Extensions of access structures and their cryptographic applications

  • Vanesa DazaEmail author
  • Javier Herranz
  • Paz Morillo
  • Carla Ràfols


In secret sharing schemes a secret is distributed among a set of users \({\mathcal{P}}\) in such a way that only some sets, the authorized sets, can recover it. The family Γ of authorized sets is called the access structure. To design new cryptographic protocols, we introduce in this work the concept of extension of an access structure: given a monotone family \({{\it \Gamma} \subset 2^\mathcal{P}}\) and a larger set \({\mathcal{P}^{\prime} = \mathcal{P} \cup \tilde{\mathcal{P}}}\), a monotone access structure \({{\it \Gamma}^{\prime}\subset 2^{\mathcal{P}^{\prime}}}\) is an extension of Γ if the following two conditions are satisfied: (1) The set \({\mathcal{P}}\) is a minimal subset of Γ′, i.e. \({\mathcal{P} \in {\it \Gamma}^{\prime}}\) and \({\mathcal{P} - \{R_i\}\notin {\it \Gamma}^{\prime}}\) for every \({R_i \in \mathcal{P}}\), (2) A subset \({A \subset \mathcal{P}}\) is in Γ if and only if the subset \({A \cup \tilde{\mathcal{P}}}\) is in Γ′. As our first contribution, we give an explicit construction of an extension Γ′ of a vector space access structure Γ, and we prove that Γ′ is also a vector space access structure. Although the definition may seem a bit artificial at first, it is well motivated from a cryptographic point of view. Indeed, our second contribution is to show that the concept of extension of an access structure can be used to design encryption schemes with access structures that are chosen ad-hoc at the time of encryption. Specifically, we design and analyze a dynamic distributed encryption scheme and a ciphertext-policy attribute-based encryption scheme. In some cases, the new schemes enjoy better properties than existing ones.


Secret sharing Dynamic distributed encryption Attribute-based encryption 

Mathematics Subject Classification (2000)

MSC 14G50 MSC 68P25 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Shamir A.: How to share a secret. Commun. ACM 22, 612–613 (1979)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings of the National Computer Conference, American Federation of Information, Processing Societies Proceedings, vol. 48, pp. 313–317 (1979)Google Scholar
  3. 3.
    Daza, V., Herranz, J., Morillo, P., Ràfols, C.: CCA2-secure threshold broadcast encryption with shorter ciphertexts. In: Proceedings of ProvSec’07, LNCS, vol. 4784, pp. 35–50. Springer (2007)Google Scholar
  4. 4.
    Waters B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. Manuscript available at (2008)
  5. 5.
    Brickell E.F.: Some ideal secret sharing schemes. J. Comb. Math. Comb. Comput. 9, 105–113 (1989)MathSciNetGoogle Scholar
  6. 6.
    Martí-Farré, J., Padró, C.: On secret sharing schemes, matroids and polymatroids. In: Proceedings of TCC’07, LNCS, vol. 4392, pp. 273–290. Springer (2007)Google Scholar
  7. 7.
    Simmons, G.J.: How to (really) share a secret. In: Proceedings of Crypto’88, LNCS, vol. 403, pp. 390–448. Springer (1990)Google Scholar
  8. 8.
    Tassa, T.: Hierarchical threshold secret sharing. J. Cryptol. 20(2), 237–264 (2007)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Tassa, T., Dyn, N.: Multipartite secret sharing by bivariate interpolation. J. Cryptol. 22(2), 227–258 (2009)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Padró C., Sáez G.: Secret sharing schemes with bipartite access structure. IEEE Trans. Inf. Theory 46(7), 2596–2604 (2000)zbMATHCrossRefGoogle Scholar
  11. 11.
    Beimel A., Tassa T., Weinreb E.: Characterizing ideal weighted threshold secret sharing. SIAM J. Discrete Math. 22(1), 360–397 (2008)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Canetti, R., Goldwasser, S.: An efficient threshold public key cryptosystem secure against adaptive chosen ciphertext attack. In: Proceedings of Eurocrypt’99, LNCS, vol. 1592, pp. 90–106. Springer (1999)Google Scholar
  13. 13.
    Boneh, D., Boyen, X., Halevi, S.: Chosen ciphertext secure public key threshold encryption without random oracles. In: Proceedings of CT-RSA’06, LNCS, vol. 3860, pp. 226–243. Springer (2006)Google Scholar
  14. 14.
    Ghodosi, H., Pieprzyk, J., Safavi-Naini, R.: Dynamic threshold cryptosystems: a new scheme in group oriented cryptography. In: Proceedings of Pragocrypt’96, CTU Publishing house, pp. 370–379 (1996)Google Scholar
  15. 15.
    Lim, C.H., Lee, P.J.: Directed signatures and application to threshold cryptosystems. In: Proceedings of Security Protocols Workshop’96, LNCS, vol. 1189, pp. 131–138. Springer (1997)Google Scholar
  16. 16.
    Chai, Z., Cao, Z., Zhou, Y.: Efficient ID-based broadcast threshold decryption in ad hoc network. In: Proceedings of IMSCCS’06, vol. 2, IEEE Computer Society, pp. 148–154 (2006)Google Scholar
  17. 17.
    Delerablée, C., Pointcheval, D.: Dynamic threshold public-key encryption. In: Proceedings of Crypto’08, LNCS, vol. 5157, pp. 317–334. Springer (2008)Google Scholar
  18. 18.
    ElGamal T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31, 469–472 (1985)zbMATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: Proceedings of Eurocrypt’04, LNCS, vol. 3027, pp. 223–238. Springer (2004)Google Scholar
  20. 20.
    Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. In: Proceedings of Eurocrypt’04, LNCS, vol. 3027, pp. 207–222. Springer (2004)Google Scholar
  21. 21.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Proceedings of Eurocrypt’05, LNCS, vol. 3494, pp. 457–473. Springer (2005)Google Scholar
  22. 22.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of Computer and Communications Security, CCS’06, ACM, pp. 89–98 (2006)Google Scholar
  23. 23.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 321–334. IEEE Society Press (2007)Google Scholar
  24. 24.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of Computer and Communications Security, CCS’93, ACM, pp. 62–73 (1993)Google Scholar
  25. 25.
    Boneh D., Franklin M.K.: Identity-based encryption from the Weil pairing. SIAM J. Comput. 32(3), 586–615 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  26. 26.
    Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Proceedings of Eurocrypt’05, LNCS, vol. 3494, pp. 440–456. Springer (2005)Google Scholar
  27. 27.
    Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Proceedings of Crypto’05, LNCS, vol. 3621, pp. 258–275. Springer (2005)Google Scholar

Copyright information

© Springer-Verlag 2010

Authors and Affiliations

  • Vanesa Daza
    • 1
    Email author
  • Javier Herranz
    • 2
  • Paz Morillo
    • 2
  • Carla Ràfols
    • 2
  1. 1.Dept. Tecnologies de la Informació i les ComunicacionsUniversitat Pompeu FabraBarcelonaSpain
  2. 2.Dept. Matemàtica Aplicada IVUniversitat Politècnica de CatalunyaBarcelonaSpain

Personalised recommendations