prime order p, γ is the introduced random secret and x.sub.i=hash(e.sub.i) is a random point in the cryptography space converted from each element e.sub.i in the set S.

[0086] The Zeros-based and the Poles-based aggregate functions can output the aggregated value of the set S by virtue of the public parameter mpk even if the random secret γ cannot be obtained (the random secret γ is confidential in cryptography operations).

[0087] In the embodiment of the present invention, the public parameter mpk is absolutely essential to obtain the aggregated value of the set S. As for encryption, the public parameter mpk can be referred to as the public key.

[0088] In the embodiment of the present invention, the generic Bilinear mapping system (as a special case of the Multilinear mapping system) is adopted for our construction. Usually, such a system is defined as Ω={p,G.sub.1,G.sub.2,G.sub.T,e(.Math.,.Math.)}, where G.sub.1,G.sub.2 and G.sub.T are the three multiplicative cyclic groups of prime order p, the element g is the generator of G.sub.1, and the element h is the generator of G.sub.2; such that the Bilinear mapping is indicated as e:G.sub.1×G.sub.2 custom-character G.sub.T. The Bilinear mapping system has the following properties:

[0089] 1) Bilinear: For any a, b belong to □.sub.p*, it can get e(g.sup.a, h.sup.b)=e(g,h).sup.ab, where, □.sub.p*represents the integer module p;

[0090] 2) Non-degenerate: e(g,h)≠1; and

[0091] 3) Computable: There is a polynomial-time algorithm to calculate e(g,h).

[0092] In the embodiment of the present invention, the system of encryption and decryption is composed of the following four algorithms:

[0093] 1. Setup algorithm: takes a specified security parameter (e.g., ciphertext length, etc.) as input, and outputs the master public key mpk and the master secret key msk.

[0094] 2. Key-generating algorithm: takes a unique identity for the user as input, and outputs the user's private decryption key.

[0095] 3. Encrypting operation: takes a set S of users, an encryption mode and a plaintext as input, and outputs a ciphertext.

[0096] 4. Decrypting operation: takes a ciphertext, the set of users and the encryption mode as input during encryption. The user's private decryption key recovers the plaintext, namely, the to-be-transmitted message M, if the user satisfies the requirements specified during encryption.

[0097] (1) The Setup Algorithm of the Invention is Described as Follows:

[0098] 1. To generate the Bilinear mapping system Ω={p,G.sub.1,G.sub.2,G.sub.T,e(.Math.,.Math.)} required by the cryptosystem, choose two elements g and h randomly in G.sub.1 and G.sub.2, respectively, and choose randomly two exponents γ,∈ in Z.sub.p*;

[0099] 2. To calculate R=e(g,h).sup.∈;

[0100] 3. To define the maximum number of the aggregated elements in subset as m (the number of elements of the subset is m), calculate g.sub.k=g.sup.γ.sup.k∈G.sub.1 for k∈[1, m];

[0101] 4. To construct the master secret key msk=(γ,∈,g,g.sup.∈) and the public parameter mpk={Ω,h,R,{g.sub.k}.sub.k∈[1,m], pp=Ø}, where the public profile pp is the set of all individual public keys.

[0102] In the embodiment of the present invention, the public parameter mpk and the master secret key msk are constructed by using the Bilinear mapping system.

[0103] (2) The Key-Generating Algorithm is Described as Follows:

[0104] 1. To acquire a given user's identity ID.sub.k and define x.sub.k=hash(ID.sub.k), where k represents the k-th user;

[0105] 2. To compute the k-th user's decryption private key is

[00002] ${sk}_{k} = g^{\frac{x_{k} .Math. .Math.}{γ + x_{k}}} \in G_{1};$

[0106] 3. To compute

[00003] $H_{k} = h^{\frac{.Math.}{γ + x_{k}}} = {(h^{.Math.})}^{\frac{1}{γ + x_{k}}}$

and sets pp.sub.k=(ID.sub.k,H.sub.k);

[0107] 4. To append pp, to the set pp in the public key, namely, pp=pp∪{pp.sub.k}.

[0108] In the embodiment of the present invention, each user corresponds to an element of the whole set (the set of all users in the group). The user's private decryption key can be generated according to the user's unique identity ID. The private decryption key is constant-sized and unique, and support a one-to-many (or 1:n) public/private key structure (one public encryption key corresponds to many private decryption keys). There is much less overhead and memory consumption for key storage or key acquisition, so that the key management is simplified.

[0109] In the embodiment of the present invention, arbitrary character string can be used as the user's identity. The to-be-transmitted message can be encrypted as long as the sender knows the identities of the receivers. And the identities are further used for generating a group; that is, each identity corresponds to a specific element in the group.

[0110] (3) The Encrypting Operation is Described as Follows:

[0111] In the embodiment of the present invention, the to-be-transmitted message M can be encrypted according to the encryption mode (Select-mode or Exclude-mode) selected by the sender, shown in FIG. 1. The process of encryption is described as follows:

[0112] 1) Aggregation Operation for Encrypted Set 101

[0113] According to the encryption mode selected by the sender, the corresponding aggregation function is invoked as follows:

[0114] 1. If the encryption mode is the Select-mode, to invoke the Poles-based aggregation function by taking as input the subset S and the public parameter mpk, and output the aggregated value

[00004] $H_{S} = PolesAggr .Math. (mpk, S) = h^{\underset{e_{i}^{'} \in S}{.Math.} .Math. \frac{.Math.}{γ + x_{i}}} .$

[0115] 2. If the encryption mode is the Exclude-mode, to invoke the Zeros-based aggregation function by taking as input the subset S and the public parameter mpk, and output the aggregated value G.sub.S=ZerosAggr(mpk,S)= custom-character

[0116] 2) Ciphertext Generating Operation 102

[0117] To choose an element t∈□.sub.p*randomly and then compute C.sub.1 and C.sub.2 according to the acquired public parameter mpk and the Equation (2):

[00005] $\begin{matrix} (C_{1}, C_{2}) = {\begin{matrix} (h^{t}, {(H_{S})}^{t}) & if .Math. .Math. mode = Select .Math. - .Math. Mode \\ (h^{t}, {(G_{S})}^{t}) & if .Math. .Math. mode = Exclude .Math. - .Math. Mode \end{matrix} & (2) \end{matrix}$

[0118] Next, for the to-be-transmitted message M, to compute C.sub.3 by using C.sub.3=M.Math.R.sup.t and output the final ciphertext 103, C=(S,Mode,C.sub.1,C.sub.2,C.sub.3), where C.sub.1,C.sub.2,C.sub.3 is called the ciphertext body with constant size.

[0119] (4) Decrypting Operation is Described as Follows:

[0120] In the embodiment of the present invention, the ciphertext C can be decrypted according to the acquired encryption mode, shown in FIG. 1. The process of decryption is described as follows:

[0121] Firstly, to determine the encryption mode in the received ciphertext C=(S,Mode,C.sub.1,C.sub.2,C.sub.3) and acquire the subset S. According to the encryption mode, it executes as follows:

[0122] 1) If the Encryption Mode is the Select-Mode:

[0123] 1. Operation between element and the subset 104: to verify whether the k-th user's identity ID.sub.k is in the subset S. If ID.sub.k∈S holds, then set S′=S\{ID.sub.k};

[0124] 2. Aggregation operation with decrypted set 105: to invoke the Zeros-based aggregation function by taking as input the subset S.sub.−′ and the public parameter mpk, and output the aggregated value G.sub.S.sub.−.sub.′=ZerosAggr(mpk,S′)= custom-character ;

[0125] 3. Decryption operation 106: According to the acquired public parameter mpk, the private decryption key and the value G.sub.S.sub.−.sub.′, to recover the secret ek′=e(sk.sub.k,C.sub.1).Math.e(G.sub.S.sub.−.sub.′,C.sub.2) and then compute the to-be-transmitted message M=C.sub.3/ek′.

[0126] 2) If the Encryption Mode is the Exclude-Mode:

[0127] 1. Operation between element and set 104: to verify whether the k-th user's identity ID.sub.k satisfies the relation ID.sub.k.Math.S. If so, then set S.sub.+′=S∪{ID.sub.k};

[0128] 2. Aggregation operation for decrypted set 105: to invoke the Poles-based aggregation function by taking as input the subset S.sub.−′ and the public parameter mpk, and output the aggregated value

[00006] $H_{S_{+}^{'}} = PolesAggr (mpk, S_{+}^{'}) = h^{.Math. .Math. \underset{e_{i}^{'} \in S_{+}^{'}}{.Math.} .Math. \frac{1}{(γ + x_{i})}};$

[0129] 3. Decryption operation 106: According to the acquired public parameter mpk, the private decryption key and the value H.sub.S.sub.+.sub.′ to recover the secret ek′=e(sk.sub.k, C.sub.1).Math.e(C.sub.2,H.sub.S.sub.+.sub.′) and then compute the to-be-transmitted message M=C.sub.3/ek′.

[0130] In the embodiment of the present invention, it is computationally difficult for the users excluded from S to decrypt the ciphertext when the encryption mode is the Select-mode, it means that any polynomial-time computer system might not reach it. As well, it is computationally difficult for the users in the set S to decrypt the ciphertext when the encryption mode is the Exclude-mode, that is, any polynomial-time computer system might not reach it.

[0131] The embodiment of the present invention provides a method of group-oriented encryption with any selection relationship, which makes it possible to achieve the encryption and decryption method for selecting and excluding the authorization of specified users within a group, to transform the to-be-transmitted message M into a constant-sized ciphertext C. This method also overcome the larger expense and harder management problem in the traditional cryptosystem wherein enormous key storage and acquisition are demanded, so that it can help reduce the storage consumption. More importantly, the present invention can be used in a particularly large-scale group. The invention is also available for all the users in the global Internet because there is no limit to the scale of users and the size of the subset in the group of cryptosystem. Therefore, the present invention exerts a significant impact on the secure sharing and distribution of broadcast-type information, and is of great practical application value in the Internet, mobile network, IVN (in-vehicle network) and cloud computing, etc.

Embodiment 2

[0132] The embodiment of the present invention provides a method of group-oriented encryption with selection and exclusion functions, comprising:

[0133] 1. Acquiring the encryption mode Mode for the to-be-transmitted message, and setting the aggregation function Aggregation corresponding to the Mode during encryption according to the predetermined mapping between Mode and Aggregation.

[0134] 2. Acquiring any selected subset S and the public parameter mpk, and outputting the aggregated R.sub.S value of the subset S based on the aggregation function Aggregation, the subset S and the public parameter mpk;

[0135] 3. Generating a ciphertext C of the to-be-transmitted message M according to the public parameter mpk, the to-be-transmitted message M and the aggregated value R.sub.S;

Embodiment 3

[0136] The embodiment of the present invention provides a method of group-oriented decryption with selection and exclusion functions, comprising:

[0137] 1. Acquiring the encryption mode Mode and the subset S comprised in the received ciphertext C, dealing with the subset S and the identity of a current decryptor according to the Mode to output a new subset S′;

[0138] 2. Acquiring the aggregation function Aggregation corresponding to the Mode during decryption according to the predetermined mapping between the Mode and the Aggregation;

[0139] 3. Acquiring the public parameter mpk, and outputting an aggregated value of the new subset S′ based on the acquired Aggregation, the new subset S′ and the public parameters mpk;

[0140] 4. Acquiring the private decryption key of the current decryptor, decrypting the received ciphertext according to the public parameters mpk, the aggregated value of a new subset S′ and the private decryption key, so as to recover the to-be-transmitted message M.

Embodiment 4

[0141] The present invention also provides a concrete embodiment for group-oriented encryption and decryption method with selection and exclusion functions. Considering the features of the system provided by the present invention are corresponding to those of the above-mentioned detailed description of exemplary embodiments in the method for group-oriented encryption and decryption with selection and exclusion functions, the group-oriented encryption and decryption system can achieve the purpose of the invention via carrying out the above-mentioned procedures in the detailed description of exemplary embodiments. The detailed description of exemplary embodiments might also be applicable to the corresponding system with same functions provided by the invention. Therefore, these content will not be reiterated in the following embodiment of the present invention.

[0142] As it shows in FIG. 2, the embodiment of the present invention provides a method for group-oriented encryption and decryption with selection and exclusion functions, comprising:

[0143] an encryption selection unit 201, which is configured to acquire an encryption mode of a to-be-transmitted message, and set an aggregation function corresponding to the encryption mode during encryption according to a preset mapping relationship between the encryption mode and the aggregation function;

[0144] an encryption aggregation unit 202, which is configured to acquire any selected subset S and public parameters, and output an aggregated value of the subset S by using the acquired aggregation function corresponding to the encryption mode during encryption, the subset S and the public parameters;

[0145] a ciphertext generating unit 203, which is configured to generate a ciphertext of the to-be-transmitted message according to the public parameters, the to-be-transmitted message and the aggregated value of the subset S;

[0146] a set operation unit 204, which is configured to receive the ciphertext, acquire the encryption mode and the subset S comprised in the received ciphertext, and operate the subset S and an identity of a current decryptor according to the encryption mode to output a new subset S′;

[0147] a decryption selection unit 205, which is configured to acquire an aggregation function corresponding to the encryption mode during decryption according to the preset mapping relationship between the encryption mode and the aggregation function;

[0148] a decryption aggregation unit 206, which is configured to acquire the public parameters, and output an aggregated value of the new subset S′ by using the acquired aggregation function corresponding to the encryption mode during decryption, the new subset S′ and the public parameters; and

[0149] a plaintext generating unit 207, which is configured to acquire a private decryption key of the current decryptor, decrypt the received ciphertext according to the public parameters, the aggregated value of the new subset S′ and the private decryption key, so as to obtain the to-be-transmitted message.

[0150] According to the method of group-oriented encryption and decryption in the embodiment of the present invention, the implementation of the cryptographic decision-making method of positive and negative membership between element and set based on the aggregation functions makes it possible to achieve the encryption and decryption method for selecting and excluding the authorization of specified users (the subset S) within a group, to transform the to-be-transmitted message into a constant-sized ciphertext body included in the ciphertext C, so as to promote the security of group-oriented encryption. Moreover, there is no limit to the scale of users and the size of the subset S in the group of cryptosystem.

[0151] What are mentioned above are the preferred exemplary embodiments of the present invention. It should be noted that, without departing from the principle of the present invention, the general technical individual of technical field can also make some improvement and polishing, which should be regarded as the scope of protection in the present invention.

Method and System for Group-oriented Encryption and Decryption with Selection and Exclusion Functions

Inventors

Cpc classification

Classification Explorer

H04L63/065

ELECTRICITY

Classification Explorer

H04L12/18

ELECTRICITY

Classification Explorer

H04L9/14

ELECTRICITY

Classification Explorer

H04L9/40

ELECTRICITY

Classification Explorer

H04L9/0833

ELECTRICITY

Classification Explorer

H04L63/0442

ELECTRICITY

Classification Explorer

H04L2209/601

ELECTRICITY

International classification

Classification Explorer

H04L9/08

ELECTRICITY

Classification Explorer

H04L29/06

ELECTRICITY

Classification Explorer

H04L9/14

ELECTRICITY

Abstract

Claims

Description