Extensions of access structures and their cryptographic applications

Abstract

In secret sharing schemes a secret is distributed among a set of users \({\mathcal{P}}\) in such a way that only some sets, the authorized sets, can recover it. The family Γ of authorized sets is called the access structure. To design new cryptographic protocols, we introduce in this work the concept of extension of an access structure: given a monotone family \({{\it \Gamma} \subset 2^\mathcal{P}}\) and a larger set \({\mathcal{P}^{\prime} = \mathcal{P} \cup \tilde{\mathcal{P}}}\), a monotone access structure \({{\it \Gamma}^{\prime}\subset 2^{\mathcal{P}^{\prime}}}\) is an extension of Γ if the following two conditions are satisfied: (1) The set \({\mathcal{P}}\) is a minimal subset of Γ′, i.e. \({\mathcal{P} \in {\it \Gamma}^{\prime}}\) and \({\mathcal{P} - \{R_i\}\notin {\it \Gamma}^{\prime}}\) for every \({R_i \in \mathcal{P}}\), (2) A subset \({A \subset \mathcal{P}}\) is in Γ if and only if the subset \({A \cup \tilde{\mathcal{P}}}\) is in Γ′. As our first contribution, we give an explicit construction of an extension Γ′ of a vector space access structure Γ, and we prove that Γ′ is also a vector space access structure. Although the definition may seem a bit artificial at first, it is well motivated from a cryptographic point of view. Indeed, our second contribution is to show that the concept of extension of an access structure can be used to design encryption schemes with access structures that are chosen ad-hoc at the time of encryption. Specifically, we design and analyze a dynamic distributed encryption scheme and a ciphertext-policy attribute-based encryption scheme. In some cases, the new schemes enjoy better properties than existing ones.