(1School of Cyberspace Security/ School of Cryptology, Hainan University, Haikou 570228, China; 2Management School, Hainan University, Haikou 570228, China)
Abstract: Aiming at the problems of high computing cost and authority control in existing medical data sharing schemes, a medical data access control system based on a revocation multiattribute agency authorization scheme and state secret algorithm SM2 is proposed. Compared with the traditional CPABE revocation algorithm, the improved CPABE algorithm in this paper does not need to reencrypt all the encrypted files or update the keys of all legitimate users, but only needs to update the ciphertext associated with the revoked attributes. Experimental results show that the designed system is about 10% faster than traditional schemes in the encryption and decryption performance. In addition, the multiattribute authority, flexible revocation mechanism, national secret algorithm SM2 and global trusted Certificate Authority (CA) are integrated into CPABE in this paper, which can ensure the security of communication of the forward, backward and multiattribute authority in the system and effectively resist forgery attacks and collusion attacks.
Key words : attribute encryption;state secret algorithm SM2;medical data sharing; multiattribute authorization
