Speech Encryption Scheme Based on Ciphertext Policy Hierarchical Attribute in Cloud Storage

In order to ensure the confidentiality and secure sharing of speech data, and to solve the problems of slow deployment of attribute encryption systems and fine-grained access control in cloud storage, a speech encryption scheme based on ciphertext policy hierarchical attributes was proposed. First, perform hierarchical processing of the attributes of the speech data to reflect the hierarchical structure and integrate the hierarchical access structure into a single-access structure. Second, use the attribute fast encryption framework to construct the attribute encryption scheme of the speech data, and use the integrated access to the speech data; thus, the structure is encrypted and uploaded to the cloud for storage and sharing. Finally, use the hardness of decisional bilinear Diffie–Hellman (DBDH) assumption to prove that the proposed scheme is secure in the random oracle model. 'e theoretical security analysis and experimental results show that the proposed scheme can achieve efficient and fine-grained access control and is secure and extensible.


Introduction
With the rapid development of cloud computing and multimedia technology, cloud storage has become one of the most promising application platforms to solve the explosive growth of data sharing [1]. It can not only save costs but also facilitate the storage and sharing of multimedia data. However, the Elastic Compute Service (ECS) is a basic computing component composed of CPU, memory, operating system, and cloud hard drive, like local PCs and physical servers, and it is not a completely trusted thirdparty server. When the user outsources the data to the ECS, the user will lose the control of the data, especially for the sensitive speech and other multimedia data [2].
In recent years, in order to ensure user privacy and data security, data are usually encrypted and stored in the form of ciphertext to the cloud. Public-key cryptography provides a powerful mechanism to protect the confidentiality of data storage and information transmission. When the data owner wants to share certain information with the data user, must know exactly the data user wants information. In many realworld applications, the data owner wants to share certain information based on some credential policies for the data user. Attribute-based encryption (ABE) schemes provide a powerful method to achieve cloud data security and finegrained access control. However, the existing ABE scheme cannot be fairly evaluated and compared in terms of security and performance. erefore, in order to ensure data confidentiality and fine-grained access control, scholars proposed a ciphertext-policy attribute-based encryption (CP-ABE) [2] scheme suitable for cloud storage, in which the ciphertext is associated with the access structure defined by the data owner and the attribute private key is associated with the properties set of the relevant data user. is scheme has become the preferred encryption technology to solve the challenging problem of secure data sharing in cloud storage.
Speech is an important information carrier in audio. As the most direct and convenient multimedia application to convey information, speech contains important and sensitive confidential contents under certain circumstances, such as meetings, court evidence, military instructions, communication recordings, education system, and health care. ese sensitive information contents involving national and corporate secrets and personal privacy require special attention when storing and sharing. e shared data generally have the characteristic of multilevel hierarchy, especially in the fields of health care, railway transportation, electric power, and military. However, the hierarchical structure of shared data and multiauthority access control are not fully utilized in the CP-ABE scheme. e hierarchical structure can realize fine-grained data access and multilevel hierarchy data file sharing and resist collusion attacks of multiauthority access control in the cloud storage system. In most existing schemes, attributes are considered at the same hierarchy, while in real-world applications, attributes are always at different hierarchies.
To overcome such drawbacks, the proposed scheme adopts speech data with different duration as the object of study, and the hypothetical military command scenario sets relevant attribute parameters. According to the multiattribute characteristics of the instruction scenario, such as confidentiality level, participating units, and operational properties, it performs multilevel hierarchical processing and formulates a hierarchical access policy to process the speech data. A speech encryption scheme based on ciphertext policy hierarchical attribute is proposed. e contributions of this work are as follows: (1) An attribute encryption scheme suitable for speech data is constructed. Using the faster and more secure type-III pairings, only a few pairings are needed for encryption and decryption, which effectively improves the rate of speech data decryption and does not limit the size of access policy and attribution. It is suitable for speech data encryption scenarios under complex attributes. (2) e hierarchical model of access structure is used to solve the sharing problem of speech data with multilevel hierarchy attributes. Speech data are encrypted with an integrated access structure, which can provide fine-grained access control and improves encryption efficiency. (3) Using the DBDH assumption to prove the security of the proposed scheme, which has higher encryption and decryption efficiency and lower complexity. e rest of this paper is organized as follows: In Section 2, we have reviewed existing literature related to CP-ABE. Section 3 describes the preliminaries including the bilinear map, the access structures, the hierarchical access structures, and the DBDH assumption. Section 4 describes the system model, algorithm definition, and security model of the proposed scheme in detail. Section 5 gives the detailed performance analysis. Section 6 gives the experimental results and the performance analysis compared with other related methods, and Section 7 summarizes some conclusions of this paper.

Related Works
At present, the existing CP-ABE scheme is shown in Table 1.
Lian et al. [17] proposed a large universe CP-ABE with efficient attribute-level user revocation, which divides the master key into the delegation key and the secret key and sends to the cloud provider and user separately, thus realizing attribute revocation, reducing the computational load of the central authority, and effectively saving the storage space. Li et al. [18] proposed a lightweight data sharing scheme for mobile cloud computing, which changes the structure of access control tree to make it suitable for mobile cloud environment; it introduces attribute description fields to implement lazy-revocation and reduces the user revocation cost. Bayat et al. [19] proposed an efficient no-pairing and revocable ABE data sharing scheme based on elliptic curve cryptography, which solves the complex problem of bilinear pairing operation. Namasudra [20] proposed an efficient and secure access control model for resource and knowledge sharing in the cloud computing environment based on distributed hash table, in order to improve the performance and security of sharing. Vaanchig et al. [21] proposed a key-escrow-free multiauthority ciphertext-policy attribute-based encryption scheme with dual-revocation; it realizes the data access control scheme of the collaborative cloud storage system. Yu et al. [4] proposed an attributerevoking mechanism without updating the key and a hybrid cloud storage model, which solves the problem of public cloud trust management. Arthur Sandor et al. [14] proposed a decentralized multiauthority attribute-based scheme for mobile cloud data storage, which does not require a trusted central to publish system parameters and generate the user secret key, thus improving data confidentiality and reducing the risk of privacy leakage. e hierarchical access structure helps build an access structure for the fine-grained and multiple permissions of cloud storage. e access structure of all subfiles is integrated into a single-access structure, and the hierarchical files are encrypted with the integrated access structure, and the ciphertext related to attributes can be shared. Li et al. [22] proposed an efficient extended file hierarchy CP-ABE scheme, which solves the flexible access control of users in cloud storage and saves storage space and computation cost. Wang et al. [13] proposed a hierarchical encryption scheme based on an identity-based encryption system and ciphertext policy attributes to solve the problem of fine-grained access control and proposed an extensible revocation scheme to effectively revoke user access rights. Wang et al. [12] proposed an efficient cloud computing file hierarchical attribute encryption scheme, saving ciphertext storage space and encryption time cost. Yang et al. [23] used mandatory access control method, attribute-based encryption, and combined with the characters of classified and graded data, and proposed a secure label-based access control model in object storage to achieve fine-grained access control to a large number of resources with classification and grade in cloud storage.
In recent years, the CP-ABE scheme has not been utilized efficiently in real life. Sowjanya and Dasgupta [24] used the CP-ABE scheme to provide a security framework for the wireless body area networks, and it also has a user/attribute revocation mechanism. Liang et al. [25] proposed a privacy protection distributed attribute encryption scheme based on the Lewko and Waters scheme [26] by introducing global identities (GIDs) to security share personal health record and communicate health status with hospitals or doctors. Meng et al. [27] aiming at the problem of illegal access to private and sensitive information in smart cities proposed a new keyword search CP-ABE scheme to encrypt or decrypt Internet of things (IoT) data in cloud storage. Ali et al. [9] proposed an efficient multiauthority access control scheme for the employee attribute scenarios of large companies, which realized privacy protection, multiauthority access control, and fine-grained access control to stored data. De Oliveira et al. [28] aimed at the problem that the healthcare professional could not obtain the patient's complete electronic medical records (EMRs) in the medical emergency situation and proposed a protocol based on CP-ABE scheme, through which all the treatment teams participating in the emergency rescue can security decrypt the relevant data of the patient's EMRs. Pournaghi et al. [29] provided a scheme for recording and storing medical data based on blockchain technology and attribute encryption, which realized fine-grained access control of medical patient data and secure storage on blockchain. In order to solve the problem that searchable encryption technology does not consider the fine-grained search authority of data users, Niu et al. [30] used attribute-based encryption technology to achieve finegrained access control of data and used the tamperproof feature of the blockchain to ensure the keyword ciphertext security.
In summary, most of the existing CP-ABE schemes encrypt text or random numbers, and as the number of attributes increases and the complexity of the access policy increases, the encryption and decryption time will also increase, and the deployment cost will become very expensive. At present, the CP-ABE scheme solution has been mainly used in the medical system and the IoT, and there are few application scenarios for encrypting speech data. erefore, we present a ciphertext-policy attribute-based speech encryption scheme under different attribute hierarchies. e proposed scheme makes corresponding attributes and policies according to the assumed multilevel characteristics of military command speech scenes and adopts MNT224 curves to realize the pairings operation of asymmetric bilinear maps [31], improves the efficiency of decryption data, and adjusts the hierarchical access policy scheme for speech scenarios. e scheme does not need to change the public parameters or encryption algorithm and considers the access policy optimized for personalized users.

Bilinear Maps.
Let G 0 and G T are two multiplicative cyclic groups with a prime order, where g is a generator in G 0 , and e: G 0 ×G 0 ⟶G T is the bilinear map that satisfies the following properties: Let GroupGen is an asymmetric paired group generator, input parameter 1 λ , and generate three groups of multiplicative cyclic groups G 0 , G 1 , and G T with a prime order p. If there is no valid homomorphic calculation between two multiplicative groups, the pairing is asymmetric or Type-III. Type-I pairing has serious security problems [32], Type-III pairing can be easily converted to Type-I (by taking G 0 � G 1 ), and using the Type-III pairing cryptogram protocol (such as ABE), the main reason is to improve encryption and decryption performance and security [33]. Type-III pairing structure has been deployed in several practical applications, such as the zk-SNARK algorithm is used to protect the privacy of blockchain transactions [34].

CP-ABE category Description
Revocable CP-ABE constructions [3,4] It can achieve fine-grained revocable access control. According to the fine-grained difference, the revocation mechanism is divided into user revocation and attribute revocation; according to nonrevoked users, it is divided into indirect revocation and direct revocation.
Traceable CP-ABE constructions [5] It can realize fine-grained and traceable access control mechanism, responsible for user traceability and attribute authority responsibility, which can be divided into white-box traceability and black-box traceability.
Policy-hiding CP-ABE constructions [6] Hide related attributes and have a fine-grained access control mechanism for attribute privacy protection. It can be divided into fully hidden and partially hidden. Currently, there is no specific and completely hidden CP-ABE scheme.
Policy-updating CP-ABE constructions [7] Involving proxy re-encryption, it is impossible to change the secret access policy. In an emergency, the policy update policy can be adopted. Used to implement fine-grained access control for policy updates. Multiauthority CP-ABE constructions [8] It can realize fine-grained distributed access authority and can be divided into centralized CP-ABE and distributed CP-ABE according to whether there is a central organization. Hierarchical CP-ABE constructions [9][10][11][12][13] It can achieve hierarchical fine-grained access control. e delegation of access privilege is organized in a hierarchical manner. Online/offline CP-ABE constructions [14] In order to reduce the amount of calculation of the data owner and attribute authority, offline encryption or offline key generation can be used. Outsourced CP-ABE constructions [15,16] In order to support resource constrained users (data users, data owners, and central authority), laborious calculations are outsourced to third-party servers in the encryption and decryption process.

Access Structure.
e access structure is a logical structure that describes the access control policy; it specifies a set of attributes required to access a certain ciphertext speech and defines the authorized sets and the unauthorized sets. e access structure in ABE defines an internal relationship between user access rights and access control policies, which are described as follows.
Let P � {P 1 , P 2 , . . ., P n } represent the set of participants, . ., Pn} \{Ø}. e subset in the set A is called the authorized set, and the set that is not in the set A is called the unauthorized set.
In the proposed CP-ABE scheme, attributes are participants.
e attribute set that can satisfy the associated ciphertext speech access structure is the authorization set defined above, the users attribute set that can decrypt the ciphertext speech legally and correctly. Monotonicity means that after an authorized user obtains more attributes, he cannot lose his own privileged attributes. Unless otherwise specified in this paper, the access structure is monotonous.

Linear Secret Sharing Scheme (LSSS).
Let p be a prime order, U be the attribute universe, and P � {P 1 , P 2 , . . ., P n } represents the set of participants. e access structure of a secret sharing scheme II on Z p is linear on U, if and only if II is composed of the following two conditions: (1) Each attribute has a secret random number s ∈ Z p to be shared and generates a vector on Z p (2) For each access structure S on U, there is a shared generating matrix M ∈ Z p l×n , let M be a matrix of size l × n; ρ:{∀i ∈ [1, l]:M i }⟶{∀i ∈ [1, l]:P i } is a mapping that maps each participant to a certain row vector in matrix M, that is ρ(i) � P i , where M i is the i-th row in M and satisfies the following condition: In the process of generating the shared matrix, firstly, generate a random column vector v � (s, y 2 , y 3 , . . . , y n ) T , where y 2 , y 3 , . . ., y n ∈ Z p ; then, calculate M·v to generate a l-dimensional row vector, each element of the vector λ ρ(i) � M (i) •v will be kept by a participant ρ(i). (M, ρ) is the policy of access structure S. e matrix M ∈ Z p is n 1 × n 2 in the proposed scheme, and the mapping π:{1, 2, . . ., n 1 } ∈ U, Lewko and Waters [35] proposed a simple and effective way to convert any monotonic Boolean formula F into (M, π), so that each row in M corresponds to the input in F, and the number of columns in the matrix is the same as the number of AND gates in F, and each element in M is 0, 1, or −1.

Hierarchy Access Tree.
Let Γ be a hierarchical access tree structure [10] divided into k access levels. e node of the access tree is represented as (p, q). p represents the number of rows of the node (from top to bottom), and q represents the number of columns of the node (from left to right). As shown in Figure 1, each node can be expressed as A � (1, 1), , and for the convenience of describing the access tree Γ, the following definitions are made: (1) (p, q) represents a node of the access tree Γ. If (p, q) is a leaf node, it is represented as an attribute. If (p, q) is a nonleaf node, it is represented a threshold gate: "AND", "OR", etc. In the figure, node C is represented as an attribute, and node E is represented as an AND gate.
represent the level nodes of the access tree Γ; Γ is divided into k access levels, and the levels of the nodes are arranged in descending order.
(p 1 , q 1 ) is the highest level, and (p k , q k ) is the lowest level. As shown in the figure, (p 2 , q 2 ) represents the second level. (3) num (p, q) represents the number of child nodes of the node Γ in access tree, as shown in the figure, num B � 2. (4) k (p, q) represents the threshold of access tree Γ node, and 1 ≤ k (p, q) ≤ num (p, q) . As shown in the figure, k E � 2 means "AND" gate.

Decision Bilinear Diffie-Hellman (DBDH) Assumption.
e DBDH assumption is defined in the form of a game. A challenger B selects a set of groups G 0 with a prime order p according to the security parameters of the system. Let e: G 0 × G 0 ⟶G T be an effective bilinear mapping, select generator g ∈ G o and random parameters a, b, c, ∈ Z p . e DBDH of the bilinear group G 0 and G T is assumed as follows: given the input g, g a , g b , g c ∈ G o , an adversary A needs to distinguish the tuple e(g, .g) abc from the random element R ∈ G T , which can distinguish between e(g, .g) abc and R. e advantage of defining algorithm B to solve the DBDH problem [22] is defined as If there is no probabilistic polynomial time (PPT) algorithm B to solve the DBDH problem under the bilinear group G 0 and G T with a non-negligible advantage, then the DBDH assumption is established. Figure 2 shows the system model of the ciphertext policy hierarchical attribute encryption scheme. In this scenario, the data owner is the military command center. Data users are different according to the actual situation. For example, command posts at all levels of a certain army, combat personnel at all levels, intelligence departments of various units, etc., have different access rights, such as the specific content of the access instruction and the basic elements of the instruction, and there are different attributes, such as a certain division-level cadre, a certain regiment-level cadre, a certain intelligence personnel, and a certain fire control system operator.

System Model.
e system model of the proposed scheme consists of four different entities: central authority (CA), data owner (DO), data user (DU), and cloud service provider (CSP) as shown in Figure 2. Figure 3 shows an example of a hierarchical access structure.
(1) Central authority (CA): It is a completely honest and trusted entity that performs user registration of cloud storage and generates a private key for each data user through interaction with the user. is entity mainly executes two algorithms: Setup and Keygen.
(2) Cloud service provider (CSP): It is a semitrusted entity related to modern military systems, which can honestly perform assigned tasks and return right results. CSP does not participate in the implementation of access control or the encryption and decryption process, and only authorized users can obtain data. However, it hopes to discover sensitive contents as much as possible. In the proposed scheme, ciphertext speech storage and transmission services are provided. e proposed scheme assumes application scenarios for speech encryption in cloud storage, such as conferences, court recordings, or military commands. When the military command center uploads instructions to the cloud service provider, it performs related operations as the data owner. e military command center divides the command msg into two elements, m 1 and m 2 , where m 1 may include basic command elements such as command level, command purpose, and command information. In addition to these basic command elements, m 2 also contains the specific content, execution steps, and troops participating in the war and equipment used. In the framework constructed in Figure 3, the central authority confirms the data user's request for access and generates some parameters. Shared speech data include hierarchical access policies, and a speech data or file is divided into sublevels that are located at different access levels. If the speech data or files of the same hierarchical structure can be encrypted with the integrated access structure, the storage consumption after encryption and the time consumption of encryption can be saved.
According to the actual application scenario, the data owner adopts a ciphertext policy attribute encryption scheme with a hierarchical access structure and uses different access policies to encrypt the speech data m 1 and m 2 .
As shown in Figure 3, a certain divisional cadre needs to access basic instruction elements such as instruction level, instruction purpose, and instruction information in order to quickly respond and execute the instructions issued. e detailed information that a regiment-level cadre needs to access includes specific instruction elements such as specific  Security and Communication Networks content, execution steps, and combat personnel equipment. Suppose that the command center sets the access structure of m 1 to T 1 {("Colonel" AND "Regiment-level cadre") AND "Divisional cadre"} and the access structure of m 2 is set to T 2 {"Colonel" AND " Divisional cadre "}. Encrypted speech data m 1 and m 2 need to be encrypted twice with access structures T 1 and T 2 , respectively, to generate ciphertext data CT 1 and CT 2 . In these two access structures, T 2 is a subset of T 1 and T 1 is an extension of the T 2 access structure. erefore, there is a hierarchical relationship, and the ciphertext CT can be generated through the integrated access structure T to encrypt the speech data m 1 and m 2 , thus solving multilevel speech data or file sharing issues. Encryption complexity and encryption overhead will be significantly reduced, and data users can decrypt all authorized speech data or files by generating keys through the transport node in Figure 1.

Concrete Construction.
e proposed scheme is based on the ciphertext policy hierarchical attribute encryption scheme. In order to reduce the computational complexity and encryption and decryption time, a Type-III pairing group is adopted. Let G 1 and G 2 be an asymmetric pairing group with a prime order p, and e: G 1 × G 2 ⟶G T is an asymmetric bilinear map. λ is a security parameter that determines the size of the set. Use the hash function G 2 , which is a random oracle model and map any binary string to the elements G 1 .   (1) Setup(1 λ )⟶(MSK, PK): e setting algorithm gives a security parameter λ as input and does not accept any input other than the implicit security parameter and outputs a public key PK and a master key MSK e algorithm executes GroupGen(1 λ ) to input the security parameter λ and generates a pair of asymmetric paired groups G 1 and G 2 with a prime order p, where g is the generator of G 1 , and h is the generator of G 2 . Randomly choose α, β ∈ Z p , c ∈ Z p * , and output the public key PK as shown in equation (2): (2) e system master secret key MSK is shown in equation (3): (2) KeyGen(PK, MSK, A)⟶(pk): e key generation algorithm takes the public key PK, the master secret key MSK, and a set of attributes describing the key as input and outputs a private key pk. e algorithm randomly chooses δ, σ A , σ′ ∈ Z p , A ∈ A is a set of attributes of attribute A, where k 0 , k, k p are shown in equations (4)- (6): where t � 1,2. g, h, α, β, g v and other elements come from the master secret key MSK. Output user private key pk � (k 0 , k, k p ). (3) SpeEncrypt(PK, msg, S)⟶(CT): the speech encryption algorithm takes the public key PK, the speech message digest msg after the original speech processing, and the integrated access structure S as input. e algorithm encrypts msg and generates ciphertext CT. e algorithm opens and reads the format and data of the wav file, returns the information of the wav file format at one time, and obtains a tuple including the number of channels, the number of quantization bits, the sampling frequency, and the number of sampling points. Read waveform data, sound data, and transfer the length of the data that needs to be read. e speech waveform data is converted into the number of channels and the number of quantization bits, and the read binary data is converted into a computable data msg. Randomly choose η ∈ Z p , Μ is a matrix with n 1 rows and n 2 columns; i � 0, 1, . . ., n 1 ; l � 1, 2, 3. Output ciphertext CT � (ct 0 , . . ., ct n1 , cp), where ct il , c p are shown in equations (7) and (8).
cp � msg · e(g, h) (αc+c)η . (8) (4) Decrypt(PK, CT, pk)⟶(msg or ⊥): the decryption algorithm takes the public key PK, the ciphertext CT containing the integrated access policy S, and the private key pk is the private key of any set of attributes in the attribute set A � {A 1 , A 2 , . . ., A i }, the decryption algorithm is If the attribute A i satisfies the corresponding policy in the access structure S, the corresponding ciphertext data can be decrypted, then the algorithm will decrypt the ciphertext data and return the message msg, otherwise the output decryption fails ⊥.

System Security Model.
e proposed scheme assumes that the potential attacker of the cloud storage system is that each DU is considered a dishonest malicious user and may try to obtain data access permissions beyond the access permissions. It is assumed that the adversary A in this system means that the unauthorized user does not have enough attributes to satisfy the encrypted data access policy and will not decrypt the encrypted data. e security model of the scheme is based on the security model of the classic CP-ABE scheme [22,26]. Assuming that the access structure has only one level node, the CPA security game between adversary A and challenger B is defined as follows: Initialization: A selects an access structure S * that he wants to challenge and gives it to the challenger B. Setup: B executes the algorithm of the proposed scheme, outputs the PK, and gives it to A. Phase1: A does multiple private key queries on the attribute set A � {A 1 , A 2 , . . ., A i }, none of the attribute set A i satisfies S * , and runs the KeyGen algorithm to execute these queries. Challenge: A selects two pieces of data m 1 and m 2 of equal size and needs to accept query operations. Randomly selects m k , where k ∈ {1,2}, and encrypts it under the access structure S * , and returns the generated ciphertext CT * to A. Phase2: A repeatedly makes the queries as the same as the phase 1. Guess: A outputs a guess k * of k. A wins this game if k � k * . e advantage for A in the above game ε � Adv CPA A (1 λ ) is Security and Communication Networks 7 Definition 1. e proposed scheme is secure if no PPT adversary is able to win the above mentioned security game with a non-negligible advantage ε.

5.1.
eoretical Analysis. e encryption scheme of the proposed scheme is provided for the entity data owner and the data user, and assuming the data owner is the scheme set above, m hierarchical speech data with k access levels are shared in the cloud storage.
Data owner (DO) computing cost: the proposed scheme provides a hierarchical model of access structure and achieves multilevel speech data sharing, and the speech data is encrypted using an integrated access structure. erefore, the data owner only needs to run the encryption algorithm once to encrypt different levels of speech data to generate ciphertext data. e public key of the system only needs to be calculated once, and the generation of the private key only needs to be calculated once, thus improving the encryption efficiency of the data owner. Data user (DU) computing cost: in the decryption process, since the transmission is added to the access structure with k level nodes, the data user can decrypt the authorized data according to its own attributes. In addition, the traditional Boolean formula is replaced with LSSS, which only requires a small amount of pairing calculations to pair the data during encryption and decryption, thus improving the time efficiency of data users.

Security Analysis
Theorem 1. If the adversary has a non-negligible advantage in a defined secure game under the random oracle model, then at least one probabilistic polynomial time simulator S can solve the DBDH problem with a non-negligible advantage.
at is, assuming that there is a polynomial time adversary A at the non-negligible advantage ε � Adv A CPA (1 λ ), which breaks the CPA security of this scheme, the advantage ε/2 can be constructed to solve the DBDH problem, where ε is the advantage to solve the DBDH assumption problem.
Proof : Given the defined asymmetric bilinear mapping e security parameter P λ � (G1, G2, GT, g, h, p), the challenger B chooses a′, b′, c′, z ∈ Z p * , and a random bit value v ∈ 0, 1 { }. If v � 0, B creates Z � e(g, h)a ′ b ′ c ′ ; otherwise, Z � e(g, h)z, assuming that the simulator C gives the B tuple (g, h, ga ′ , gb ′ , gc ′ , h b ′ , h c′ , Z), then Cwill play the role of B in the subsequent security games.
Initialization: e simulator S runs the adversary A; A describes the access structure S * that wants to challenge and gives it to S. Setup: S computes the public key PK � e(g, h) a ′ c ′ + c ′ and sends it to A. Furthermore, choose a challenging access structure S * and send it to A. Phase1: e adversary A queries the private key of the attribute set A � {A 1 , A 2 , . . ., A i }, and there is no A i that satisfies the access structure S * . For any attribute j ∈ A i , A randomly selects a j ′ ∈ Z p and computes the private key as shown in equation (11): Send the PK�(D, D′, D′′, ∀j ∈ A) to the adversary A.
Challenge: A selects two pieces of data m 1 and m 2 of equal size and send them to S; S randomly selects a piece of data m k , where k ∈ {1, 2}, and encrypts it under the access structure S * . S computes the ciphertext data CT * and sends it to A. Phase2: the adversary A repeatedly makes the queries as the same as the query phase1 operation. Guess: A outputs a guess of k * of k, If k � k * , the simulator S outputs 0, which means Z � e(g, h) a′b′c′ . Else, it outputs 1, which means Z � e(g, h) z . If Z�e(g, h) z , the simulator S generates an effective ciphertext CT * under the advantage 1/2 + ε in the above-mentioned way, where ε is the advantage of the adversary A guessing a right bit: If Z � e(g, h) z , the data m k is completely hidden from the adversary A, so the inequality k≠k * holds with an advantage 1/2: It can be concluded that the compute of the advantage in the above CPA secure game is defined as □

Fine-Grained Access Control and Flexible Data
Sharing. e proposed scheme is based on the CP-ABE scheme, which can realize DO's precise control of the speech data. DO builds an integrated access structure to encrypt the speech data according to the access policy of each speech data that wants to be encrypted and shared. e access policy describes the individual attributes of DU. For example, "Position: Battalion Cadre" AND ("Position: Company Cadre "AND" Rank: Captain") allows users with a battalion cadre or a position or military rank of major or lower to successfully access data, achieving fine-grained access control and flexible sharing.

User Revocable.
e problem of denying access requests from users who have been revoked in the proposed scheme can be realized by embedding time stamp mechanism in the private key of the DU, which can ensure that the DU updates its attribute parameters to access the encrypted speech data again. is ensures that DU does certain lazy revocation of access control. More complex and complete revoking mechanisms, such as using proxy re-encryption mechanism to recalculate ciphertext, or using attribute authority (AA) to constantly update public parameters and issue key credentials to users who have not been revoked, are beyond the scope of the proposed scheme. Reference [17] further discusses and studies the mechanism of attribute revocation and user revocation.

Performance Comparison of Different Schemes.
In order to reflect the advantages of the proposed scheme, the evaluation indexes between the proposed scheme and ABE schemes in References [16,26,30] are compared from the aspects of function and storage cost, such as access structure, speech encryption, speech application scenarios, ciphertext, and key size. e comparison results are shown in Table 2. Table 3 defines the symbols used in the evaluation of indicators in Table 2. It can be seen from Table 2 that Reference [26] is a classic CP-ABE scheme, which realizes the basic functions and uses access tree to construct access policy, the implementation uses a 160-bit elliptic curve group based on the super-singular (SS) curve y � x 3 + x over a 512-bit finite field, and the PBC library can compute pairings in approximately 5.5 ms. Reference [16] converts the CP-ABE scheme into an asymmetric bilinear mapping, using the symmetric elliptic curve (SS512) of the Charm library. Use this scheme to encrypt speech data and compare it with the experimental results of this paper. Reference [30] uses a cloud-assisted attribute-based searchable encryption scheme on blockchain, which uses C programming language and uses 512-bit elliptic curve domain to construct Type-I bilinear pairings. e proposed scheme realizes the encryption of multiple speech data through hierarchical access tree structure and linear secret sharing scheme, and it does not limit the number of user attributes and is suitable for complex speech scenarios. In order to improve efficiency, the proposed scheme uses prime order groups. In order to improve security, uses asymmetric encryption mechanism.

Experiment Analysis.
In the experiment, the Charm-Crypto [36] is an ABE framework under Python, which integrates libraries such as OpenSSL, PBC, GMP, and other related architectures in the field of network security and implements the proposed scheme based on the cpabe toolkit [26]. On a laptop with Windows 10 operating system, the hardware environment is Intel Core i5-4210H 2.9 GHz, and the running memory is 16 GB using a VMware Workstation 15 Pro virtual machine to build the Ubuntu 20.04 Linux operating system with 4 GB of memory. Linux Python 3.8 and Charm-Crypto 0.50 software version are used, and the speech data from THCHS-30 [37], a Chinese speech database released by the Center for Speech and Language Technology (CSLT) of Tsinghua University, are used to conduct experiments. e proposed scheme converts the CP-ABE into asymmetric bilinear map.
e Charm library uses only asymmetric metric groups and uses the Type-III MNT224 curve supported by the Charm library with order security 96 bit. All the following runtimes are the result of running 10 times and averaging under the premise that MNT224 security 96 bit. e evaluation performance indicators required by the scheme are shown in Table 4, and the userdefined parameters are shown in Table 5. e threshold gates in the attribute policy are all connected by "AND" gate. Encryption of data requires access policy attribute X, decryption requires policy attribute Y, X � Y � 2, 4, ..., 20. Convert the access policy to Boolean formulas, and then use the method of Water et al. [38] to convert Boolean formulas to LSSS. e advantage is that the generated matrix has only 0, 1, and −1 options, and the reconstructed coefficient is only 0 or 1. Figure 4 shows the results of the comparison between different parameters of the proposed scheme and the running time of each algorithm. Figures 4(a) and 4(b) shows the comparisons of the number of attributes of data users, the number of attributes in the access structure, and the running time of each algorithm. Keep the same access policy, it can be seen from Figure 4(a) that the number of user attributes increases, the private key generation time will slowly increase, and the encryption and decryption time will not increase as a result. Keep the number of attributes in the private key the same; it can be seen from Figure 4(b) that the number of attributes in the access policy increases, the encryption time will slowly increase. Since the increase of the attribute will increase the pairing operation of the bilinear mapping, it will affect the running time. Figures 4(b) and 4(d) shows the comparisons of the number of access structure hierarchies and the size of encrypted speech data and time. It can be concluded that an increase in the number of access hierarchies will lead to an increase in attributes in the access policy; therefore, the encryption time will also increase. e access hierarchy policy is embedded in the data, so the size of the speech data will not affect the increase in encryption time, but it will affect the decryption time. As the data increases, the decryption time will also increase because it needs to be performed multiple pairing operations in the ciphertext, and the plaintext data can be decrypted when certain policy is satisfied. From Figure 4, it can be concluded that the decryption operation time of the proposed scheme will not increase linearly with the increase of the number of attributes, so it is suitable for the large attribute universe scheme and is suitable for complex multiattribute speech encryption scenarios. Figure 5 shows the experimental comparison results between the proposed scheme and Sethi's scheme (2020) [16] in terms of efficiency.
As shown in Figure 5(a), the key generation time of the proposed scheme increases with the number of attributes, and the key generation time increases linearly with the increase of the number of attributes, but the time efficiency of the proposed scheme is significantly better than that of Reference [16]. Figure 5(b) shows the encryption time of the proposed scheme does not increase with the increase of attributes. Because the proposed scheme transforms the access strategy from Boolean formulas to linear secret

Evaluation index number
Reference [16] Reference [26] Reference [30] Proposed 1  Type-I  Type-I  Type-I  Type-III  2 LSSS Access tree Access tree

Metrics Definitions
Setup Enter a safety parameter randomly, the more the number of cycles, the higher the efficiency and the shorter the running time.

Keygen
In addition to inputting the public key, the master key, and a set of attributes, a random number is selected on a finite field and the attribute private key is generated. e more the number of cycles, the higher the efficiency and the shorter the running time.
Encryption time It takes time to encrypt plaintext data into ciphertext data. If the system consumes less time, the efficiency of the system is better.
Decryption time It takes time to ciphertext data into plaintext data using generated keys. e honest and trusted third-party service provider generates the key. If the system consumes less time, the efficiency of the system is better. Number of attributes e number of attributes that are given to user/person to encrypt/decrypt the data or/and to access data stored at cloud. Attributes are given to data users by authorized person or entity. Size of data e size of the speech data to be encrypted and the owner of the data to be encrypted.   sharing scheme, the time efficiency of encryption is improved and the structure advantage hierarchy access tree is fully utilized and provides the speech user more convenient and fast service efficiency and data collection efficiency. It can be seen from Figure 5(b) that the encryption efficiency is better than that of Reference [16]. It can be seen from Figure 5(c) that the decryption efficiency of the proposed scheme is not as efficient as that of Reference [16]. e scheme of Reference [16] uses Boolean formulas for exponential operation during decryption, and the proposed scheme performs multiplication in cyclic groups.

Conclusions
In order to achieve the secure storage and sharing of speech data and fine-grained access control in the cloud environment, in this paper, a speech encryption scheme based on ciphertext policy hierarchical attribute for multiattribute speech scenes and relevant attributes and access policies suitable for military speech command application scenarios are constructed. e proposed scheme is suitable for large attribute universe scenes, and it uses the characteristics of multiple attributes of the speech scene to perform hierarchical processing to reflect the hierarchical structure, constructs the access policy into an integrated structure, and uses the attribute fast encryption framework to construct the attribute encryption scheme of the speech data; adopts asymmetric bilinear map, performs pairing operations, encrypts speech data with an integrated access structure and saves storage space and calculations, and achieves fine-grained access control. eoretical analysis and experiments show that the proposed scheme can effectively improve the efficiency of key and ciphertext generation by using hierarchical access trees, solve the problems of slow deployment of attribute encryption systems and fine-grained access control, and can be further applied to the actual speech application scenarios, such as railway transportation and electric power.

Data Availability
Previously reported speech data were used to support this study and are available at https://arxiv.org/abs/1512.01882 and are cited at relevant places within the text as reference [37].

Conflicts of Interest
e authors declare that there are no conflicts of interest regarding the publication of this paper.