Skip to main content
Springer Nature Link
Log in

Ciphertext-Delegatable CP-ABE for a Dynamic Credential: A Modular Approach

  • Conference paper
  • First Online:
Information Security and Privacy (ACISP 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11547))

Included in the following conference series:

  • 1354 Accesses

Abstract

We introduce a new technique converting Ciphertext-policy Attribute-based Encryption (CP-ABE) to Ciphertext-delegatable CP-ABE (CD-CP-ABE). Ciphertext delegation is an important technique to deal with dynamic credentials, which enable users to be joined and revoked at any time while the system is operating. The delegation of CD-CP-ABE allows third parties such as cloud or proxy servers to convert a ciphertext to the other one with a more restrictive policy. Therefore, it can be used to revoke users dynamically in an access control system. Prior to our work, a delegation algorithm of CD-CP-ABE is not generic and the completeness of the delegation is shown when the size of the delegated access structure increases quadratically with the sizes of original and revocation access structures. In this paper, we provide a generic delegation algorithm to reform CP-ABE to CD-CP-ABE. We generalize properties necessary for the ciphertext delegation using the syntax of encodings for the modularity and construct a generic delegation algorithm based on those properties. In our new technique, we build the delegated access structures, which generally determines the size of the ciphertext, in a defined way. The size of delegated access structures grows only linearly with those of original and revocation access structures. Through presenting instances, we show that our technique is readily applicable to existing CP-ABE schemes including CP-ABE scheme with non-monotonic access structures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    We will explain the detailed properties required for this composition method in Sect. 4.

References

  1. Abdalla, M., et al.: Wildcarded identity-based encryption. J. Cryptol. 24(1), 42–82 (2011)

    Article  MathSciNet  Google Scholar 

  2. Abdalla, M., De Caro, A., Phan, D.H.: Generalized key delegation for wildcarded identity-based and inner-product encryption. IEEE Trans. Inf. Forensics Secur. 7(6), 1695–1706 (2012)

    Article  Google Scholar 

  3. Attrapadung, N.: Dual system encryption via doubly selective security: framework, fully secure functional encryption for regular languages, and more. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 557–577. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_31

    Chapter  Google Scholar 

  4. Attrapadung, N., Imai, H.: Attribute-based encryption supporting direct/indirect revocation modes. In: Parker, M.G. (ed.) IMACC 2009. LNCS, vol. 5921, pp. 278–300. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10868-6_17

    Chapter  Google Scholar 

  5. Attrapadung, N., Imai, H.: Conjunctive broadcast and attribute-based encryption. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 248–265. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03298-1_16

    Chapter  MATH  Google Scholar 

  6. Attrapadung, N., Yamada, S.: Duality in ABE: converting attribute based encryption for dual predicate and dual policy via computational encodings. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 87–105. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16715-2_5

    Chapter  MATH  Google Scholar 

  7. Beimel, A.: Secure schemes for secret sharing and key distribution. Ph.D. thesis, Israel Institute of Technology, Technion, Haifa, Israel (1996)

    Google Scholar 

  8. Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_26

    Chapter  Google Scholar 

  9. Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_40

    Chapter  Google Scholar 

  10. Goodrich, M.T., Sun, J.Z., Tamassia, R.: Efficient tree-based revocation in groups of low-state devices. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 511–527. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_31

    Chapter  Google Scholar 

  11. Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Juels, A., Wright, R.N., De Capitani di Vimercati, S. (eds.) ACM Conference on Computer and Communications Security, pp. 89–98. ACM (2006)

    Google Scholar 

  12. Kim, J., Susilo, W., Guo, F., Au, M.H.: A tag based encoding: an efficient encoding for predicate encryption in prime order groups. In: Zikas, V., De Prisco, R. (eds.) SCN 2016. LNCS, vol. 9841, pp. 3–22. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44618-9_1

    Chapter  MATH  Google Scholar 

  13. Lewko, A.B., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 62–91. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_4

    Chapter  Google Scholar 

  14. Lewko, A.B., Sahai, A., Waters, B.: Revocation systems with very small private keys. In: IEEE Symposium on Security and Privacy, pp. 273–285 (2010)

    Google Scholar 

  15. Lewko, A.B., Waters, B.: Unbounded HIBE and attribute-based encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 547–567. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_30

    Chapter  Google Scholar 

  16. Liu, Z., Wong, D.S.: Practical ciphertext-policy attribute-based encryption: traitor tracing, revocation, and large universe. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 127–146. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-28166-7_7

    Chapter  Google Scholar 

  17. Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_3

    Chapter  Google Scholar 

  18. Nikov, V., Nikova, S.: New monotone span programs from old. IACR Cryptology ePrint Archive, 2004:282 (2004)

    Google Scholar 

  19. Okamoto, T., Takashima, K.: Fully secure unbounded inner-product and attribute-based encryption. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 349–366. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_22

    Chapter  Google Scholar 

  20. Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: Ning, P., De Capitani di Vimercati, S., Syverson, P.F. (eds.) ACM Conference on Computer and Communications Security, pp. 195–203. ACM (2007)

    Google Scholar 

  21. Sahai, A., Seyalioglu, H., Waters, B.: Dynamic credentials and ciphertext delegation for attribute-based encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 199–217. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_13

    Chapter  Google Scholar 

  22. Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27

    Chapter  Google Scholar 

  23. Wee, H.: Dual system encryption via predicate encodings. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 616–637. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54242-8_26

    Chapter  Google Scholar 

  24. Yamada, K., Attrapadung, N., Emura, K., Hanaoka, G., Tanaka, K.: Generic constructions for fully secure revocable attribute-based encryption. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 532–551. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_29

    Chapter  Google Scholar 

  25. Yamada, S., Attrapadung, N., Hanaoka, G., Kunihiro, N.: A framework and compact constructions for non-monotonic attribute-based encryption. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 275–292. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54631-0_16

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computing and Information Technology, University of Wollongong, Wollongong, Australia

    Jongkil Kim, Willy Susilo & Joonsang Baek

  2. Data61, Commonwealth Scientific and Industrial Research Organisation, Marsfield, Australia

    Surya Nepal & Dongxi Liu

Authors
  1. Jongkil Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Willy Susilo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Joonsang Baek
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Surya Nepal
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Dongxi Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jongkil Kim .

Editor information

Editors and Affiliations

  1. Massey University, Palmerston North, New Zealand

    Julian Jang-Jaccard

  2. University of Wollongong, Wollongong, NSW, Australia

    Fuchun Guo

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kim, J., Susilo, W., Baek, J., Nepal, S., Liu, D. (2019). Ciphertext-Delegatable CP-ABE for a Dynamic Credential: A Modular Approach. In: Jang-Jaccard, J., Guo, F. (eds) Information Security and Privacy. ACISP 2019. Lecture Notes in Computer Science(), vol 11547. Springer, Cham. https://doi.org/10.1007/978-3-030-21548-4_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-21548-4_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-21547-7

  • Online ISBN: 978-3-030-21548-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics