Skip to main content
SpringerLink
Log in

Fine-grained flexible access control: ciphertext policy attribute based encryption for arithmetic circuits

  • Original Paper
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

Abstract

Applying access structure to encrypted sensitive data is one of the challenges in communication networks and cloud computing. Various methods have been proposed to achieve this goal, one of which is attribute-based encryption (ABE). In ABE schemes, the access structure, a.k.a policy, can be applied to the key or ciphertext. Thus, if the policy is applied to the key, the ABE scheme is called the key policy attribute-based encryption (KP-ABE), and if it is applied to the ciphertext, the scheme is called the ciphertext policy attribute-based encryption (CP-ABE). Since in the KP-ABE, the policy is selected once by a trusted entity and is fixed then, they are not suitable for applications where the policy needs to change repeatedly. This problem is solved in CP-ABE, where the policy is selected by the sender and can be changed for each message encryption. Furthermore, it is desired in the ABE schemes that a strong fine-grained access control can be realized. While most of the existing access structures are of Boolean type, an arithmetic access structure can support a stronger fine-grained access structure. We present the first CP-ABE scheme with an arithmetic circuit access policy based on the multilinear maps. First, we outline a basic design and then two improved versions of this scheme, with or without the property of hidden attributes, are introduced. We also define the concept of hidden result attribute based encryption (HR-ABE) which means that the result of the arithmetic function will not be revealed to the users. We define a new hardness assumption, called the \((k-1)\)-distance decisional Diffie–Hellman assumption, which is at least as hard as the k-multilinear decisional Diffie–Hellman assumption. Under this assumption, we prove the adaptive security of the proposed scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

Data availability

Data sharing is not applicable to this article as no datasets were generated or analysed during the current study.

Notes

  1. Note that although the basic scheme is described for \(d=n= k\), it can support functions with \(d\le k\) and \(n\le k\). For the latter case, we consider that a dummy term \(\prod _{j \in [k]}x_j\) with zero coefficient is included in \(f(\textbf{x})\) description.

  2. Note that this way of defining the secret keys does not make this scheme vulnerable to the collusion attack. The reason for that will be discussed more in Remark 2 at the end of this section

References

  1. Qin, X., Huang, Y., Yang, Z., Li, X.: LBAC: a lightweight blockchain-based access control scheme for the internet of things. Inform. Sci. 554, 222–235 (2021)

    Article  MathSciNet  Google Scholar 

  2. Wei, J., Chen, X., Huang, X., Hu, X., Susilo, W.: RS-HABE: revocable-storage and hierarchical attribute-based access scheme for secure sharing of e-health records in public cloud. IEEE Trans. Dependable Secure Comput. 18, 2301–2315 (2019)

    Google Scholar 

  3. Wang, P., Xiang, T., Li, X., Xiang, H.: Access control encryption without sanitizers for internet of energy. Inf. Sci. 546, 924–942 (2021)

    Article  MathSciNet  Google Scholar 

  4. Aghili, S.F., Sedaghat, M., Singelée, D., Gupta, M.: MLS-ABAC: efficient multi-level security attribute-based access control scheme. Future Gener. Comput. Syst. 131, 75–90 (2022)

    Article  Google Scholar 

  5. Saxena, U.R., Alam, T.: Role based access control using identity and broadcast based encryption for securing cloud data. J. Comput. Virol. Hacking Tech. 18, 1–12 (2021)

    Google Scholar 

  6. Cui, H., Deng, R.H., Wang, G.: An attribute-based framework for secure communications in vehicular ad hoc networks. IEEE/ACM Tran. Netw. 27(2), 721–733 (2019)

    Article  Google Scholar 

  7. Wang, H., Ning, J., Huang, X., Wei, G., Poh, G.S., Liu, X.: Secure fine-grained encrypted keyword search for e-healthcare cloud. IEEE Trans. Dependable Secure Comput. 18, 1307–1319 (2019)

    Google Scholar 

  8. Jian, S., Zhang, L., Yi, M.: BA-RMKABSE: blockchain-aided ranked multi-keyword attribute-based searchable encryption with hiding policy for smart health system. Future Gener. Comput. Syst. 132, 299–309 (2022)

    Article  Google Scholar 

  9. Arfaoui, A., Cherkaoui, S., Kribeche, A., Senouci, S.M.: Context-aware adaptive remote access for IoT applications. IEEE Internet Things J. 7(1), 786–799 (2019)

    Article  Google Scholar 

  10. Kapil, G., Agrawal, A., Attaallah, A., Algarni, A., Kumar, R., Khan, R.A.: Attribute based honey encryption algorithm for securing big data: hadoop distributed file system perspective. PeerJ Comput. Sci. 6, e259 (2020)

    Article  Google Scholar 

  11. Nasiraee, H., Ashouri-Talouki, M.: Anonymous decentralized attribute-based access control for cloud-assisted IoT. Future Gener. Comput. Syst. 110, 45–56 (2020)

    Article  Google Scholar 

  12. Kumar, A., Kumar, S.A., Dutt, V., Dubey, A.K., Narang, S.: A hybrid secure cloud platform maintenance based on improved attribute-based encryption strategies. Int. J. Artif. Intell. Interact. Multimed. (2021). https://doi.org/10.9781/ijimai.2021.11.004

    Article  Google Scholar 

  13. Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 457–473. Springer (2005)

  14. Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98 (2006)

  15. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy (SP’07), pp. 321–334. IEEE (2007)

  16. Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: International Workshop on Public Key Cryptography, pp. 53–70. Springer (2011)

  17. Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 195–203 (2007)

  18. Zeng, P., Zhang, Z., Lu, R., Choo, K.-K.R.: Efficient policy-hiding and large universe attribute-based encryption with public traceability for internet of medical things. IEEE Internet Things J. 8(13), 10963–10972 (2021)

    Article  Google Scholar 

  19. Green, M., Hohenberger, S., Waters, B., et al.: Outsourcing the decryption of ABE ciphertexts. In: USENIX Security Symposium, vol. 2011 (2011)

  20. Das, S., Namasudra, S.: Multi-authority CP-ABE-based access control model for IoT-enabled healthcare infrastructure. IEEE Trans. Ind. Inform. 19, 821–829 (2022)

    Article  Google Scholar 

  21. Shengmin, X., Yuan, J., Guowen, X., Li, Y., Liu, X., Zhang, Y., Ying, Z.: Efficient ciphertext-policy attribute-based encryption with blackbox traceability. Inf. Sci. 538, 19–38 (2020)

    Article  MathSciNet  MATH  Google Scholar 

  22. Deng, H., Qin, Z., Qianhong, W., Guan, Z., Zhou, Y.: Flexible attribute-based proxy re-encryption for efficient data sharing. Inf. Sci. 511, 94–113 (2020)

    Article  MathSciNet  MATH  Google Scholar 

  23. Koppula, V., Waters, B.: Realizing chosen ciphertext security generically in attribute-based encryption and predicate encryption. In: Annual international cryptology conference, pp. 671–700. Springer (2019)

  24. Attrapadung, ., Libert, B., De Panafieu, E.: Expressive key-policy attribute-based encryption with constant-size ciphertexts. In: International Workshop on Public Key Cryptography, pp. 90–108. Springer (2011)

  25. Mandal, M.: Privacy-preserving fully anonymous ciphertext policy attribute-based broadcast encryption with constant-size secret keys and fast decryption. J. Inf. Secur. Appl. 55, 102666 (2020)

    Google Scholar 

  26. Hur, J., Noh, D.K.: Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel Distrib. Syst. 22(7), 1214–1221 (2010)

    Article  Google Scholar 

  27. Ge, C., Susilo, W., Baek, J., Liu, Z., Xia, J., Fang, L.: Revocable attribute-based encryption with data integrity in clouds. IEEE Trans. Dependable Secure Comput. 19, 2864–2872 (2021)

    Article  Google Scholar 

  28. Chase, M.: Multi-authority attribute based encryption. In: Theory of Cryptography Conference, pp. 515–534. Springer (2007)

  29. Sarma, R., Kumar, C., Barbhuiya, F.A.: MACFI: a multi-authority access control scheme with efficient ciphertext and secret key size for fog-enhanced IoT. J. Syst. Archit. 123, 102347 (2022)

    Article  Google Scholar 

  30. Attrapadung, N., Imai, H.: Dual-policy attribute based encryption. In: International Conference on Applied Cryptography and Network Security, pp. 168–185. Springer (2009)

  31. Li, J., Qihong, Yu., Zhang, Y.: Hierarchical attribute based encryption with continuous leakage-resilience. Inf. Sci. 484, 113–134 (2019)

    Article  MATH  Google Scholar 

  32. Garg, S., Gentry, C., Halevi, S., Sahai, A., Waters, B.: Attribute-based encryption for circuits from multilinear maps. In: Annual Cryptology Conference, pp. 479–499. Springer (2013)

  33. Gorbunov, S., Vaikuntanathan, V., Wee, H.: Attribute-based encryption for circuits. J. ACM JACM 62(6), 1–33 (2015)

    Article  MathSciNet  MATH  Google Scholar 

  34. Kudinov, M.A., Chilikov, A.A., Kiktenko, E.O., Fedorov, A.K.: Advanced attribute-based encryption protocol based on the modified secret sharing scheme. J. Comput. Virol. Hacking Tech. 16(4), 333–341 (2020)

    Article  Google Scholar 

  35. Agrawal, S., Boyen, X., Vaikuntanathan, V., Voulgaris, P., Wee, H.: Fuzzy identity based encryption from lattices. IACR Cryptol. ePrint Arch. 2011, 414 (2011)

    MATH  Google Scholar 

  36. Boyen, X.: Attribute-based functional encryption on lattices. In: Theory of Cryptography Conference, pp. 122–142. Springer (2013)

  37. Zhang, J., Zhang, Z.: A ciphertext policy attribute-based encryption scheme without pairings. In: International Conference on Information Security and Cryptology, pp. 324–340. Springer (2011)

  38. Agrawal, S., Biswas, R., Nishimaki, R., Xagawa, K., Xie, X., Yamada, S.: Cryptanalysis of Boyen’s attribute-based encryption scheme in TCC 2013. Cryptology ePrint Archive (2021)

  39. Adelin, R., Nugier, C., Alata, É., Nicomette, V., Migliore, V., Kaâniche, M.: Facing emerging challenges in connected vehicles: a formally proven, legislation compliant, and post-quantum ready security protocol. J. Comput. Virol. Hacking Tech. 18, 1–28 (2022)

    Google Scholar 

  40. Boneh, D., Gentry, C., Gorbunov, S., Halevi, S., Nikolaenko, V., Segev, G., Vaikuntanathan, V., Vinayagamurthy, D.: Fully key-homomorphic encryption, arithmetic circuit ABE and compact garbled circuits. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 533–556. Springer (2014)

  41. Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. J. Cryptol. 26(2), 191–224 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  42. Belguith, S., Kaaniche, N., Laurent, M., Jemai, A., Attia, R.: Phoabe: Securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT. Comput. Netw. 133, 141–156 (2018)

    Article  Google Scholar 

  43. Xiong, H., Zhao, Y., Peng, L., Zhang, H., Yeh, K.-H.: Partially policy-hidden attribute-based broadcast encryption with secure delegation in edge computing. Future Gener. Comput. Syst. 97, 453–461 (2019)

    Article  Google Scholar 

  44. Boneh, D., Nikolaenko, V., Segev, G.: Attribute-based encryption for arithmetic circuits. Cryptology ePrint Archive (2013)

  45. Dai, W., Doröz, Y., Polyakov, Y., Rohloff, K., Sajjadpour, H., Savaş, E., Sunar, B.: Implementation and evaluation of a lattice-based key-policy ABE scheme. IEEE Trans. Inf. Forensics Secur. 13(5), 1169–1184 (2017)

    Article  Google Scholar 

  46. Genise, N., Micciancio, D., Polyakov, Y.: Building an efficient lattice gadget toolkit: Subgaussian sampling and more. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 655–684. Springer (2019)

Download references

Acknowledgements

This work was supported by the Iranian National Science Foundation (INSF) under Contract No. 99021948. We would like to thank Bart Preneel and COSIC group at KU Leuven as part of this work was done when the first author was visiting KU Leuven.

Author information

Authors and Affiliations

  1. Electrical Engineering Department, Shahid Beheshti University, Tehran, Iran

    Mahdi MahdaviOliaee & Zahra Ahmadian

  2. imec-COSIC, KU Leuven, Leuven, Belgium

    Mahdi MahdaviOliaee

Authors
  1. Mahdi MahdaviOliaee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zahra Ahmadian
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zahra Ahmadian.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

MahdaviOliaee, M., Ahmadian, Z. Fine-grained flexible access control: ciphertext policy attribute based encryption for arithmetic circuits. J Comput Virol Hack Tech 19, 515–528 (2023). https://doi.org/10.1007/s11416-022-00459-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-022-00459-6

Keywords

Search

Navigation