ABSTRACT
In ciphertext policy attribute-based encryption (CP-ABE), every secret key is associated with a set of attributes, and every ciphertext is associated with an access structure on attributes. Decryption is enabled if and only if the user's attribute set satisfies the ciphertext access structure. This provides fine-grained access control on shared data in many practical settings, e.g., secure database and IP multicast.
In this paper, we study CP-ABE schemes in which access structures are AND gates on positive and negative attributes. Our basic scheme is proven to be chosen plaintext (CPA) secure under the decisional bilinear Diffie-Hellman (DBDH) assumption. We then apply the Canetti-Halevi-Katz technique to obtain a chosen ciphertext (CCA) secure extension using one-time signatures. The security proof is a reduction to the DBDH assumption and the strong existential unforgeability of the signature primitive.
In addition, we introduce hierarchical attributes to optimize our basic scheme - reducing both ciphertext size and encryption/decryption time while maintaining CPA security. We conclude with a discussion of practical applications of CP-ABE.
- J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-policy attribute-based encryption. In Proceedings of the 28th IEEE Symposium on Security and Privacy (Oakland), 2007. Google ScholarDigital Library
- D. Boneh, C. Gentry, and B. Waters. Collusion resistant broadcast encryption with short ciphertexts and private keys. In Advances in Cryptology - CRYPTO 2005, volume 3621 of LNCS, 2005. Google ScholarDigital Library
- D. Boneh, E. Shen, and B. Waters. Strongly unforgeable signatures based on computational Diffie-Hellman. In Proceedings of PKC 2006, volume 3958 of LNCS, pages 229--240, 2006. Google ScholarDigital Library
- R. Canetti, S. Halevi, and J. Katz. Chosen ciphertext security from identity based encryption. In Advances in Cryptology EUROCRYPT 2004, volume 3027 of LNCS, pages 207--222, 2004.Google ScholarCross Ref
- M. Chase. Multi-authority attribute-based encryption. In Proceedings of the 4th IACR Theory of Cryptography Conference (TCC 2007), 2007. Google ScholarDigital Library
- L. Cheung, J. Cooley, R. Khazan, and C. Newport. Collusion-resistant group key management using attribute-based encryption. Cryptology ePrint Archive Report 2007/161, 2007. Presented at GOCP '07.Google Scholar
- L. Cheung and C. Newport. Provably secure ciphertext policy ABE. Cryptology ePrint Archive Report 2007/183, 2007. http://eprint.iacr.org/.Google Scholar
- A. Fiat and M. Noar. Broadcast encryption. In Advances in Cryptology CRYPTO '93, volume 773 of LNCS, pages 480--491, 1993. Google ScholarDigital Library
- E. Fujisaki and T. Okamoto. Secure integration of asymmetric and symmetric encryption schemes. In Advances in Cryptology CRYTO '99, pages 537--554, 1999. Google ScholarDigital Library
- V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM conference on Computer and Communications Security (CCS 2006), pages 89--98, 2006. Google ScholarDigital Library
- D. Naor, M. Naor, and J. Lotspiech. Recovation and tracing schemes for stateless receivers. In Advances in Cryptology CRYPTO 2001, volume 2139 of LNCS, pages 41--62, 2001. Google ScholarDigital Library
- M. Piretti, P. Traynor, P. McDaniel, and B. Waters. Secure attribute-based systems. In Proceedings of the 13th ACM conference on Computer and Communications Security (CCS 2006), 2006. Google ScholarDigital Library
- A. Sahai and B. Waters. Fuzzy identity based encryption. In Advances in Cryptology EUROCRYPT 2005, volume 3494 of LNCS, pages 457--473, 2005. Google ScholarDigital Library
- A. Shamir. Identity-based cryptosystems and signature schemes. In Advances in Cryptology CRYPTO '84, pages 47--53, 1985. Google ScholarDigital Library
Index Terms
- Provably secure ciphertext policy ABE
Recommendations
Provably secure and efficient bounded ciphertext policy attribute based encryption
ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications SecurityCiphertext policy attribute based encryption (CPABE) allows a sender to distribute messages based on an access policy which can be expressed as a boolean function consisting of (OR, AND) gates between attributes. A receiver whose secret key is ...
An expressive and provably secure Ciphertext-Policy Attribute-Based Encryption
Ciphertext-Policy Attribute-Based Encryption (CP-ABE) allows to encrypt data under an access policy, specified as a logical combination of attributes. Such ciphertexts can be decrypted by anyone with a set of attributes that satisfy the access policy. ...
Fully Secure ABE with Outsourced Decryption against Chosen Ciphertext Attack
Information Security and CryptologyAbstractAttribute-based encryption (ABE) provides fine-grained access control on encrypted data, but it is not suitable for limited-resource devices due to the inefficiency of decryption. To solve this problem, Green et al. proposed a new paradigm named ...
Comments