Self-Updatable Encryption: Time Constrained Access Control with Hidden Attributes and Better Efficiency
Revocation and key evolving paradigms are central issues in cryptography, and in PKI in particular. A novel concern related to these areas was raised in the recent work of Sahai, Seyalioglu, and Waters (Crypto 2012) who noticed that revoking past keys should at times (e.g., the scenario of cloud storage) be accompanied by revocation of past ciphertexts (to prevent unread ciphertexts from being read by revoked users). They introduced revocable-storage attribute-based encryption (RS-ABE) as a good access control mechanism for cloud storage. RS-ABE protects against the revoked users not only the future data by supporting key-revocation but also the past data by supporting ciphertext-update, through which a ciphertext at time T can be updated to a new ciphertext at time T + 1 using only the public key. Motivated by this pioneering work, we ask whether it is possible to have a modular approach, which includes a primitive for time managed ciphertext update as a primitive. We call encryption which supports this primitive a “self-updatable encryption” (SUE). We then suggest a modular cryptosystems design methodology based on three sub-components: a primary encryption scheme, a key-revocation mechanism, and a time-evolution mechanism which controls the ciphertext self-updating via an SUE method, coordinated with the revocation (when needed). Our goal in this is to allow the self-updating ciphertext component to take part in the design of new and improved cryptosystems and protocols in a flexible fashion. Specifically, we achieve the following results:
We first introduce a new cryptographic primitive called self-updatable encryption (SUE), realizing a time-evolution mechanism. We also construct an SUE scheme and prove its full security under static assumptions.
Following our modular approach, we present a new RS-ABE scheme with shorter ciphertexts than that of Sahai et al. and prove its security. The length efficiency is mainly due to our SUE scheme and the underlying modularity.
We apply our approach to predicate encryption (PE) supporting attribute-hiding property, and obtain a revocable-storage PE (RS-PE) scheme that is selectively-secure.
We further demonstrate that SUE is of independent interest, by showing it can be used for timed-release encryption (and its applications), and for augmenting key-insulated encryption with forward-secure storage.
- Self-Updatable Encryption: Time Constrained Access Control with Hidden Attributes and Better Efficiency
- Book Title
- Advances in Cryptology - ASIACRYPT 2013
- Book Subtitle
- 19th International Conference on the Theory and Application of Cryptology and Information Security, Bengaluru, India, December 1-5, 2013, Proceedings, Part I
- pp 235-254
- Print ISBN
- Online ISBN
- Series Title
- Lecture Notes in Computer Science
- Series Volume
- Series ISSN
- Springer Berlin Heidelberg
- Copyright Holder
- Springer-Verlag Berlin Heidelberg
- Additional Links
- Public-key encryption
- Attribute-based encryption
- Predicate encryption
- Self-updatable encryption
- Key evolving systems
- Cloud storage
- Industry Sectors
- eBook Packages
- Editor Affiliations
- 16. NEC Corporation
- 17. Indian Statistical Institute
- Author Affiliations
- 18. CIST, Korea University, Korea
- 19. US Naval Academy, USA
- 20. Sangmyung University, Korea
- 21. Google Inc., USA
- 22. Columbia University, USA
To view the rest of this content please follow the download PDF link above.