Attribute-based encryption (ABE) method with multiple tracing attribute authorities for cloud-assisted internet-of-things (IOT)

What is claimed is: 1. An attribute-based encryption (ABE) method with multiple tracing attribute authorities for cloud-assisted Internet-of-things (IoT), comprising the following steps: performing, by a central authority, system initialization to generate a public parameter and disclosing the public parameter; performing, by each of attribute authorities, initialization based on the public parameter to generate a key pair, wherein the public parameter PP is expressed as: PP═{G, G T , p, e, g, H, H 0 , H 1 , H2}, wherein G and G T each are a multiplicative group of a prime order p, and g is a generator of G; e is a symmetric bilinear map, e:G×G→G T ; and H, H 0 , H1, and H2 each are a collision-resistant hash function, H:{0,1}→G, H 0 :G T →{0,1} nH 0 , H 1 :G T →{0,1} * , H 2 :{0,1} * →{0,1} nH 2 , and disclosing a public key in the key pair; performing, by a data owner, symmetric encryption on plaintext data according to a symmetric key to generate a first ciphertext, generating an integrity verification value according to the first ciphertext, performing ABE on the symmetric key based on a hidden access structure to generate a second ciphertext, and uploading the first ciphertext, the second ciphertext and the integrity verification value to a cloud storage center; requesting, by a data user, a decryption key to the attribute authority according to an own attribute, generating an outsourcing decryption key based on the decryption key and a restored hidden access structure, and sending the outsourcing decryption key to the cloud storage center; performing, by the cloud storage center, semi-decryption on a ciphertext according to the outsourcing decryption key to generate a semi-decrypted ciphertext and feeding the semi- decrypted ciphertext back to the data user; decrypting, by the data user, the semi- decrypted ciphertext according to a private decryption key to obtain the plaintext data; and searching, by the attribute authority through a white-box traceback algorithm in response to key leakage, an identity of a data user corresponding to a leaked key. 2. The ABE method according to claim 1 , wherein the performing, by a jth attribute authority AA A , initialization based on the public parameter PP comprises: randomly selecting three elements h, a and b, from a group Z p *; randomly selecting, for each of attributes i in an attribute set SA y controlled by the attribute authority AA A , two elements a, and fl from the group Z O ; and generating a key pair (PKAu, SKA y ) of the jth attribute authority AA, according to the parameters h, a, b, a, and fl, the key pair (PKAu, SKAA) being expressed as: PK AAJ =({ g α i ,g β i } i∈S AAj ,g hj ,g a j ,g b j ) SK AAJ =({α i ,β i } i∈S AAj ,hj,α j ,b j ). 3. The ABE method according to claim 2 , wherein the performing, by a data owner, symmetric encryption on plaintext data according to a symmetric key to generate a first ciphertext comprises: randomly selecting an element R from the multiplicative group G T , and calculating the symmetric key K sym and a parameter R 0 based on the element R and the collision-resistant hash functions H 0 and H 1 , both the symmetric key and the parameter being respectively pressed as: K sym= H 1 ( R ) R 0 =H 0 ( R ); and performing the symmetric encryption on the plaintext data MSG according to the symmetric key K sym to generate the ciphertext CT sym , and generating the integrity verification value, the integrity verification value V being expressed as: V=H 2 ( R 0 |CT sym ). 4. The ABE method according to claim 3 , wherein the performing ABE on the symmetric key based on the hidden element R in a hidden access structure to generate a second ciphertext, the element R being used to calculate the symmetric key K sym , comprises: hiding an access structure (M, ρ) according to a one-way anonymous key agreement protocol, and converting the hidden access structure (M, ρ) into a linear secret sharing scheme (LSSS) access matrix, a replacement value q i for an ith attribute in the hidden access structure (M, ρ) being expressed as: q i =e ( g hj·a ,H ( i )), wherein, g hj is a parameter of a public key PK AAJ of the jth attribute authority, and H(i) is a hash value of the ith attribute; randomly selecting an element s from the group Z P * as a shared key seed, and generating two random vectors {right arrow over (v)} and {right arrow over (w)}, {right arrow over (v)} and {right arrow over (w)} being respectively expressed as: {right arrow over ( v )}=[ s, v 1 , . . . , v n ]∈Z p n {right arrow over ( w )}=[0, w 1 , . . . , w n ]∈Z p n ; randomly selecting an element p i from the group Z P * for each row M i i n the access matrix, and calculating following two elements: λ i =M i ×{right arrow over (v)} w i =M i ×{right arrow over (w)}; and performing the ABE on the element R to generate the ciphertext CT ABE , the ciphertext CT ABE =(h,C 0 ,{C 1,i ,C 2,i ,C 3,i ,C 4,i ,C 5,i } i∈[1,I] ) being expressed as: h=g a C 0 =R·e ( g,g ) s C 1,i =g λi g α ρiPi C 2,i =g pi C 3,i =g wi g β ρiPi C 4,i =g a j ·pi C 5,i =g b j ·pi . 5. The ABE method according to claim 4 , wherein the requesting, by a data user, a decryption key to the attribute authority according to an own attribute comprises: making a data user registered to the central authority; and feeding, by the central authority, an identity back to a legal data user, the identity comprising an identity number GID and an attribute set S GID ; requesting, by the data user, the decryption key to the attribute authority, the attribute authority generating the decryption key for a controlled attribute in the attribute set S GID , and a decryption key sk {GID,j} =(K 1,i , K 2,i , K 3,i ) generated by the jth attribute authority for the data user having the identity number of GID being expressed as: sk {GID,j} =( K 1,I ,K 2,I ,K 3,i ) K 2,i =H ( i ) hj K 3,i =r, wherein, an element r is an element randomly selected from a group Z P ∖ { - a j + GID b j } ; and combining the decryption key corresponding to the attribute authority to form a final decryption key sk GID . 6. The ABE method according to claim 5 , wherein the generating, by the data user, an outsourcing decryption key based on the decryption key and a restored hidden access structure comprises: restoring, by the data user, the hidden access structure, a restored value q i ′ of the ith attribute in the restored hidden access structure being expressed as: q i ′=e ( h,H ( i ) hj ); searching, by the data user, a subscript set L′={i:(ρ (i) ∩S′ GID ) i∈[1] } of decrypting attributes in the attribute set S GID according to the restored access structure; and randomly selecting an element z from the group Z P *, and calculating an outsourcing decryption key pair ok GID bas