LIGHTWEIGHT ATTRIBUTE-BASED SIGNCRYPTION (ABSC) METHOD FOR CLOUD-FOG-ASSISTED INTERNET-OF-THINGS (IOT)

Abstract

A lightweight attribute-based signcryption (ABSC) method for cloud-fog-assisted Internet-of-things: performing, by a central authority, system initialization to generate a system key pair, and disclosing a public key, the public key including a symmetric encryption algorithm (SEA) and a key derivation function (KDF); generating, by the central authority, a decryption key and an outsourcing decryption key based on a decryption attribute set of a data user, and generating a signature key and an outsourcing signature key based on a signature access structure; calling, by a data owner, a fog node for outsourcing signature, performing symmetric encryption on a plaintext based on a symmetric key, and performing ABSC on the symmetric key based on a defined encryption access structure; and calling, by the data user, a fog node for outsourcing signature verification, calling a fog node for outsourcing decryption, and performing symmetric decryption on a ciphertext based on an outsourcing decryption result.

Claims

1. A lightweight attribute-based signcryption (ABSC) method for cloud-fog-assisted Internet-of-things (IoT), comprising the following steps: performing, by a central authority, system initialization to generate a system key pair, and disclosing a public key, the public key comprising a symmetric encryption algorithm (SEA) and a key derivation function (KDF); assigning, by the central authority, a decryption attribute set to a successfully registered data user, and generating, based on the decryption attribute set, a decryption key and an outsourcing decryption key corresponding to the data user; and assigning, by the central authority, a signature access structure to a data owner, and generating, based on the signature access structure, a signature key and an outsourcing signature key corresponding to the data owner; selecting, by the data owner, an attribute set satisfying the signature access structure, and calling a fog node based on the outsourcing signature key for outsourcing signature; and performing, by the data owner, symmetric encryption on a plaintext based on a symmetric key, performing ABSC on the symmetric key based on a defined encryption access structure to generate a signcryption ciphertext, and sending the signcryption ciphertext to a cloud storage center; and calling, by a data user having an attribute set satisfying the encryption access structure, a fog node for outsourcing signature verification, and calling a fog node for outsourcing decryption; and performing, by the data user after verifying that a signature is legal according to an outsourcing signature verification result, symmetric decryption on the ciphertext based on an outsourcing decryption result to obtain the plaintext.

2. The lightweight ABSC method for cloud-fog-assisted IoT according to claim 1, wherein the system key pair (PP,MSK) is expressed as: $\mathrm{PP}=\begin{array}{c}\left\{\begin{array}{c}G,G_T,p,e,g,v,Y,{\delta }_1,{\delta }_2,u^{\prime },v^{\prime },H_1,H_2,H_3,U_e,U_s,\mathrm{KDF},\\ \underset{\mathrm{SE}}{.Math.}\left(\mathrm{Enc},\mathrm{Dec}\right),{\left\{h_w\right\}}_{{\mathrm{att}}_w\in U_e},{\left\{K_w\right\}}_{\in U_s},{\mu }_0,{\left\{{\mu }_i\right\}}_{i\in \left[l\right]}\end{array}\right\}\\ \mathrm{MSK}=\left\{\alpha \right\}\end{array},$ wherein, G and G.sub.T each are a p-order multiplicative group, g is a generator of the G, and v is an element of the G; e is a symmetric bilinear mapping function e:G×G.fwdarw.G.sub.T, and H.sub.1, H.sub.2 and H.sub.3 each are a collision-resistant hash function, specifically:
H.sub.1:G.fwdarw.Z.sub.p*,H.sub.2{0,1}*.fwdarw.Z.sub.p*,H.sub.3:{0,1}*.fwdarw.{0,1}.sup.1; U.sub.e is a universal set of initialized encryption attributes, and U.sub.s, is a universal set of initialized signature attributes; h.sub.w∈Z.sub.p*, is a random value selected from a group Z*.sub.p for a with attribute in the U.sub.e; K.sub.w∈Z.sub.p*, is a random value selected from the group Z*.sub.p for a with attribute in the U.sub.s; Y=e(g,g).sup.α, α being a random value selected from the group Z*.sub.p; Π.sub.SE(Enc,Dec) is an initialized SEA, and KDF is an initialized KDF; and δ.sub.1, δ.sub.2, u′, v′, K.sub.0, and u.sub.0 each are a random value selected from the group Z*.sub.p, and an array {u.sub.i}.sub.i∈[l] is a set of random values selected from the group Z*.sub.p.

3. The lightweight ABSC method for cloud-fog-assisted IoT according to claim 2, wherein the decryption key SK.sub.d=(SK,SK′,{SK.sub.w}.sub.att.sub.w.sub.∈U.sub.d,uid) is expressed as:
SK=g.sup.αv.sup.t
SK′=g.sup.t
{SK.sub.w=h.sub.w.sup.t}att.sub.w∈U.sub.d,uid, wherein, uid is a user identity generated after a data user is registered to the central authority; U.sub.d,uid ∈U.sub.e is a decryption attribute set assigned by the central authority to the data user; and t is a random value selected from the group Z*.sub.p; the outsourcing decryption key TSK.sub.d=(TK,TK′,{TK.sub.w}.sub.attw∈U.sub.d,uid) is expressed as:
TK=g.sup.α.Math.t′v.sup.t.Math.i′
TK′=g.sup.t.Math.t′
{TK.sub.w=h.sub.w.sup.t t′}.sub.att.sub.w.sub.∈U.sub.d,uid wherein, t′ is a random value selected by the central authority from the group Z*.sub.p, and the t′ serves as a decryption verification key VK.sub.d=t′; the signature key SK.sub.s=(D.sub.0,D.sub.0′) is expressed as:
D.sub.0=g.sup.α.sup.2(K.sub.0K.sub.f).sup.r.sup.τ
D.sub.0′=g.sup.r.sup.τ; wherein, α1 is a random value selected by the central authority from the group Z*.sub.p, α.sub.1<α, α.sub.2=α−α.sub.1; τ is an additional attribute selected from the attribute set; and r.sub.τ is a random number selected from the group Z*.sub.p for the attribute τ; and the outsourcing signature key TSK.sub.s=({D.sub.i,D.sub.i′D.sub.i,w}.sub.i∈[ls]) is expressed as:
D.sub.i=g.sup.λρ.sup.sω(K.sub.0K.sub.ρ.sub.s(i)).sup.r.sup.i
D.sub.i′=g.sup.r.sup.i
D.sub.i,w=K.sub.w.sup.r.sup.i,∀att.sub.w∈U.sub.s/{att.sub.ρ.sub.s(i)} wherein, (M.sub.s,P.sub.s) is a signature access structure assigned by the central authority to the data owner, M.sub.s being a matrix l.sub.s×k.sub.s, and P.sub.s being a row mapping function; (v.sub.2, v.sub.3, . . . , v.sub.ks) is a set of random numbers selected by the central authority from the group Z*.sub.p; {right arrow over (v)}=(α.sub.1,v.sub.2, . . . , v.sub.ks) is a random vector constructed based on the random value α1, λ.sub.ρ.sub.s.sub.(i)=M.sub.s,i×{right arrow over (v)}; and r.sub.i is a random value selected from the group Z*.sub.p for an ith row in the matrix M.sub.s (M.sub.s,P.sub.s).

4. The lightweight ABSC method for cloud-fog-assisted IoT according to claim 3, wherein the selecting, by the data owner, an attribute set satisfying the signature access structure, and calling a fog node based on the outsourcing signature key for outsourcing signature comprises: selecting, by the data owner, an attribute set satisfying the signature access structure (M.sub.s,P.sub.s) for the signature, the attribute set being: I.sub.s={i:ρ.sub.s(i)∈U.sub.s,sid}; searching, based on the attribute set, a set of constants {w.sub.i}.sub.i∈I.sub.s satisfying a following equation:
Σ.sub.i∈I.sub.sw.sub.iM.sub.s,i=(1,0, . . . ,0)k.sub.s wherein, M.sub.s,i represents the ith row of the matrix M.sub.s, i represents an attribute mapped by the ith row of the matrix M.sub.s, in the attribute set I.sub.s, and w.sub.i represents a corresponding constant; sending, by the data owner, the set of constants {w.sub.i}.sub.i∈I.sub.s, and the outsourcing decryption key to a fog node, the fog node serving as an outsourcing signature fog node; selecting, by the outsourcing signature fog node, a random number ξ from the group Z*.sub.p for the outsourcing signature, thereby obtaining a signature labeled as an outsourcing signature σ′, the outsourcing signature σ′=(σ′,σ′.sub.2) being expressed as: $\begin{array}{c}{\sigma }_1^{\prime }=g^{\xi }\underset{i\in I_s}{.Math.}{\left(D_i^{\prime }\right)}^{w_i}\\ {\sigma }_2^{\prime }={\left(K_0\underset{\mathrm{attw}\in U_{s,\mathrm{sid}}}{.Math.}{K}_w\right)}^{\xi }\underset{i\in I_s}{.Math.}{\left(D_i\underset{\mathrm{att}w\ne {\rho }_s\left(i\right)}{\overset{\mathrm{attw}\in U_{s,\mathrm{sid}}}{.Math.}},D_{i,w}\right)}^{w_i}\end{array};$ and sending, by the outsourcing signature fog node, the outsourcing signature σ′ to the data owner.

5. The lightweight ABSC method for cloud-fog-assisted IoT according to claim 4, wherein the performing, by the data owner, symmetric encryption on a plaintext based on a symmetric key, and performing ABSC on the symmetric key based on a defined encryption access structure to generate a signcryption ciphertext comprises: defining, by the data owner, an encryption access structure (M.sub.e,P.sub.e), M.sub.e being a matrix l.sub.e×k.sub.e, and P.sub.e being a row mapping function; selecting, by the data owner, a random value s from the group Z*.sub.p to take as a secret exponent, selecting a set of random values (a.sub.2, a.sub.3, . . . , a.sub.ke) from the group Z*.sub.p, and constructing a random vector α=(s, α.sub.2, α.sub.3, . . . , α.sub.ke); converting the encryption access structure into a linear secret sharing scheme (LSSS) matrix to obtain an encryption access matrix M.sub.e, and calculating Φ.sub.ρ.sub.e(i)=α×M.sub.e,i for each row M.sub.e,i in the encryption access matrix M.sub.e; selecting, by the data owner, random values ζ and q.sub.k from the group Z*.sub.p, and performing the signcryption to obtain the signcryption ciphertext, the signcryption ciphertext being expressed as: $\begin{array}{c}{E}_1=g^s\\ E_2={\left({\delta }_1^{\mu }{\delta }_2\right)}^s\\ {\left\{E_{3,i}=v^{\varphi }{ }^{{\rho }_e\left(i\right)}{h}_{{\rho }_e\left(i\right)}^{-s}\right\}}_{i\in \left[l_e\right]}\\ E_4=\mathrm{Enc}\left(\mathrm{SEK}.Math.d,m\right)\\ {\sigma }_0=g^{s.Math.ϛ}\\ {\sigma }_1={\sigma }_1^{\prime }.Math.D_0^{\prime }.Math.g^{q_{\kappa }}\\ {\sigma }_2=D_0{{\sigma }_2^{\prime }\left({ }^{K_0}{K}_{\tau }\right)}^{q_{\kappa }}{E_2^{R\zeta }\left({\mu }_0\underset{i\in \left[l\right]}{.Math.}{\mu }_i^{f_i}\right)}^s\\ {\sigma }_3=u^{\prime H\left(\mathrm{SEK}\right)}{v}^{\prime H\left(d\right)}\end{array}$ wherein, μ=H.sub.1(E.sub.1), E.sub.4 Enc(SEK∥d, m), is the ciphertext generated by performing the symmetric encryption on the plaintext according to the symmetric key, and SEK∥d is the symmetric key constructed by the data owner based on the KDF:
KDF(key,1)SEK∥d
key=Y″∥σ.sub.0∥tt, tt representing present time in response to the signature, and being labeled as a signature time identity; and m being plaintext data desired by the data owner for encryption,
R=H.sub.2(E.sub.1∥E.sub.2∥E.sub.3∥E.sub.4∥σ.sub.0∥σ.sub.1∥M.sub.e∥U.sub.s,sid),
(f.sub.1, . . . ,f.sub.1)∈{0,1}.sup.1=H.sub.3(σ.sub.1,tt,M.sub.e,U.sub.s,sid); and sending, by the data user, the encryption access structure, the signcryption ciphertext and the signature time identity tt to the cloud storage center.

6. The lightweight ABSC method for cloud-fog-assisted IoT according to claim 5, wherein the calling, by a data user having an attribute set satisfying an encryption access structure, a fog node for outsourcing signature verification comprises: verifying, by the data user, whether a following equation is satisfied:
|tt*−tt|<tt wherein, tt′ represents present time in response to the outsourcing signature verification, and is labeled as a signature verification time identity, and tt represents a system-default maximum time difference; verifying, if the equation is satisfied, whether the attribute set of the data user satisfies the encryption access structure; calculating, by the data user, following parameters if the attribute set of the data user satisfies the encryption access structure:
μ=H.sub.1(E.sub.1)
R=H.sub.2(E.sub.1∥E.sub.2∥E.sub.3∥E.sub.4∥σ.sub.0∥σ.sub.1∥M.sub.e∥U.sub.s,sid)
(f.sub.1, . . . ,f.sub.1)∈{0,1}.sup.1=H.sub.3(σ.sub.1,tt,M.sub.e,U.sub.s,sid): selecting, by the data user, a random value x from the group Z*.sub.p to take as a signature verification key Vk.sub.s, and recalculating a partial signcryption ciphertext to generate TCT.sub.s=(σ.sub.0.sup.x,σ.sub.1.sup.x,σ.sub.2.sup.x,E.sub.1.sup.x); sending, by the data user, the μ, the R, the (f.sub.1, . . . , f.sub.1) and the TCT.sub.s to the fog node, the fog node serving as an outsourcing verification fog node; and performing, by the outsourcing verification fog node, the outsourcing signature verification to generate a signature verification result VR, the signature verification result VR being expressed as: $\mathrm{VR}=\frac{e\left(g,{\sigma }_2^x\right)}{e\left({\sigma }_1^s,K_0\underset{{\mathrm{att}}_w\in U_{S,\mathrm{sid}}}{.Math.}{K}_w\right)e\left({\left({\delta }_1^{\mu }{\delta }_2\right)}^R,{\sigma }_0^S\right)e\left(E_1^S,{\mu }_0\underset{i\in \left[l\right]}{.Math.}{\mu }_i^{f_i}\right)}.$

7. The lightweight ABSC method for cloud-fog-assisted IoT according to claim 6, wherein the calling, by a data user having an attribute set satisfying an encryption access structure, a fog node for outsourcing decryption comprises: selecting an attribute set satisfying an encryption access structure (M.sub.e, ρ.sub.s) for the decryption, the attribute set being:
I.sub.d={i:ρ.sub.s(i)∈U.sub.s,sid}; searching, based on the attribute set, a set of constants {c.sub.i}.sub.i∈I.sub.s satisfying a following equation:
Σ.sub.i∈I.sub.dc.sub.iM.sub.e,i=(1,0, . . . ,0)k.sub.e wherein, a subscript i is in one-to-one correspondence with a row in the matrix M.sub.e; performing, by an outsourcing decryption fog node, the outsourcing decryption to obtain an outsourcing decryption result, a computational equation in the outsourcing decryption being: ${\mathrm{TCT}}^{\prime }=\frac{e\left(E_1,\mathrm{TK}\right)}{e\left(\underset{i\in I_d}{.Math.}{\left(E_{3,i}\right)}^{c_i},{\mathrm{TK}}^{\prime }\right)e\left(E_1,\underset{i\in I_d}{.Math.}{\left({\mathrm{TK}}_{{\rho }_d\left(i\right)}\right)}^{c_i}\right)}=Y^{{\mathrm{st}}^{\prime }};$ and sending, by the outsourcing decryption fog node, the outsourcing decryption result to the data user.

8. The lightweight ABSC method for cloud-fog-assisted IoT according to claim 7, wherein the data user verifies a legality of the signature according to a following signature verification equation:
Y.sup.VK.sup.d=VR.

9. The lightweight ABSC method for cloud-fog-assisted IoT according to claim 8, wherein the data user verifies an integrity of the ciphertext according to a following ciphertext verification equation after verifying that the signature is legal according to the signature verification result:
σ.sub.4=u′.sup.H*(SEK)v′.sup.H(d); and Y.sup.s is restored based on the outsourcing decryption result after the integrity of the ciphertext is verified, the symmetric key is generated based on the KDF, and the symmetric decryption is performed according to the symmetric key.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0077] In order to describe the technical schemes in the embodiments of the present disclosure more clearly, the accompanying drawings required for describing the embodiments are briefly described below. Obviously, the accompanying drawings in the following description show merely some embodiments of the present disclosure, and those of ordinary skill in the art would also be able to derive other accompanying drawings from these accompanying drawings without creative efforts.

[0078] The present disclosure is further described with reference to the accompanying drawings.

[0079] FIG. 1 is a flowchart of a lightweight ABSC method for cloud-fog-assisted IoT according to an embodiment of the present disclosure.

DETAILED DESCRIPTION OF THE EMBODIMENTS

[0080] The present disclosure is further described below in combination with accompanying drawings and specific embodiments so as to enable those skilled in the art to better understand and implement the present disclosure. The illustrated embodiments should not be construed as any limitation to the present disclosure. Embodiments and technical features in the embodiments of the present disclosure may be combined with each other without any conflict.

[0081] An embodiment of the present disclosure provides a lightweight ABSC method for cloud-fog-assisted IoT, which can reduce computational burdens required by signature and decryption, while ensuring confidentiality and authenticity of data.

Embodiment

[0082] As shown in FIG. 1, the lightweight ABSC method for cloud-fog-assisted IoT includes the following steps:

[0083] S100: A central authority performs system initialization to generate a system key pair, and discloses a public key, the public key including an SEA and a KDF.

[0084] S200: The central authority assigns a decryption attribute set to a registered data user, and generates, based on the decryption attribute set, a decryption key and an outsourcing decryption key corresponding to the data user; and the central authority assigns a signature access structure to a data owner, and generates, based on the signature access structure, a signature key and an outsourcing signature key corresponding to the data owner.

[0085] S300: The data owner selects an attribute set satisfying the signature access structure, and calls a fog node based on the outsourcing signature key for outsourcing signature; and the data owner performs symmetric encryption on a plaintext based on a symmetric key, performs ABSC on the symmetric key based on a defined encryption access structure to generate a signcryption ciphertext, and sends the signcryption ciphertext to a cloud storage center.

[0086] S400: A data user having an attribute set satisfying the encryption access structure calls a fog node for outsourcing signature verification, and calls a fog node for outsourcing decryption; and after verifying that a signature is legal according to an outsourcing signature verification result, the data user performs symmetric decryption on the ciphertext based on an outsourcing decryption result to obtain the plaintext.

[0087] In Step S100, the key pair is generated as follows:

[0088] A security parameter λ is input, and two p-order multiplicative groups G and G.sub.T are selected, where g is a generator of the G, and v is an element of the G.

[0089] A symmetric bilinear map e:G×G.fwdarw.G.sub.T is selected.

[0090] Three collision-resistant hash functions H.sub.1, H.sub.2 and H.sub.3 are selected, specifically, H.sub.1:G.fwdarw.Z.sub.p*, H.sub.2:{0,1}*.fwdarw.Z.sub.p*, and H.sub.3:{0,1}*.fwdarw.{0,1}.sup.1.

[0091] Initialized U.sub.e is a universal set of encryption attributes. Initialized U.sub.s, is a universal set of signature attributes. The central authority selects a random value: h.sub.w∈Z.sub.p* for each attribute in the U.sub.e, and a random value K.sub.w ∈Z.sub.p* for each attribute in the U.sub.s.

[0092] The central authority selects a random value a from a group Z*.sub.p to calculate Y=e(g,g).sup.α.

[0093] The central authority selects random values δ.sub.1, δ.sub.2, u′, v′, K.sub.0, and u.sub.0 from the group Z*.sub.p, and selects a set of random values {u.sub.i}.sub.i∈[l].

[0094] A SEA Π.sub.SC(Enc,Dec) is initialized, and a KDF is initialized.

[0095] The key pair (PP,MSK) is expressed as:

[00006]$\mathrm{PP}=\begin{array}{c}\left\{\begin{array}{c}G,G_T,p,e,g,v,Y,{\delta }_1,{\delta }_2,u^{\prime },v^{\prime },H_1,H_2,H_3,U_e,U_s,\mathrm{KDF},\\ \underset{\mathrm{SE}}{.Math.}\left(\mathrm{Enc},\mathrm{Dec}\right),{\left\{h_w\right\}}_{\mathrm{attw}\in U_e},{\left\{K_w\right\}}_{\mathrm{attw}\in U_d},{\mu }_0,{\left\{{\mu }_i\right\}}_{i\in \left[l\right]}\end{array}\right\}\\ \mathrm{MSK}=\left\{a\right\}.\end{array}.$

[0096] In Step S200, the decryption key is generated as follows:

[0097] A data user applies for registration to the central authority to obtain a user identity uid.

[0098] The central authority selects a decryption attribute set U.sub.d,uid ∈U.sub.s for the data user.

[0099] The central authority selects a random value t from the group Z*.sub.p to calculate the decryption key, the decryption key SK.sub.d=(SK,SK′,{SK.sub.w}.sub.att.sub.w.sub.eU.sub.d,uid) being expressed as:

SK=g.sup.αv.sup.t

SK′=g.sup.t

{SK.sub.w=h.sub.w.sup.t}att.sub.w∈U.sub.d,uid.sub.o.

[0100] The decryption key is generated as follows:

[0101] The central authority selects a random value t′ from the group Z*.sub.p to take as a decryption verification key VK.sub.d={dot over (t)}, and calculates the outsourcing decryption key, the outsourcing decryption key TSK.sub.d=(TK,TK′,{TK.sub.w}.sub.attw∈U.sub.d,uid) being expressed as:

TK=g.sup.α.Math.t′v.sup.t.Math.t′

TK′=g.sup.t.Math.t′

{TK.sub.w=h.sub.w.sup.t.Math.t′}.sub.attw∈U.sub.d,uid.sub.o.

[0102] The signature key is generated as follows:

[0103] The central authority selects a random value α1 from the group Z*.sub.p, α1<α, and calculates α2=α−60.sub.1.

[0104] The central authority selects an additional attribute T from the attribute set, and selects a random number r.sub.t from the group Z*.sub.p for the attribute T to calculate the signature key SK.sub.s, the signature key SK.sub.s=(D.sub.0,D.sub.0′) being expressed as:

D.sub.0=g.sup.α.sup.2(K.sub.0K.sub.τ).sup.r.sup.τ

D.sub.0′=g.sup.r.sup.τ.

[0105] The outsourcing signature key is generated as follows:

[0106] The central authority assigns a special signature access structure (M.sub.s, ρ.sub.s) to the data owner, M.sub.s being a matrix l.sub.s×k.sub.s, and ρ.sub.s being a row mapping function, and converts the signature access structure (M.sub.s, ρ.sub.s) into an LSSS matrix to obtain a signature access matrix M.sub.s.

[0107] The central authority selects a set of random numbers (v.sub.2, v.sub.3, . . . , v.sub.ks) from the group Z*.sub.p, uses the random value α1 to form a random vector {right arrow over (v)}=(α.sub.1, v.sub.2 . . . , v.sub.ks), and calculates λρs(i)=M.sub.s,i×{circumflex over (v)}.

[0108] For each row in the signature access matrix M.sub.s, a random value r is selected from the group Z*.sub.p, and the outsourcing signature key is calculated, the outsourcing signature key TSK.sub.s=({D.sub.i,D.sub.i′D.sub.i,w}.sub.i∈[ls]) being expressed as:

D.sub.i=g.sup.λρ.sup.s(i)(K.sub.0K.sub.ρ.sub.s(i)).sup.r.sup.i

D.sub.i′=g.sup.r.sup.i

D.sub.i,w=K.sub.w.sup.r.sup.i,{att.sub.w∈U.sub.s/att.sub.ρ.sub.s(i)}.

[0109] In Step S300, the fog node assists the data owner for the signature, specifically:

[0110] The data owner selects an attribute set satisfying the signature access structure (M.sub.s, ρ.sub.s) for the signature, the attribute set being: I.sub.s={i:ρ.sub.s(s)∈U.sub.s,sid}.

[0111] A set of constants {w.sub.i}.sub.i∈I.sub.s: satisfying a following equation are searched based on the attribute set:

Σ.sub.i∈I.sub.sw.sub.iM.sub.s,i=(1,0, . . . ,0)k.sub.s

[0112] where, M.sub.s,i, represents the ith row of the matrix M.sub.s, i represents an attribute mapped by the ith row of the matrix M.sub.s, in the attribute set I.sub.s, and w.sub.i represents a corresponding constant.

[0113] The data owner sends the set of constants {w.sub.i}.sub.i∈I.sub.s and the outsourcing decryption key to a fog node, the fog node serving as an outsourcing signature fog node.

[0114] The outsourcing signature fog node selects a random number ξ from the group Z*.sub.p for the outsourcing signature, thereby obtaining a signature labeled as an outsourcing signature σ′, the outsourcing signature σ′=(σ′,σ′.sub.2) being expressed as:

[00007]$\begin{array}{c}{\sigma }_1^{\prime }=g^{\xi }\underset{i\in I_s}{.Math.}{\left(D_i^{\prime }\right)}^{w_i}\\ {\sigma }_2^{\prime }={\left(K_0\underset{\mathrm{attw}\in U_{s,\mathrm{sid}}}{.Math.}{K}_w\right)}^{\xi }\underset{i\in I_s}{.Math.}{\left(D_i\underset{\mathrm{att}w\ne {\rho }_s\left(i\right)}{\overset{\mathrm{attw}\in U_{s,\mathrm{sid}}}{.Math.}},D_{i,w}\right)}^{w_i}\end{array}.$

[0115] The outsourcing signature fog node sends the outsourcing signature σ′ to the data owner.

[0116] The outsourcing signature is a semi-signature. After the semi-signature is sent to the data owner, the data owner encrypts the plaintext and continues the signature, specifically:

[0117] The data owner constructs the symmetric key based on the KDF, and performs the symmetric encryption on the plaintext based on the symmetric key to generate a ciphertext.

[0118] The data owner defines an encryption access structure (M.sub.e,P.sub.e), M.sub.e being a matrix l.sub.e×k.sub.e, and P.sub.e being a row mapping function.

[0119] The data owner selects a random value s from the group Z*.sub.p to take as a secret exponent, selects a set of random values (a.sub.2, a.sub.3, . . . , a.sub.ke) from the group Z*.sub.p, and constructs a random vector α=(s,α.sub.2,α.sub.3, . . . , α.sub.ke).

[0120] The encryption access structure is converted into an LSSS matrix to obtain an encryption access matrix M.sub.e, and Φ.sub.ρ.sub.e(i)=α×M.sub.e,i is calculated for each row M.sub.e,i in the encryption access matrix M.sub.e.

[0121] The data owner selects random values ζ and q.sub.k from the group Z*.sub.p, and performs the signcryption to obtain the signcryption ciphertext, the signcryption ciphertext being expressed as:

[00008]$\begin{array}{c}{E}_1=g^s\\ E_2={\left({\delta }_1^{\mu }{\delta }_2\right)}^s\\ {\left\{E_{3,i}=v^{\varphi }{ }^{{\rho }_e\left(i\right)}{h}_{{\rho }_e\left(i\right)}^{-s}\right\}}_{i\in \left[l_e\right]}\\ E_4=\mathrm{Enc}\left(\mathrm{SEK}.Math.d,m\right)\\ {\sigma }_0=g^{s.Math.ϛ}\\ {\sigma }_1={\sigma }_1^{\prime }.Math.D_0^{\prime }.Math.g^{q_{\kappa }}\\ {\sigma }_2=D_0{{\sigma }_2^{\prime }\left({ }^{K_0}{K}_{\tau }\right)}^{q_{\kappa }}{E_2^{R\zeta }\left({\mu }_0\underset{i\in \left[l\right]}{.Math.}{\mu }_i^{f_i}\right)}^s\\ {\sigma }_3=u^{\prime H\left(\mathrm{SEK}\right)}{v}^{\prime H\left(d\right)}\end{array}$

[0122] where, μ=H.sub.1(E.sub.1),

[0123] E.sub.4=Enc(SEK∥d,m), is the ciphertext generated by performing the symmetric encryption on the plaintext according to the symmetric key, and SEK∥d is the symmetric key constructed by the data owner based on the KDF:

KDF(key,1)=SEK∥d

key=Y.sup.s∥σ.sub.0∥tt,

[0124] tt representing present time in response to the signature, and being labeled as a signature time identity; and

[0125] m being plaintext data desired by the data owner for encryption.

R=H.sub.2(E.sub.1∥E.sub.2∥E.sub.3∥E.sub.4∥σ.sub.0∥σ.sub.1∥M.sub.e∥U.sub.s,sid),

(f.sub.1, . . . ,f.sub.1)∈{0,1}.sup.1=H.sub.3(σ.sub.1,tt,M.sub.e,U.sub.s,sid);

[0126] The data user sends the encryption access structure, the signcryption ciphertext and the signature time identity tt to the cloud storage center.

[0127] In Step S400, the fog node assists the data user for designcryption. First of all, outsourcing signature verification is performed through the fog node, specifically:

[0128] The data user verifies whether a following equation is satisfied:

|tt′−tt|<tt

[0129] where, tt′ represents present time in response to the outsourcing signature verification, and is labeled as a signature verification time identity, and tt represents a system-default maximum time difference.

[0130] If the equation is satisfied, whether the attribute set of the data user satisfies the encryption access structure is verified.

[0131] The data user calculates following parameters if the attribute set of the data user satisfies the encryption access structure:

H=H.sub.1(E.sub.1)

R=H.sub.2(E.sub.1∥E.sub.2∥E.sub.3∥E.sub.4∥σ.sub.0∥σ.sub.1∥M.sub.e∥U.sub.s,sid)

(f.sub.1, . . . ,f.sub.1)∈{0,1}.sup.1=H.sub.3(σ.sub.1,tt,M.sub.e,U.sub.s,sid);

[0132] The data user selects a random value x from the group Z*.sub.p to take as a signature verification key VK.sub.s, and recalculates a partial signcryption ciphertext to generate TCT.sub.s=(σ.sub.0.sup.x,σ.sub.1.sup.x,σ.sub.2.sup.x,E.sub.1.sup.x).

[0133] The data user sends the μ, the R, the (f.sub.1, . . . , f.sub.1) and the TCT.sub.s to a fog node, the fog node serving as an outsourcing verification fog node.

[0134] The outsourcing verification fog node performs the outsourcing signature verification to generate a signature verification result VR, the signature verification result VR being expressed as:

[00009]$\mathrm{VR}=\frac{e\left(g,{\sigma }_2^x\right)}{e\left({\sigma }_1^s,K_0\underset{\mathrm{attw}\in U_{s,\mathrm{sid}}}{.Math.}{K}_w\right)e\left({\left({\delta }_1^{\mu }{\delta }_2\right)}^R,{\sigma }_0^S\right)e\left(E_1^S,{\mu }_0\underset{i\in \left[l\right]}{.Math.}{\mu }_i^{f_i}\right)}$

[0135] Upon a success of the outsourcing signature verification, an outsourcing decryption fog node performs outsourcing decryption, specifically:

[0136] An attribute set satisfying the signature access structure (M.sub.e,ρ.sub.s) is selected for decryption, the attribute set being: I.sub.d={i:ρ.sub.s(i)∈U.sub.s,sid};

[0137] A set of constants {c.sub.i}.sub.i∈I.sub.s: satisfying a following equation are searched based on the attribute set:

Σ.sub.i∈I.sub.dc.sub.iM.sub.e,i=(1,0, . . . ,0)k.sub.e

[0138] where, a subscript i is in one-to-one correspondence with a row in the matrix M.sub.e.

[0139] The outsourcing decryption fog node performs the outsourcing decryption to obtain an outsourcing decryption result, a computational equation in the outsourcing decryption being:

[00010]${\mathrm{TCT}}^{\prime }=\frac{e\left(E_1,\mathrm{TK}\right)}{e\left(\underset{i\in I_d}{.Math.}{\left(E_{3,i}\right)}^{c_i},{\mathrm{TK}}^{\prime }\right)e\left(E_1,\underset{i\in I_d}{.Math.}{\left({\mathrm{TK}}_{{\rho }_d\left(i\right)}\right)}^{c_i}\right)}=Y^{{\mathrm{st}}^{\prime }}.$

[0140] The outsourcing decryption fog node sends the outsourcing decryption result to the data user.

[0141] The outsourcing decryption result obtained from the outsourcing decryption of the fog node is a semi-ciphertext. The fog node sends the semi-ciphertext to the data user for decryption, specifically:

[0142] The data user verifies a legality of the signature according to a following signature verification equation:

Y.sup.VK.sup.d=VR.

[0143] The data user verifies an integrity of the ciphertext according to a following ciphertext verification equation after verifying that the signature is legal according to the signature verification result:

σ.sub.4=u.sup.′H(SEK)v.sup.′H(d).

[0144] Y.sup.s is restored based on the outsourcing decryption result after the integrity of the ciphertext is verified, the symmetric key is generated based on the KDF, and the symmetric decryption is performed according to the plaintext.

[0145] The aforementioned examples are only preferred embodiments illustrated for fully explaining the present disclosure, and the claimed scope of the present disclosure is not limited thereto. Equivalent substitutions or transformations made by those skilled in the art on the basis of the present disclosure are both within the claimed scope of the present disclosure. The claimed scope of the present disclosure shall be determined by the claims.