Abstract
Attribute-Based Encryption (\(\textsf {ABE}\)) stands as a cryptographic cornerstone, enabling access control to messages based on user attributes. The security definition of standard \(\textsf {ABE}\) is shown to be impossible in Universal Composability (UC) against an active adversary. To overcome this issue, existing formal UC security definitions of \(\textsf {ABE}\) rely on additional properties for \(\textsf {ABE}\), necessary to prove security against an active adversary, excluding standard \(\textsf {ABE}\) by definition. In light of the composability feature offered by UC and the absence of ideal functionality tailored for standard \(\textsf {ABE}\), we propose the two following contributions: (1) We construct the first ideal functionality \(\mathcal {F}_{\textsf{ABE}}\) for \(\textsf {ABE}\) which, under reasonable hypothesis against static corruption, can be realized using an \(\text {IND-CCA2}\)-secure \(\textsf {ABE}\) scheme; and (2) our \(\mathcal {F}_{\textsf{ABE}}\) leads us to propose a protocol solving a simple yet highly practical, world-scaled company-focused problem: efficient file transfer. The proposed construction provides data integrity, sender authentication, attribute-based file access, featured with constant data size transferred between users. This is achieved by relying on two efficient building blocks: \(\textsf {ABE}\) and signature, which are layered atop of the hash-based distributed storage system \(\textsf{IPFS}\). Our protocol, strengthened by a formal security definition and analysis under the Universally Composable (UC) framework called iUC, is proved to realize our problem-oriented authenticated attribute-based file transfer ideal functionality. Finally, we implement our proposal with a proof-of-concept written in Rust, and show it is practical and efficient.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
An \(\text {IND-CCA2}\)-secure scheme can be efficiently derived from any \(\text {IND-CPA}\)-secure scheme via the Fujisaki-Okamoto transform [13].
References
Object storage devices (2004). http://webstore.ansi.org/standards/incits/ansiincits4002004
Daft: Proof-of-concept (2024). https://anonymous.4open.science/r/DAFT/
Abe, M., Ambrona, M.: Blind key-generation attribute-based encryption for general predicates. Des. Codes Crypt. 90, 08 (2022)
Agrawal, S., Chase, M.: FAME: fast attribute-based message encryption. In: Thuraisingham, B., Evans, D., Malkin, T., Xu, D. (eds.) Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, 30 October–03 November 2017, pp. 665–682. ACM (2017)
Asghar, M.R., Ion, M., Russello, G., Crispo, B.: ESPOON ERBAC: enforcing security policies in outsourced environments. Cryptology ePrint Archive, Paper 2013/587 (2013). https://eprint.iacr.org/2013/587
Buchmann, J., et al.: Safe: a secure and efficient long-term distributed storage system. Cryptology ePrint Archive, Paper 2020/690 (2020). https://eprint.iacr.org/2020/690
Camenisch, J., Dubovitskaya, M., Enderlein, R.R., Neven, G.: Oblivious transfer with hidden access control from attribute-based encryption. In: Visconti, I., De Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 559–579. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32928-9_31
Camenisch, J., Krenn, S., Küsters, R., Rausch, D.: iUC: flexible universal composability made simple. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11923, pp. 191–221. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34618-8_7
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, Las Vegas, Nevada, USA, 14–17 October 2001, pp. 136–145. IEEE Computer Society (2001)
Ferrara, A.L., Fuchsbauer, G., Warinschi, B.: Cryptographically enforced RBAC. Cryptology ePrint Archive, Paper 2013/492 (2013). https://eprint.iacr.org/2013/492
Finney, H., Donnerhacke, L., Callas, J., Thayer, R.L., Shaw, D.: OpenPGP Message Format. RFC 4880, November 2007
Freudenthal, E., Pesin, T., Port, L., Keenan, E., Karamcheti, V.: dRBAC: distributed role-based access control for dynamic coalition environments. In: Proceedings 22nd International Conference on Distributed Computing Systems, pp. 411–420 (2002)
Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. J. Cryptol. 26(1), 80–101 (2013)
Garay, J.A., Gennaro, R., Jutla, C., Rabin, T.: Secure distributed storage and retrieval. Cryptology ePrint Archive, Paper 1998/025 (1998). https://eprint.iacr.org/1998/025
Halevi, S., Karger, P.A., Naor, D.: Enforcing confinement in distributed storage and a cryptographic model for access control. IACR Cryptology ePrint Archive, p. 169 (2005)
Hohenberger, S., Lu, G., Waters, B., Wu, D.J.: Registered attribute-based encryption. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023. LNCS, vol. 14006, pp. 511–542. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-30620-4_17
Küsters, R., Tuengerthal, M., Rausch, D.: The IITM model: a simple and expressive model for universal composability. J. Cryptol. 33(4), 1461–1584 (2020)
Küsters, R., Tuengerthal, M., Rausch, D.: Joint state composition theorems for public-key encryption and digital signature functionalities with local computation. J. Cryptol. 33(4), 1585–1658 (2020)
Liu, B., Warinschi, B.: Universally composable cryptographic role-based access control. Cryptology ePrint Archive, Paper 2016/902 (2016). https://eprint.iacr.org/2016/902
Vandenwauver, M., Govaerts, R., Vandewalle, J.: Role based access control in distributed systems. In: Katsikas, S. (ed.) Communications and Multimedia Security. IAICT, pp. 169–177. Springer, Boston, MA (1997). https://doi.org/10.1007/978-0-387-35256-5_13
Acknowledgement
We thank the anonymous referees for their useful suggestions and remarks. This work was partially supported by the DataLake-For-Nuclear (D4N) project funded by the BPI institute.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Lafourcade, P., Marcadet, G., Robert, L. (2024). iUC-Secure Distributed File Transfer from Standard Attribute-Based Encryption. In: Vaudenay, S., Petit, C. (eds) Progress in Cryptology - AFRICACRYPT 2024. AFRICACRYPT 2024. Lecture Notes in Computer Science, vol 14861. Springer, Cham. https://doi.org/10.1007/978-3-031-64381-1_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-64381-1_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-64380-4
Online ISBN: 978-3-031-64381-1
eBook Packages: Computer ScienceComputer Science (R0)