屬性加密系統及其應用

Abstract

橢圓曲線密碼學(elliptic curve cryptography, ECC)是屬於一種非對稱式金鑰系統中的密碼理論，而屬性加密系統(attribute-based encrytion, ABE)則是應用橢圓曲線密碼學的原理的其中一個知名的加密系統，他透過根據不同屬性來區分使用者，藉此達到權限控制的目的，意指不同屬性的使用者，可以解開的密文並不相同。由於越來越多使用者將資料上傳至雲端備份，並將檔案分享給特定使用者，存取控制的議題日趨重要，屬性加密系統將可以有效率地實踐在雲端平台上的存取控制、將屬性加密實作在電子病歷(electronic medical records, EMR)，則可以保障病患的個資，總之屬性加密可以使用在需要存取控制的系統上，只讓特徵符合規則的使用者能夠觀看到加密檔案的原文。 在此篇論文中，我們不僅僅是蒐集不同的屬性加密系統和他們相關的應用而以， 我們更用PBC資料庫，親自實踐瓦特的屬性加密系統。另外，我們由此觀察分析在 此系統中雙線性映射函數運算的重要性，並找到一些關鍵的元素可以加速雙線性映 射函數的運算。我們也注意到不同特性的橢圓曲線適合不同的應用系統。

Elliptic curve cryptography(ECC) is a kind of public key cryptosystem, and attribute-based encryption( ABE) is one of the well-known applications of ECC. Nowadays, more and more users upload and store their files in cloud. Once users want to share their files with specific users, the access-control issues arise. ABE can efficiently fulfill fine-grained access control in the file sharing system. ABE system has been successfully used in the electronic medical records(EMR), which protect the confidentiality of patients’ personal information. ABE is also applicable in the system which needs access control so that the hidden messages/information would be revealed only when the users’ attributes match the rules. Moreover, since ABE uses pairing function to do the computation, it is also known as an implementation of pairing-based cryptography. In this thesis, we describe different schemes and applications of ABE, and also implement the Waters’ CP-ABE in Pairing-Based Cryptography(PBC) library. Furthermore, we observe how important the pairing operation is in the Waters’ CP-ABE and figure out the crucial factors in the elliptic curves to accelerate the pairing operation. We also report the different traits of these curves and recommended suitable curves for various applications.