ABSTRACT
We propose two large universe Attribute-Based Encryption constructions. In a large universe ABE system any string can be used as an attribute and attributes need not be enumerated at system setup. Our first construction establishes a novel large universe Ciphertext-Policy ABE scheme on prime order bilinear groups, while the second achieves a significant efficiency improvement over the large universe Key-Policy ABE system of Lewko-Waters and Lewko. Both schemes are selectively secure in the standard model under two ``q-type'' assumptions similar to ones used in prior works. Our work brings back ``program and cancel'' techniques to this problem and aims in providing practical large universe ABE implementations. To showcase the efficiency improvements over prior constructions, we provide implementations and benchmarks of our schemes in Charm; a programming environment for rapid prototyping of cryptographic primitives. We compare them to implementations of the only three published constructions that offer unbounded ABE in the standard model.
- Joseph A. Akinyele, Matthew Green, and Avi Rubin. Charm: A framework for rapidly prototyping cryptosystems. Cryptology ePrint Archive, Report 2011/617, 2011. http://eprint.iacr.org/.Google Scholar
- Sattam S. Al-Riyami, John Malone-Lee, and Nigel P. Smart. Escrow-free encryption supporting cryptographic workflow. Int. J. Inf. Sec., 5(4):217--229, 2006. Google ScholarDigital Library
- Walid Bagga, Refik Molva, and Stefano Crosta. Policy-based encryption schemes from bilinear pairings. In ASIACCS, page 368, 2006. Google ScholarDigital Library
- Manuel Barbosa and Pooya Farshim. Secure cryptographic workflow in the standard model. In INDOCRYPT, pages 379--393, 2006. Google ScholarDigital Library
- Amos Beimel. Secure Schemes for Secret Sharing and Key Distribution. PhD thesis, Dept. of Computer Science, Technion, 1996.Google Scholar
- John Bethencourt, Amit Sahai, and Brent Waters. Ciphertext-policy attribute-based encryption. In IEEE Symposium on Security and Privacy, pages 321--334, 2007. Google ScholarDigital Library
- Dan Boneh and Xavier Boyen. Efficient selective-id secure identity-based encryption without random oracles. In EUROCRYPT, pages 223--238, 2004.Google ScholarCross Ref
- Dan Boneh and Matthew K. Franklin. Identity-based encryption from the Weil pairing. In CRYPTO, pages 213--229, 2001. Google ScholarDigital Library
- Dan Boneh, Craig Gentry, and Michael Hamburg. Space-efficient identity based encryption without pairings. In FOCS, pages 647--657, 2007. Google ScholarDigital Library
- Dan Boneh, Amit Sahai, and Brent Waters. Functional encryption: Definitions and challenges. In TCC, pages 253--273, 2011. Google ScholarDigital Library
- Robert W. Bradshaw, Jason E. Holt, and Kent E. Seamons. Concealing complex policies with hidden credentials. In ACM Conference on Computer and Communications Security, pages 146--157, 2004. Google ScholarDigital Library
- Charm. http://www.charm-crypto.com.Google Scholar
- Melissa Chase. Multi-authority attribute based encryption. In TCC, pages 515--534, 2007. Google ScholarDigital Library
- Melissa Chase and Sherman S. M. Chow. Improving privacy and security in multi-authority attribute-based encryption. In ACM Conference on Computer and Communications Security, pages 121--130, 2009. Google ScholarDigital Library
- Ling Cheung and Calvin C. Newport. Provably secure ciphertext policy ABE. In ACM Conference on Computer and Communications Security, pages 456--465, 2007. Google ScholarDigital Library
- Clifford Cocks. An identity based encryption scheme based on quadratic residues. In IMA Int. Conf., pages 360--363, 2001. Google ScholarDigital Library
- David Mandell Freeman. Converting pairing-based cryptosystems from composite-order groups to prime-order groups. In EUROCRYPT, pages 44--61, 2010. Google ScholarDigital Library
- Craig Gentry. Practical identity-based encryption without random oracles. In EUROCRYPT, pages 445--464, 2006. Google ScholarDigital Library
- Vipul Goyal, Abhishek Jain, Omkant Pandey, and Amit Sahai. Bounded ciphertext policy attribute based encryption. In ICALP (2), pages 579--591, 2008. Google ScholarDigital Library
- Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. Attribute-based encryption for fine-grained access control of encrypted data. In ACM Conference on Computer and Communications Security, pages 89--98, 2006. Google ScholarDigital Library
- Jonathan Katz, Amit Sahai, and Brent Waters. Predicate encryption supporting disjunctions, polynomial equations, and inner products. In EUROCRYPT, pages 146--162, 2008. Google ScholarDigital Library
- Allison B. Lewko. Tools for simulating features of composite order bilinear groups in the prime order setting. In EUROCRYPT, pages 318--335, 2012. Google ScholarDigital Library
- Allison B. Lewko, Tatsuaki Okamoto, Amit Sahai, Katsuyuki Takashima, and Brent Waters. Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In EUROCRYPT, pages 62--91, 2010. Google ScholarDigital Library
- Allison B. Lewko and Brent Waters. Decentralizing attribute-based encryption. In EUROCRYPT, pages 568--588, 2011. Google ScholarDigital Library
- Allison B. Lewko and Brent Waters. Unbounded HIBE and attribute-based encryption. In EUROCRYPT, pages 547--567, 2011. Google ScholarDigital Library
- Allison B. Lewko and Brent Waters. New proof methods for attribute-based encryption: Achieving full security through selective techniques. In CRYPTO, pages 180--198, 2012.Google Scholar
- Ben Lynn. The Stanford pairing based crypto library. http://crypto.stanford.edu/pbc.Google Scholar
- Gerome Miklau and Dan Suciu. Controlling access to published data using cryptography. In VLDB, pages 898--909, 2003. Google ScholarDigital Library
- Atsuko Miyaji, Masaki Nakabayashi, and Shunzo Takano. Characterization of elliptic curve traces under fr-reduction. In ICISC, pages 90--108, 2000. Google ScholarDigital Library
- Tatsuaki Okamoto and Katsuyuki Takashima. Homomorphic encryption and signatures from vector decomposition. In Pairing, pages 57--74, 2008. Google ScholarDigital Library
- Tatsuaki Okamoto and Katsuyuki Takashima. Hierarchical predicate encryption for inner-products. In ASIACRYPT, pages 214--231, 2009. Google ScholarDigital Library
- Tatsuaki Okamoto and Katsuyuki Takashima. Fully secure functional encryption with general relations from the decisional linear assumption. In CRYPTO, pages 191--208, 2010. Google ScholarDigital Library
- Tatsuaki Okamoto and Katsuyuki Takashima. Fully secure unbounded inner-product and attribute-based encryption. In ASIACRYPT, pages 349--366, 2012. Google ScholarDigital Library
- Rafail Ostrovsky, Amit Sahai, and Brent Waters. Attribute-based encryption with non-monotonic access structures. In ACM Conference on Computer and Communications Security, pages 195--203, 2007. Google ScholarDigital Library
- Matthew Pirretti, Patrick Traynor, Patrick McDaniel, and Brent Waters. Secure attribute-based systems. In ACM Conference on Computer and Communications Security, pages 99--112, 2006. Google ScholarDigital Library
- Amit Sahai and Brent Waters. Fuzzy identity-based encryption. In EUROCRYPT, pages 457--473, 2005. Google ScholarDigital Library
- Adi Shamir. Identity-based cryptosystems and signature schemes. In CRYPTO, pages 47--53, 1984. Google ScholarDigital Library
- Emily Shen, Elaine Shi, and Brent Waters. Predicate privacy in encryption systems. In TCC, pages 457--473, 2009. Google ScholarDigital Library
- Elaine Shi and Brent Waters. Delegating capabilities in predicate encryption systems. In ICALP (2), pages 560--578, 2008. Google ScholarDigital Library
- Nigel P. Smart. Access control using pairing based cryptography. In CT-RSA, pages 111--121, 2003. Google ScholarDigital Library
- Source code of our constructions. www.cs.utexas.edu/ jrous/.Google Scholar
- Brent Waters. Efficient identity-based encryption without random oracles. In EUROCRYPT, pages 114--127, 2005. Google ScholarDigital Library
- Brent Waters. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In Public Key Cryptography, pages 53--70, 2011. Google ScholarDigital Library
Index Terms
- Practical constructions and new proof methods for large universe attribute-based encryption
Recommendations
Practical and Efficient Attribute-Based Encryption with Constant-Size Ciphertexts in Outsourced Verifiable Computation
ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications SecurityIn cloud computing, computationally weak users are always willing to outsource costly computations to a cloud, and at the same time they need to check the correctness of the result provided by the cloud. Such activities motivate the occurrence of ...
Computational friendly attribute-based encryptions with short ciphertext
We propose two Key-Policy Attribute-Based Encryption (KP-ABE) schemes for Linear Secret-Sharing Scheme (LSSS)-realizable Monotone Access Structure (MAS). We show that the first construction is secure against Chosen Plaintext Attacks (CPAs) while the ...
Efficient Attribute-Based Proxy Re-Encryption with Constant Size Ciphertexts
Progress in Cryptology – INDOCRYPT 2020AbstractAttribute-based proxy re-encryption (ABPRE) allows a semi-trusted proxy to transform an encryption under an access-policy into an encryption under a new access policy, without revealing any information about the underlying message. Such a ...
Comments