Yinghui Zhang
Hui Li
ABSTRACT
Attribute-based encryption (ABE) has been widely studied recently to support fine-grained access control of shared data. Anonymous ABE, which is a relevant notion to ABE, further hides the receivers' attribute information in ciphertexts because many attributes are sensitive and related to the identity of eligible users. However, in existing anonymous ABE work, a user knows whether the attributes and the policy match or not only after repeating decryption attempts. And, the computation overhead of each decryption is high as the computational cost grows with the complexity of the access formula, which usually requires many pairings in most of the existing ABE schemes. As a result, this direct decryption method in anonymous ABE will suffer a severe efficiency drawback.
Aiming at tackling the challenge above, we propose a novel technique called match-then-decrypt, in which a matching phase is additionally introduced before the decryption phase. This technique works by computing special components in ciphertexts, which are used to perform the test that if the attribute private key matches the hidden attributes policy in ciphertexts without decryption. In our proposed construction, the computation cost of such a test is much less than one decryption operation. The proposed construction is proven to be secure. In addition, the results in simulation experiments indicate that the proposed solution is efficient and practical, which greatly improves the efficiency of decryption in anonymous ABE.
- J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-policy attribute-based encryption. In Proc. of SP'07, Oakland, California, USA, May 20-23, pages 321--334, 2007. Google Scholar
Digital Library
- D. Boneh and B. Waters. Conjunctive, subset, and range queries on encrypted data. In Proc. of TCC'07, KNAW Trippenhuis Amsterdam, The Netherlands, volume 4392 of LNCS, pages 535--554. Springer Berlin-Heidelberg, 2007. Google Scholar
- R. Canetti, S. Halevi, and J. Katz. Chosen-ciphertext security from identity-based encryption. In Proc. of EUROCRYPT'04, volume 3027 of LNCS, pages 207--222. Springer Berlin-Heidelberg, 2004.Google Scholar
- M. Chase and S. S. Chow. Improving privacy and security in multi-authority attribute-based encryption. In Proc. of CCS'09, New York, NY, USA, pages 121--130. ACM Press. 2009. Google Scholar
- L. Cheung and C. Newport. Provably secure ciphertext policy abe. In Proc. of CCS'07, New York, NY, USA, pages 456--465. ACM Press. 2007. Google Scholar
- V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute-based encryption for fine-grained access control of encrypted data. In Proc. of CCS'06, New York, NY, USA, pages 89--98. ACM Press. 2006. Google Scholar
- V. Goyal, A. Jain, O. Pandey, and A. Sahai. Bounded ciphertext policy attribute based encryption. In Proc. of ICALP'08, volume 5126 of LNCS, pages 579--591. Springer Berlin-Heidelberg, 2008. Google Scholar
- A. Kapadia, P. P. Tsang, and S. W. Smith. Attribute-based publishing with hidden credentials and hidden policies. In Proc. of NDSS'07, San Diego, California, USA, February 28-March 2, pages 179--192. The Internet Society, 2007.Google Scholar
- J. Katz, A. Sahai, and B. Waters. Predicate encryption supporting disjunctions, polynomial equations, and inner products. In Proc. of EUROCRYPT'08, volume 4965 of LNCS, pages 146--162. Springer Berlin-Heidelberg, 2008. Google Scholar
- A. Lewko, T. Okamoto, A. Sahai, K. Takashima, and B. Waters. Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In Proc. of EUROCRYPT'10, volume 6110 of LNCS, pages 62--91. Springer Berlin-Heidelberg, 2010. Google Scholar
- T. Nishide, K. Yoneyama, and K. Ohta. Abe with partially hidden encryptor-specified access structure. In Proc. of ACNS'08, New York, USA, June 3-6, volume 5037 of LNCS, pages 111--129. Springer Berlin-Heidelberg, 2008. Google Scholar
- J. Li, K. Ren, B. Zhu, and Z. Wan. Privacy-aware attribute-based encryption with user accountability. In Proc. of ISC'09, Pisa, Italy, September 7-9, volume 5735 of LNCS, pages 347--362. Springer Berlin-Heidelberg, 2009. Google Scholar
- T. Okamoto and K. Takashima. Fully secure functional encryption with general relations from the decisional linear assumption. In Proc. of CRYPTO'10, volume 6223 of LNCS, pages 191--208. Springer Berlin-Heidelberg, 2010. Google Scholar
- R. Ostrovsky, A. Sahai, and B. Waters. Attribute-based encryption with non-monotonic access structures. In Proc. of CCS'07, New York, pages 195--203. ACM Press. 2007. Google Scholar
- A. Sahai and B. Waters. Fuzzy identity-based encryption. In Proc. of EUROCRYPT'05, volume 3494 of LNCS, pages 557--557. Springer Berlin-Heidelberg, 2005. Google Scholar
- E. Shi, J. Bethencourt, T.-H. Chan, D. Song, and A. Perrig. Multi-dimensional range query over encrypted data. In Proc. of SP'07, pages 350--364. 2007. Google ScholarDigital Library
- B. Waters. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In Proc. of PKC'11, volume 6571 of LNCS, pages 53--70. Springer Berlin-Heidelberg, 2011. Google Scholar
- S. Yamada, N. Attrapadung, G. Hanaoka, and N. Kunihiro. Generic constructions for chosen-ciphertext secure attribute based encryption. In Proc. of PKC'11, volume 6571 of LNCS, pages 71--89. Springer Berlin-Heidelberg, 2011. Google Scholar
- S. Yu, K. Ren, and W. Lou. Attribute-based content distribution with hidden policy. In Proc. of NPSec'08, Orlando, Florida, USA, pages 39--44. 2008.Google Scholar
- S. Yu, K. Ren, W. Lou, and J. Li. Defending against key abuse attacks in kp-abe enabled broadcast systems. In Proc. of Securecomm'09, Athens, Greece, September 14-17, volume 19 of LNCS, pages 311--329. Springer Berlin-Heidelberg, 2009.Google Scholar
- S. Yu, C. Wang, K. Ren, and W. Lou. Attribute based data sharing with attribute revocation. In Proc. of ASIACCS'10, New York, NY, USA, pages 261--270. ACM Press. 2010. Google Scholar
Index Terms
- Anonymous attribute-based encryption supporting efficient decryption test
Recommendations
Attribute-based encryption schemes with constant-size ciphertexts
Attribute-based encryption (ABE), as introduced by Sahai and Waters, allows for fine-grained access control on encrypted data. In its key-policy flavor (the dual ciphertext-policy scenario proceeds the other way around), the primitive enables senders to ...
Privacy-Preserving Decentralized Key-Policy Attribute-Based Encryption
Decentralized attribute-based encryption (ABE) is a variant of a multiauthority ABE scheme where each authority can issue secret keys to the user independently without any cooperation and a central authority. This is in contrast to the previous ...
Revisiting Attribute-Based Encryption With Verifiable Outsourced Decryption
Attribute-based encryption (ABE) is a promising technique for fine-grained access control of encrypted data in a cloud storage, however, decryption involved in the ABEs is usually too expensive for resource-constrained front-end users, which greatly ...
Comments