# Flexible ciphertext-policy attribute-based encryption supporting AND-gate and threshold with short ciphertexts

- 137 Downloads

## Abstract

Ciphertext-policy attribute-based encryption (CP-ABE) is a very promising cryptographic primitive that allows a data owner to encrypt messages and manage access policies themselves. Most of the existing CP-ABE schemes suffer from efficiency drawbacks due to long ciphertexts, which impacts their adoption in applications where data are shared and stored. In this work, we aim to address this gap by proposing a CP-ABE which features constant-size ciphertext and supports access policies of an AND-gate and a threshold, which make ciphertext policies more expressive and applicable to many practical applications. Prior CP-ABE schemes with short ciphertexts such as that of Herranz et al. (in: Public key cryptography—PKC, Springer, 2010) only allow access policies to be a single AND-gate or a single threshold only. Combinations between these short CP-ABE constructions will result in systems insecure against collusion attacks, which makes the effort to enable access policies with an AND-gate and a threshold gate at the same time becomes very challenging. We present such a scheme that solves this drawback. Our scheme is efficient, expressive and secure. In our construction, the encryptor chooses two subsets of a certain universe of attributes \(S_1\), \(S_2\) with a threshold value \(t_1\) that only users who have at least \(t_1\) attributes in \(S_1\) and all attributes in \(S_2\) can decrypt the ciphertext. The scheme is proven secure against selective chosen plaintext attacks in the standard model by reduction to the augmented multi-sequence of exponents decisional Diffie–Hellman (aMSE-DDH) problem.

## Keywords

Attribute-based encryption Ciphertext policy Expressive Provable security Pairings## Notes

### Acknowledgements

This work is partially supported by ARC Project (DP130101383).

## References

- 1.Attrapadung, N., Imai, H.: Attribute-based encryption supporting direct/indirect revocation modes. In: Parker, M.G. (ed.) Cryptography and Coding, pp. 278–300. Heidelberg, Berlin (2009)Google Scholar
- 2.Attrapadung, N., Libert, B.: Functional encryption for inner product: achieving constant-size ciphertexts with adaptive security or support for negation. In: Nguyen, P.Q., Pointcheval, D. (eds.) Public Key Cryptography–PKC 2010, pp. 384–402. Heidelberg, Berlin (2010)Google Scholar
- 3.Attrapadung, N., Libert, B., De Panafieu, E.: Expressive key-policy attribute-based encryption with constant-size ciphertexts. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) Public Key Cryptography–PKC 2011, pp. 90–108. Heidelberg, Berlin (2011)Google Scholar
- 4.Beimel, A.: Secure schemes for secret sharing and key distribution. Ph.D. thesis, Technion-Israel Institute of Technology, Faculty of Computer Science (1996)Google Scholar
- 5.Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, 2007. SP’07, pp. 321–334. IEEE (2007)Google Scholar
- 6.Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) Advances in Cryptology–EUROCRYPT 2005, pp. 440–456. Heidelberg, Berlin (2005)Google Scholar
- 7.Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) Advances in Cryptology CRYPTO 2001, pp. 213–229. Heidelberg, Berlin (2001)Google Scholar
- 8.Chen, C., Chen, J., Lim, H.W., Zhang, Z., Feng, D., Ling, S., Wang, H.: Fully secure attribute-based systems with short ciphertexts/signatures and threshold access structures. In: Dawson. (ed.) Topics in Cryptology–CT-RSA 2013, pp. 50–67. Heidelberg, Berlin (2013)Google Scholar
- 9.Chen, C., Zhang, Z., Feng, D.: Efficient ciphertext policy attribute-based encryption with constant-size ciphertext and constant computation-cost. In: Boyen, X., Chen, X. (eds.) Provable Security, pp. 84–101. Heidelberg, Berlin (2011)Google Scholar
- 10.Cheung,L., Newport, C.: Provably secure ciphertext policy abe. In: Proceedings of the 14th ACM Conference on Computer And Communications Security, pp. 456–465. ACM (2007)Google Scholar
- 11.Delerablée, C., Pointcheval, D.: Dynamic threshold public-key encryption. In: Wagner, D. (ed.) Advances in Cryptology–CRYPTO 2008, pp. 317–334. Heidelberg, Berlin (2008)Google Scholar
- 12.Emura, K., Miyaji, A., Nomura, A., Omote, K., Soshi, M.: A ciphertext-policy attribute-based encryption scheme with constant ciphertext length. In: Bao, F., Li, H., Wang, G. (eds.) Information Security Practice and Experience, pp. 13–23. Heidelberg, Berlin (2009)Google Scholar
- 13.Ge, A., Zhang, R., Chen, C., Ma, C., Zhang, Z.: Threshold ciphertext policy attribute-based encryption with constant size ciphertexts. In: Susilo, W., Mu, Y., Seberry, J. (eds.) Information Security and Privacy, pp. 336–349. Heidelberg, Berlin (2012)Google Scholar
- 14.Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98. ACM (2006)Google Scholar
- 15.Herranz, J., Laguillaumie, F., Ràfols, C.: Constant size ciphertexts in threshold attribute-based encryption. In: Nguyen, P.Q., Pointcheval, D. (eds.) Public Key Cryptography–PKC 2010, pp. 19–34. Heidelberg, Berlin (2010)Google Scholar
- 16.Hohenberger, S., Waters, B.: Online/offline attribute-based encryption. In: Krawczyk, H. (ed.) Public-Key Cryptography–PKC 2014, pp. 293–310. Heidelberg, Berlin (2014)Google Scholar
- 17.Hur, J., Noh, D.K.: Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel Distrib. Syst.
**22**(7), 1214–1221 (2011)CrossRefGoogle Scholar - 18.Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Smart, N. (ed.) Advances in Cryptology–EUROCRYPT 2008, pp. 146–162. Heidelberg, Berlin (2008)Google Scholar
- 19.Lai, J., Deng, R.H., Li, Y.: Expressive cp-abe with partially hidden access structures. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, pp. 18–19. ACM (2012)Google Scholar
- 20.Li, J., Huang, Q., Chen, X., Chow, S.S., Wong, D.S., Xie, D., Multi-authority ciphertext-policy attribute-based encryption with accountability. In: Cheung, B., Hui, L.C.K., Sandhu, R., Wong, D.S. (eds.) Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 386–390. ACM, New York, USA (2011)Google Scholar
- 21.Li, J., Ren, K., Kim, K.: A2be: accountable attribute-based encryption for abuse free access control. IACR Cryptol. ePrint Arch.
**2009**, 118 (2009)Google Scholar - 22.Li, J., Ren, K., Zhu, B., Wan, Z.: Privacy-aware attribute-based encryption with user accountability. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) Information Security, pp. 347–362. Heidelberg, Berlin (2009)Google Scholar
- 23.Li, Q., Xiong, H., Zhang, F., Zeng, S.: An expressive decentralizing kp-abe scheme with constant-size ciphertext. IJ Netw. Sec.
**15**(3), 161–170 (2013)Google Scholar - 24.Liang, X., Lu, R., Lin, X., Shen, X.S., Ciphertext policy attribute based encryption with efficient revocation. Technical report, Technical Report, University of Waterloo, (2010)Google Scholar
- 25.Liu, Z., Cao, Z., Wong, D.: White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures. IEEE Trans. Inf. Forensics Sec.
**8**(1), 76–88 (2013)CrossRefGoogle Scholar - 26.Liu, Z., Cao, Z., Wong. D.S.: Blackbox traceable cp-abe: how to catch people leaking their keys by selling decryption devices on ebay. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 475–486. ACM (2013)Google Scholar
- 27.Naor, M.: On cryptographic assumptions and challenges. In: Boneh, D. (ed.) Advances in Cryptology-CRYPTO 2003, pp. 96–109. Heidelberg, Berlin (2003)Google Scholar
- 28.Nishide, T., Yoneyama, K., Ohta, K.: Attribute-based encryption with partially hidden encryptor-specified access structures. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) Applied Cryptography and Network Security, pp. 111–129. Heidelberg, Berlin (2008)Google Scholar
- 29.Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 195–203. ACM (2007)Google Scholar
- 30.Rao, Y.S., Dutta, R.: Computationally efficient dual-policy attribute based encryption with short ciphertext. In: Susilo, W., Reyhanitabar, R. (eds.) Provable Security, pp. 288–308. Heidelberg, Berlin (2013)Google Scholar
- 31.Rao, Y.S., Dutta, R.: Recipient anonymous ciphertext-policy attribute based encryption. In: Bagchi, A., Ray, I. (eds.) Information Systems Security, pp. 329–344. Heidelberg, Berlin (2013)Google Scholar
- 32.Sahai, A., Waters, B., Fuzzy identity-based encryption. In: Cramer, R. (ed.) Advances in Cryptology–EUROCRYPT 2005, pp. 457–473. Heidelberg, Berlin (2005)Google Scholar
- 33.Tran, P.V.X., Dinh, T.N., Miyaji, A.: Efficient ciphertext-policy abe with constant ciphertext length. In: 2012 7th International Conference on Computing and Convergence Technology (ICCCT), pp. 543–549. IEEE (2012)Google Scholar
- 34.Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 261–270. ACM (2010)Google Scholar
- 35.Zhang, Y., Chen, X., Li, J., Wong, D.S., Li, H.: Anonymous attribute-based encryption supporting efficient decryption test. In: Proceedings of the 8th ACM SIGSAC symposium on Information, Computer and Communications Security, pp. 511–516. ACM (2013)Google Scholar