面向电子病历的单向多跳身份基条件代理重加密方案

目的:提出一种单向多跳的身份基条件代理重加密(unidirectional multi-hop identity-based conditional proxy re-encryption,UMH-IB-CPRE)方案,以保障患者电子病历(electronic medical record,EMR)的安全性。方法:基于双线性映射和DBDH(decisional bilinear Diffie-Hellman)困难问题,提出了由系统建立、密钥生成、重加密密钥生成、一级加密、二级加密、重加密、一级解密和二级解密8个算法构成的UMH-IB-CPRE方案,并进行性能验证和一级密文、二级密文的安全性证明。结果:与其他加密方案相比,该方案在实现密文定长、非交互、抗同谋性等属性的基础上,还支持条件控制的代理重加密,且时间消耗少、运行成本低。一级密文、二级密文均满足CPA(chosen-plaintext attack)安全。结论:UMH-IB-CPRE方案在较好地保护用户(患者)隐私安全的前提下大大减少了运算成本,能够解决现实情况下用户隐私不安全和反复授权耗费巨大算力的问题,具有广泛的应用前景。

Unidirectional multi-hop identity-based conditional proxy re-encryption scheme for electronic medical record

Objective To propose a unidirectional multi-hop identity-based conditional proxy re-encryption(UMH-IB-CPRE)scheme so as to ensure the safety of electronic medical record(EMR).Methods A UMH-IB-CPRE scheme was put forward with considerations on bilinear pairing and the difficulty of DBDH,which was composed of eight algorithms for system establishment,key generation,re-encryption key generation,first level encryption,second level encryption,re-encryption,first level decryption and second level decryption.The performance verification and the security proof of first-and second-level ciphertexts were carried out.Results When compared with other encryption schemes,the scheme proposed gained advantages in fixed-length ciphertext,non interaction,complicity resistance,conditional proxy re-encryption,time and cost consumption and etc.The first-and second-level ciphertexts both met the requirements for CPA security.Conclusion The UMH-IB-CPRE scheme greatly reduces the calculation cost under the premise of protection of user(patient)privacy security,and is worthy promoting for enhancing user privacy security and avoiding the waste of computing power due to repeated authorization.