Abstract
This paper addresses the open problem of designing attribute-based signature (ABS) schemes with constant number of bilinear pairing operations for signature verification or short signatures for more general policies posed by Gagné et al. in Pairing 2012. Designing constant-size ABS for expressive access structures is a challenging task. We design two key-policy ABS schemes with constant-size signature for expressive linear secret-sharing scheme (LSSS)-realizable monotone access structures. Both the schemes utilize only 3 pairing operations in signature verification process. The first scheme is small universe construction, while the second scheme supports large universes of attributes. The signing key is computed according to LSSS-realizable access structure over signer’s attributes, and the message is signed with an attribute set satisfying the access structure. Our ABS schemes provide the existential unforgeability in selective attribute set security model and preserve signer privacy. We also propose a new attribute-based signcryption (ABSC) scheme for LSSS-realizable access structures utilizing only 6 pairings and making the ciphertext size constant. Our scheme is significantly more efficient than existing ABSC schemes. While the secret key (signing key or decryption key) size increases by a factor of number of attributes used in the system, the number of pairing evaluations is reduced to constant. Our protocol achieves (a) ciphertext indistinguishability under adaptive chosen ciphertext attacks assuming the hardness of decisional Bilinear Diffie–Hellman Exponent problem and (b) existential unforgeability under adaptive chosen message attack assuming the hardness of computational Diffie–Hellman Exponent problem. The security proofs are in selective attribute set security model without using any random oracle heuristic. In addition, our ABSC achieves public verifiability of the ciphertext, enabling any party to verify the integrity and validity of the ciphertext.
Similar content being viewed by others
References
Attrapadung, N., Herranz, J., Laguillaumie, F., Libert, B., de Panafieu, E., Rfols, C.: Attribute-based encryption schemes with constant-size ciphertexts. Theor. Comput. Sci. 422, 15–38 (2012)
Attrapadung, N., Imai, H.: Dual-policy attribute based encryption. In: Abdalla, M., Pointcheval, D., Fouque, P.A., Vergnaud, D. (eds.) Applied Cryptography and Network Security. Lecture Notes in Computer Science, vol. 5536, pp. 168–185. Springer, Berlin (2009)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, 2007 (SP’07), pp. 321–334 (2007)
Boneh, D., Boyen, X., Goh, E.J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) Advances in Cryptology EUROCRYPT 2005, LNCS, vol. 3494, pp. 440–456. Springer, Berlin (2005)
Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) Advances in Cryptology CRYPTO 2001, LNCS, vol. 2139, pp. 213–229. Springer, Berlin (2001)
Chen, C., Chen, J., Lim, H., Zhang, Z., Feng, D., Ling, S., Wang, H.: Fully secure attribute-based systems with short ciphertexts/signatures and threshold access structures. In: Dawson, E. (ed.) Topics in Cryptology CTRSA 2013, LNCS, vol. 7779, pp. 50–67. Springer, Berlin (2013)
Chen, C., Zhang, Z., Feng, D.: Efficient ciphertext policy attribute-based encryption with constant-size ciphertext and constant computation-cost. In: Provable Security, LNCS, vol. 6980, pp. 84–101 (2011)
Emura, K., Miyaji, A., Nomura, A., Omote, K., Soshi, M.: A ciphertext-policy attribute-based encryption scheme with constant ciphertext length. In: Information Security Practice and Experience, LNCS, vol. 5451, pp. 13–23 (2009)
Emura, K., Miyaji, A., Rahman, M.S.: Dynamic attribute-based signcryption without random oracles. Int. J. Appl. Cryptogr. 2(3), 199–211 (2012)
Frey, G., Rück, H.G.: A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comput. 62(206), 865–874 (1994)
Gagné, M., Narayan, S., Safavi-Naini, R.: Threshold attribute-based signcryption. In: Garay, J., De Prisco, R. (eds.) Security and Cryptography for Networks, LNCS, vol. 6280, pp. 154–171. Springer, Berlin (2010)
Gagné, M., Narayan, S., Safavi-Naini, R.: Short pairingefficient threshold-attribute-based signature. In: Abdalla, M., Lange, T. (eds.) Pairing-Based Cryptography Pairing 2012, LNCS, vol. 7708, pp. 295–313. Springer, Berlin (2013)
Ge, A.J., Ma, C.G., Zhang, Z.F.: Attribute-based signature scheme with constant size signature in the standard model. Inf. Secur. IET 6(2), 47–54 (2012)
Ge, A., Zhang, R., Chen, C., Ma, C., Zhang, Z.: Threshold ciphertext policy attribute-based encryption with constant size ciphertexts. In: Information Security and Privacy, LNCS, vol. 7372, pp. 336–349 (2012)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attributebased encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS’06), pp. 89–98. ACM (2006)
Guo, Z., Li, M., Fan, X.: Attribute-based ring signcryption scheme. Secur. Commun. Netw. 6(6), 790–796 (2013)
Han, J., Susilo, W., Mu, Y., Yan, J.: Attribute-based oblivious access control. Comput. J. 55(10), 1202–1215 (2012)
Herranz, J., Laguillaumie, F., Libert, B., Rfols, C.: Short attribute-based signatures for threshold predicates. In: Dunkelman, O. (ed.) Topics in Cryptology CT-RSA 2012, LNCS, vol. 7178, pp. 51–67. Springer, Berlin (2012)
Hu, C., Zhang, N., Li, H., Cheng, X., Liao, X.: Body area network security: a fuzzy attribute-based signcryption scheme. IEEE J. Sel. Areas Commun. 31(9), 37–46 (2013)
Khader, D.: Attribute based group signatures. IACR Cryptology ePrint Archive 2007, 159 (2007)
Lai, J., Deng, R., Liu, S., Kou, W.: Efficient cca-secure pke from identity-based techniques. In: Pieprzyk, J. (ed.) Topics in Cryptology - CT-RSA 2010. Lecture Notes in Computer Science, vol. 5985, pp. 132–147. Springer, Berlin (2010)
Lewko, A., Waters, B.: Decentralizing attribute-based encryption. Cryptology ePrint Archive, Report 2010/351 (2010). http://eprint.iacr.org/
Li, J., Au, M.H., Susilo, W., Xie, D., Ren, K.: Attributebased signature and its applications. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS’10), pp. 60–69. ACM, New York, NY (2010)
Li, J., Kim, K.: Attribute-based ring signatures. IACR Cryptology ePrint Archive 2008, 394 (2008)
Li, J., Kim, K.: Hidden attribute-based signatures without anonymity revocation. Inf. Sci. 180(9), 1681–1689 (2010)
Maji, H.K., Prabhakaran, M., Rosulek, M.: Attributebased signatures: achieving attribute-privacy and collusion-resistance. IACR Cryptology ePrint Archive 2008, 328 (2008)
Maji, H., Prabhakaran, M., Rosulek, M.: Attribute-based signatures. In: Kiayias, A. (ed.) Topics in Cryptology CT-RSA 2011, LNCS, vol. 6558, pp. 376–392. Springer, Berlin (2011)
Menezes, A., Okamoto, T., Vanstone, S.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Inf. Theory 39(5), 1639–1646 (1993)
Rao, Y.S., Dutta, R.: Computationally efficient expressive key-policy attribute based encryption schemes with constant-size ciphertext. In: Qing, S., Zhou, J., Liu, D. (eds.) Information and Communications Security, LNCS, pp. 346–362. Springer, Berlin (2013)
Rao, Y.S., Dutta, R.: Expressive bandwidth-efficient attribute based signature and signcryption in standard model. In: Susilo, W., Mu, Y. (eds.) Information Security and Privacy, Lecture Notes in Computer Science, vol. 8544, pp. 209–225. Springer, Berlin (2014)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Advances in Cryptology EUROCRYPT 2005, LNCS, vol. 3494, pp. 457–473 (2005)
Selvi, S., Sree Vivek, S., Pandu Rangan, C.: Identity based public verifiable signcryption scheme. In: Heng, S.H., Kurosawa, K. (eds.) Provable Security, Lecture Notes in Computer Science, vol. 6402, pp. 244–260. Springer, Berlin (2010)
Selvi, S., Vivek, S., Vinayagamurthy, D., Rangan, C.: Id based signcryption scheme in standard model. In: Takagi, T., Wang, G., Qin, Z., Jiang, S., Yu, Y. (eds.) Provable Security, LNCS, vol. 7496, pp. 35–52. Springer, Berlin (2012)
Shahandashti, S., Safavi-Naini, R.: Threshold attributebased signatures and their application to anonymous credential systems. In: Preneel, B. (ed.) Progress in Cryptology AFRICACRYPT 2009, LNCS, vol. 5580, pp. 198–216. Springer, Berlin (2009)
Stinson, D.R.: Cryptography: Theory and Practice, 3rd edn. Chapman and Hall/CRC, Boca Raton (2005)
Wang, C.: A provable secure fuzzy identity based signature scheme. Sci. China Inf. Sci. 55(9), 2139–2148 (2012)
Wang, C., Huang, J.: Attribute-based signcryption with ciphertext-policy and claim-predicate mechanism. In: Seventh International Conference on Computational Intelligence and Security (CIS), 2011, pp. 905–909 (2011)
Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) Advances in Cryptology EUROCRYPT 2005. Lecture Notes in Computer Science, vol. 3494, pp. 114–127. Springer, Berlin (2005)
Wei, J., Hu, X., Liu, W.: Traceable attribute-based signcryption. Secur. Commun. Netw. (2013). doi:10.1002/sec.940
Yang, P., Cao, Z., Dong, X.: Fuzzy identity based signature. IACR Cryptology ePrint Archive 2008, 2 (2008)
Yang, P., Cao, Z., Dong, X.: Fuzzy identity based signature with applications to biometric authentication. Comput. Electr. Eng. 37(4), 532–540 (2011)
Zheng, Y.: Digital signcryption or how to achieve cost(signature & encryption) cost(signature) + cost(encryption). In: Kaliski, BurtonS., J. (ed.) Advances in Cryptology CRYPTO ’97, LNCS, vol. 1294, pp. 165-179. Springer, Berlin (1997)
Author information
Authors and Affiliations
Corresponding author
Appendix: Proof of Claim 3
Appendix: Proof of Claim 3
We have
Then,
Note that \(r_{i}=r'_{i}-\dfrac{\mathbf{S}_{\mathbf{i}}\mathbf{v}_{\mathbf{1}}}{\mathbf{y}^{{\varvec{*}}}\varvec{\rho }_{\mathbf{i}}}\cdot \widehat{\mathbf{a}}\varvec{\rho }_{\mathbf{i}}\) and
Also, we have \(\mathbf{y}^{{\varvec{*}}}=(y_{1}^{*}, \ldots , y_{n}^{*})\) and \(\mathbf{a}=(a, a^{2}, \ldots , a^{n}).\) Now,
For \(k=2, \ldots , n,\)
Thus, the adversary’s view to the values of \(D_{i}, D'_{i}, D''_{i}=\{D''_{i,k}\}_{k=2}^{n}\) simulated by \(\mathcal {C}\) are identical to that of the original construction. This proves the Claim.
Rights and permissions
About this article
Cite this article
Rao, Y.S., Dutta, R. Efficient attribute-based signature and signcryption realizing expressive access structures. Int. J. Inf. Secur. 15, 81–109 (2016). https://doi.org/10.1007/s10207-015-0289-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-015-0289-6