Jie Chen,Romain Gay,Hoeteck Wee

DOI: https://doi.org/10.1007/978-3-662-46803-6_20

2015-01-01

Abstract:We present a modular framework for the design of efficient adaptively secure attribute-based encryption (ABE) schemes for a large class of predicates under the standard k-Lin assumption in prime-order groups; this is the first uniform treatment of dual system ABE across different predicates and across both composite and prime-order groups. Via this framework, we obtain concrete efficiency improvements for several ABE schemes. Our framework has three novel components over prior works: (i) new techniques for simulating composite-order groups in prime-order ones, (ii) a refinement of prior encodings framework for dual system ABE in composite-order groups, (iii) an extension to weakly attribute-hiding predicate encryption (which includes anonymous identity-based encryption as a special case).

Yan Yang,Xingyuan Chen,Hao Chen,Xuehui Du

DOI: https://doi.org/10.1109/ACCESS.2018.2820182

IF: 3.9

2018-01-01

IEEE Access

Abstract:Decentralizing multi-authority attribute-based encryption (ABE) has been adopted for solving problems arising from sharing confidential corporate data in cloud computing. For decentralizing multi authority ABE systems that do not rely on a central authority, collusion resistance can be achieved using a global identifier. Therefore, identity needs to be managed globally, which results in the crucial problems of privacy and security. A scheme is developed that does not use a central authority to manage users and keys, and only simple trust relations need to be formed by sharing the public key between each attribute authority (AA). User identities are unique by combining a user's identity with the identity of the AA where the user is located. Once a key request needs to be made to an authority outside the domain, the request needs to be performed by the authority in the current domain rather than by the users, so, user identities remain private to the AA outside the domain, which will enhance privacy and security. In addition, the key issuing protocol between AA is simple as the result of the trust relationship of AA. Moreover, extensibility for authorities is also supported by the scheme presented in this paper. The scheme is based on composite order bilinear groups. A proof of security is presented that uses the dual system encryption methodology.

Liangxuan Zhang,Hui Li,Yinghui Zhang,Fawad Khan

DOI: https://doi.org/10.1109/infcomw.2017.8116436

2017-01-01

Abstract:Decentralized multi-authority attribute-based encryption (ABE) has been adopted to protect outsourced data. However, there are some security issues. Firstly, the user's attributes information is leaked to the authorities and secondly, the access structure being sent along with ciphertext violates its privacy. To address these issues, an efficient decentralized attribute-based encryption scheme with features of privacy preservation and expressive access structures is proposed. The proposed scheme cannot only prevent user's attributes information leakage, but it also provides a hidden, flexible and expressive structure realizable by Linear Secret Sharing Scheme (LSSS). Moreover, we prove the proposed scheme to be secure against Chosen-Ciphertexts Attacks (CCA) under the standard Decisional Bilinear Diffie-Hellman (DBDH) assumption. In addition, proposed scheme performs efficiently in comparison to existing schemes shown by theoretical and experimental analysis.

Miao Wang,Zhenfu Cao,Xiaolei Dong,Runmeng Du,Jiasheng Chen

DOI: https://doi.org/10.1109/jiot.2024.3470322

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:In the distributed computing environment, it is important to efficiently achieve secure access to data. One of the widely applied encryption mechanisms is the multi-authority attribute-based encryption. However, most existing multi-authority setting schemes were relied on bilinear pairings, which causes the system to bear a relatively large burden in computation overhead. In this paper, we proposes a decentralized multi-authority key-policy attribute-based encryption scheme without bilinear pairings, its security is relied solely on the decisional Diffie-Hellman assumption. It removes the trusted central authority and prevents user collusion attacks. Except for the global coordination between the attribute authorities, any party can simply play the part of a standard attribute authority by generating public keys and issuing corresponding decryption key components for users. The proposed scheme provides heightened security and efficiency compared to the current pairing-free multi-authority ABE scheme, as well as superior computational efficiency when compared to those utilizing bilinear pairings.

J. Li,X. Chen,H. Tian,C. Gao

DOI: https://doi.org/10.1504/ijahuc.2014.065156

2014-01-01

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:Since the notion of attribute-based encryption (ABE) was proposed, it has been found a lot of important applications such as fine-grained access control. However, the issue of key exposure problem in ABE has been solved completely. This problem is formally addressed and formulated in this paper. More specifically, we propose a new key-insulated ABE (KI-ABE) scheme as a solution to the key exposure problem. The definition and security model of KI-ABE is proposed. Then, a KI-ABE scheme is presented, which is provably secure under the proposed model. The scheme is secure in the remaining time periods against an adversary who compromises the insecure device and obtains secret keys for the periods of its choice. Finally, we show that the scheme also supports user delegation, which is critical when one wants to delegate part of attributes (privileges) to others.

Jin Li,Xiaofeng Chen,Jingwei Li,Chunfu Jia,Jianfeng Ma,Wenjing Lou

DOI: https://doi.org/10.3233/jcs-150533

2015-01-01

Journal of Computer Security

Abstract:As cloud computing becomes prevalent, more and more sensitive data is being centralized into the cloud for sharing, which brings forth new challenges for outsourced data security and privacy. Attribute-based encryption (ABE) is a promising cryptographic primitive, which has been widely applied to design fine-grained access control system recently. However, ABE is criticized for its high scheme overhead as the computational cost grows with the complexity of the access formula. This disadvantage becomes more serious for mobile devices with constrained computing resources. Aiming at tackling the challenge above, we present a generic and efficient solution to implement attribute-based access control system by introducing secure outsourcing techniques into ABE. More precisely, two cloud service providers (CSPs), namely key generation-cloud service provider (KG-CSP) and decryption-cloud service provider (D-CSP) are introduced to perform the outsourced key-issuing and decryption on behalf of attribute authority and users respectively. In order to outsource heavy computation to both CSPs without private information leakage, we formalize an underlying primitive called outsourced ABE (OABE) and propose several constructions with outsourced decryption and key-issuing. Finally, extensive experiment demonstrates that with the help of KG-CSP and D-CSP, efficient key-issuing and decryption are achieved in our constructions.

Jie Chen,Qiaohan Chu,Ying Gao,Jianting Ning,Luping Wang

DOI: https://doi.org/10.1007/978-981-99-8733-7_1

2023-01-01

Abstract:We improve the first and the only existing prime-order fully adaptively secure decentralized Multi-Authority Attribute-Based Encryption (MA-ABE) scheme for NC1 in Datta-Komargodski-Waters [Eurocrypt '23]. Compared with Datta-Komargodski-Waters, our decentralized MA-ABE scheme extra enjoys shorter parameters and meanwhile supports many-use of attribute. Shorter parameters is always the goal for Attribute-Based Encryption (ABE), and many-use of attribute is a native property of decentralized MA-ABE for NC1. Our scheme relies on the Matrix Decision Diffie-Hellman (MDDH) assumption and is in the random oracle model, as Datta-Komargodski-Waters.

Jin Li,Xinyi Huang,Jingwei Li,Xiaofeng Chen,Yang Xiang

DOI: https://doi.org/10.1109/tpds.2013.271

IF: 5.3

2014-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Attribute-Based Encryption (ABE) is a promising cryptographic primitive which significantly enhances the versatility of access control mechanisms. Due to the high expressiveness of ABE policies, the computational complexities of ABE key-issuing and decryption are getting prohibitively high. Despite that the existing Outsourced ABE solutions are able to offload some intensive computing tasks to a third party, the verifiability of results returned from the third party has yet to be addressed. Aiming at tackling the challenge above, we propose a new Secure Outsourced ABE system, which supports both secure outsourced key-issuing and decryption. Our new method offloads all access policy and attribute related operations in the key-issuing process or decryption to a Key Generation Service Provider (KGSP) and a Decryption Service Provider (DSP), respectively, leaving only a constant number of simple operations for the attribute authority and eligible users to perform locally. In addition, for the first time, we propose an outsourced ABE construction which provides checkability of the outsourced computation results in an efficient way. Extensive security and performance analysis show that the proposed schemes are proven secure and practical.

Zechao Liu,Zoe L. Jiang,Xuan Wang,Xinyi Huang,S. M. Yiu,Kunihiko Sadakane

DOI: https://doi.org/10.1002/cpe.3915

2016-01-01

Concurrency and Computation Practice and Experience

Abstract:SummaryIn this big data era, service providers tend to put the data in a third‐party cloud system. Social networking websites are typical examples. To protect the security and privacy of the data, data should be stored in encrypted form. This brings forth new challenges: how to allow different users to access only the authorized part of the data without decryption of the data. Attribute‐based encryption (ABE) offers fine‐grained access control policy over encrypted data such that users can decrypt successfully only if their attributes satisfy the policy. However, one drawback of ABE is that the computational cost grows linearly with the complexity of ciphertext policy or the number of attributes. The situation becomes worse for mobile devices with limited computing resources. To solve this problem, we adopt the offline/online technique combining with the verifiable outsourced computation technique to propose a new ciphertext‐policy ABE scheme using bilinear groups in prime order, supporting the offline/online key generation and encryption, as well as the verifiable outsourced decryption. As a result, most computations of key generation and encryption can be executed offline, and the majority of computational workload in decryption can be outsourced to third parties. The scheme is selectively chosen‐plaintext attack‐secure in the standard model. We also provide the proof of verifiability on outsourced decryption. The simulation results show that our proposed scheme can effectively reduce the computational cost imposed on resource‐constrained devices. Copyright © 2016 John Wiley & Sons, Ltd.

Huang Lin,Zhenfu Cao,Xiaohui Liang,Jun Shao

DOI: https://doi.org/10.1007/978-3-540-89754-5_33

IF: 8.1

2010-01-01

Information Sciences

Abstract:An attribute based encryption scheme (ABE) is a cryptographic primitive in which every user is identified by a set of attributes, and some function of these attributes is used to determine the ability to decrypt each ciphertext. Chase proposed the first multi authority ABE scheme which requires a fully trusted central authority who has the ability to decrypt each ciphertext in the system. This central authority would endanger the whole system if it is corrupted. This paper provides a threshold multi authority fuzzy identity based encryption (MA-FIBE) scheme without a central authority for the first time. An encrypter can encrypt a message such that a user could only decrypt if he has at least dk of the given attributes about the message for at least t+1,t⩽n/2 honest authorities of all the n attribute authorities in the proposed scheme. This paper considers a stronger adversary model in the sense that the corrupted authorities are allowed to distribute incorrect secret keys to the users. The security proof is based on the secrecy of the underlying distributed key generation protocol and joint zero secret sharing protocol and the standard decisional bilinear Diffie–Hellman assumption. The proposed MA-FIBE could be extended to the threshold multi authority attribute based encryption (MA-ABE) scheme, and both key policy based and ciphertext policy based MA-ABE schemes without a central authority are presented in this paper. Moreover, several other extensions, such as a proactive large universe MA-ABE scheme, are also provided in this paper.

Xiaoyi Li,Kaitai Liang,Zhen Liu,Duncan Wong

DOI: https://doi.org/10.5220/0006220203090320

2016-01-01

Abstract:A Ciphertext-Policy Attribute-Based Encryption (CP-ABE) allows users to specify the access policies without having to know the identities of users. In this paper, we contribute by proposing an ABE scheme which enables revoking corrupted users. Given a key-like blackbox, our system can identify at least one of the users whose key must have been used to construct the blackbox and can revoke the key from the system. This paper extends the work of Liu and Wong to achieve traitor revocability. We construct an Augmented Revocable CP-ABE (AugR-CP-ABE) scheme, and describe its security by message-hiding and index-hiding games. Then we prove that an AugR-CP-ABE scheme with message-hiding and index-hiding properties can be transferred to a secure Revocable CP-ABE with fully collusion-resistant blackbox traceability. In the proof for index-hiding, we divide the adversary's behaviors in two ways and build direct reductions that use adversary to solve the D3DH problem. Our scheme achieves the sub-linear overhead of O(root N), where N is the number of users in the system. This scheme is highly expressive and can take any monotonic access structures as ciphertext policies.

Maoxu Lyu,Xuejun Li,Hui Li

DOI: https://doi.org/10.1109/DSC.2017.8

2017-01-01

Abstract:In order to realize data sharing in mobile cloud computing, decentralized attribute-based encryption (ABE) has been widely concerned. However, the existing ABE schemes are full of flaws. First, the main drawback of ABE is that the computation cost of encryption and decryption are expensive. Second, the existing ABE schemes are inapplicable due to the inefficiency of user revocation. Besides, in a decentralized ABE scheme, a user's private keys must be tied to the global identifier (GID) to resist collusion attack, however, it will compromise the user's privacy. To deal with these problems, we proposed an efficient decentralized ABE scheme via using the offline/online encryption and the verifiable outsource decryption concepts. Meanwhile, we proposed an anonymous key issuing protocol to achieve privacy preserving. Security analysis and experimental result shows that our scheme is secure and significantl.y reduce the computation cost for both encryption and decryption.

Kai Zhang,Jianfeng Ma,Jiajia Liu,Hui Li

DOI: https://doi.org/10.1007/s11432-016-0012-9

2016-01-01

Science China Information Sciences

Abstract:>Dear editor,Attribute-based encryption(ABE)was first introduced by Sahai and Waters[1]where the decryption ability of a user is based on his attributes.Later,it was divided into ciphertext-policy ABE(CP-ABE)and key-policy ABE(KP-ABE)[2].

Bo Hong,Jie Chen,Kai Zhang,Haifeng Qian

DOI: https://doi.org/10.1109/access.2019.2950394

IF: 3.9

2019-01-01

IEEE Access

Abstract:The revelations of Snowden show that hardware and software of devices may corrupt users’ machine to compromise the security in various ways. To address this concern, Mironov and Stephen-Davidowitz introduce the Cryptographic Reverse Firewall (CRF) concept that is able to resist the ex-filtration of secret information for some compromised machine (Eurocrypt 2015). There are some applications of CRF deployed in many cryptosystems, but less studied and deployed in Attribute-Based Encryption (ABE) field, which attracts a wide range of attention and is employed in real-world scenarios (i.e., data sharing in cloud). In this work, we focus how to give a CRF security protection for a multi-authority ABE scheme and hence propose a multi-authority key-policy ABE scheme with CRF (acronym, MA-KP-ABE-CRF), which supports attribute distribution and non-monotonic access structure. To achieve this, beginning with revisiting a MA-KP-ABE with non-trivial combining non-monotonic formula, we then give the randomness of ciphertexts and secret keys with reverse firewall and give formal security analysis. Finally, we give a simulation on our MA-KP-ABE-CRF system based on Charm library whose the experimental results demonstrate practical efficiency.

Ang Gao,Zengzhi Li

DOI: https://doi.org/10.1002/sec.683

IF: 1.968

2013-01-01

Security and Communication Networks

Abstract:ABSTRACT In order to resolve the problem that collusion attack on attribute‐based encryption (ABE) with multi‐authority, we firstly formulize user action of making request for key into legality and collusion by the relationship between user's attributes and decryption threshold. Furthermore, we propose an ABE scheme without presenting user's global ID (GID). In our first system, a trusted central authority assists each attribute authority (AA) to independently run a security check for users' requests, such that only legal users have power to decrypt a message. In order to prevent a malicious user from passing security check by submitting duplication request to AA, we improve the first system by our second system, where the same requests of different users are transformed into different ones associated with the subset of attributes indexes. Finally, in order to adapt this transformation to ABE, discrete Fourier transform and inverse discrete Fourier transform are used to share and recover secret key, respectively. As shown in the results of security and performance evaluation, our scheme not only improves user's privacy but also is more efficient than existing ABE schemes. Copyright © 2013 John Wiley & Sons, Ltd.

Qinyi Li,Hu Xiong,Fengli Zhang,Shengke Zeng

2013-01-01

Abstract:Decentralizing attribute based encryption is a variant of multi-authority attribute based encryption which doesn't require a trusted central authority to conduct the system setup. In this paper, we propose an expressive decentralizing KP-ABE scheme with constant ciphertext size. In our construction, the access policy can be expressed as any non-monotone access structure. Meanwhile, the ciphertext size is independent on the number of attributes used in the scheme. We prove that our scheme is semantic secure in so-called Selective-Set model based on the n-DBDHE assumption. To the best of our knowledge, this is the first multi-authority attribute based encryption scheme realizing such expressive access policy and constant ciphertext size.

XiaoFang Huang,Qi Tao,BaoDong Qin,ZhiQin Liu

DOI: https://doi.org/10.1109/icccn.2015.7288431

2015-01-01

Abstract:Attribute Based Encryption (ABE) scheme can achieve information sharing of one-to-many users, without considering the number of users and the users identity. But, the traditional single Attribute Authority (AA) ABE scheme can hardly meet requirements of different agencies in distributed application environment and it is easy to form the system performance bottlenecks. Based on ciphertext-policy ABE scheme, this paper proposes a multi-authority revocable ABE scheme, where the classification manages user attributes, effectively relieving the management burden of single organization. In addition, it can achieve fine grained access control of shared information by adopting tree access strategy and secret sharing scheme, and support system attribute revocation. Finally, we show that the scheme is secure against chosen plaintext attack under the Decisional Bilinear Diffie-Hellman (DBDH) assumption.

Jie Zhang,Jie Chen,Junqing Gong,Aijun Ge,Chuangui Ma

DOI: https://doi.org/10.1007/s10623-017-0399-4

2017-01-01

Abstract:Recently, leakage-resilient cryptography has become a hot research topic. It seeks to build more robust models of adversarial access to cryptographic algorithms. The main goal is to design a scheme that remains secure even when arbitrary, yet bounded, information about secret key is leaked. In this paper, we present a modular framework for designing leakage-resilient attribute-based encryption (ABE) schemes based on extended predicate encoding. We first extend the predicate encoding to the leakage-resilient predicate encoding; and then, design several leakage-resilient predicate encodings, and finally give a generic construction of leakage-resilient ABE based on the newly proposed encodings. Moreover, we can instantiate our framework in prime order bilinear groups to obtain concrete constructions, and prove their full security under the standard k -Lin assumption in the continual memory leakage model.

Jun Zhao,Minghao Yang,Junqing Gong,Kai Zhang,Haifeng Qian

DOI: https://doi.org/10.1016/j.tcs.2023.113897

IF: 1.002

2023-01-01

Theoretical Computer Science

Abstract:In this paper, we propose a decentralized ABE scheme against bounded collusion which means the number of users in the system is a-prior bounded. The scheme enjoys public key and ciphertext of sublinear sizes in the number of users in the system while all prior constructions require linear sizes. Besides, our scheme achieves semi-adaptive security under bilateral k -Lin assumption and SXDH assumption in a pairing group. Keep the same as the previous constructions, the scheme supports monotone span program as a policy and does not rely on the random oracle. Technically, we follow Wang et al.'s “linear secret sharing scheme (LSSS) + inner-product functional encryption (IPFE)” paradigm [PKC'19] and use (an extended variant of) functional encryption for quadratic functions (QFE) in the place of IPFE. By this, we encrypt with sublinear-size random coins and later expand them to linear-size entropy for security proof. Roughly, the use of QFE requires bilateral k -Lin assumption while the entropy expansion relies on SXDH.

Jin Li,Qiong Huang,Xiaofeng Chen,Sherman S. M. Chow,Duncan S. Wong,Dongqing Xie

DOI: https://doi.org/10.1145/1966913.1966964

2011-01-01

Abstract:Attribute-based encryption (ABE) is a promising tool for implementing fine-grained cryptographic access control. Very recently, motivated by reducing the trust assumption on the authority, and enhancing the privacy of users, a multiple-authority key-policy ABE system, together with a semi-generic anonymous key-issuing protocol, have been proposed by Chase and Chow in CCS 2009. Since ABE allows encryption for multiple users with attributes satisfying the same policy, it may not be always possible to associate a decryption key to a particular individual. A misbehaving user could abuse the anonymity by leaking the key to someone else, without worrying of being traced. In this paper, we propose a multi-authority ciphertext-policy (AND gates with wildcard) ABE scheme with accountability , which allows tracing the identity of a misbehaving user who leaked the decryption key to others, and thus reduces the trust assumptions not only on the authorities but also the users. The tracing process is efficient and its computational overhead is only proportional to the length of the identity.