已有基于属性的认证密钥交换协议都是在单属性机构环境下设计的,而实际应用中不同属性机构下的用户也有安全通信的需求.该文在Waters属性基加密方案的基础上提出了一个多属性机构环境下的属性基认证密钥交换协议,并在基于属性的eCK(extended Canetti-Krawczyk)模型中将该协议的安全性归约到GBDH(Gap Bilinear Diffie-Hellman)和CDH(Computational Diffie-Hellman)假设,又通过布尔函数传输用线性秘密共享机制设计的属性认证策略,在制订灵活多样的认证策略的同时,显著地降低了通信开销.%Available Attribute-Based Authenticated Key Exchange (ABAKE) protocols are all designed in the single Attribute Authority (AA) environment. However, secure communication is in demand between parties from different Attribute Authorities (Aas). Based on Waters' attribute-based encryption scheme, an ABAKE protocol is proposed in multiple Aas environment and the security of the proposed protocol is reduced to Gap Bilinear Diffie-Hellman (GBDH) and Computational Diffie-Hellman (CDH) assumptions in the Attribute-Based extended Canetti-Krawczyk (ABeCK) model. Moreover, the scheme, which transmits attribute authentication policy represented by linear secret sharing scheme via Boolean formulas, can express flexible policies and decrease communication cost drastically.
展开▼
