Abstract
Applying access structure to encrypted sensitive data is one of the challenges in communication networks and cloud computing. Various methods have been proposed to achieve this goal, one of which is attribute-based encryption (ABE). In ABE schemes, the access structure, a.k.a policy, can be applied to the key or ciphertext. Thus, if the policy is applied to the key, the ABE scheme is called the key policy attribute-based encryption (KP-ABE), and if it is applied to the ciphertext, the scheme is called the ciphertext policy attribute-based encryption (CP-ABE). Since in the KP-ABE, the policy is selected once by a trusted entity and is fixed then, they are not suitable for applications where the policy needs to change repeatedly. This problem is solved in CP-ABE, where the policy is selected by the sender and can be changed for each message encryption. Furthermore, it is desired in the ABE schemes that a strong fine-grained access control can be realized. While most of the existing access structures are of Boolean type, an arithmetic access structure can support a stronger fine-grained access structure. We present the first CP-ABE scheme with an arithmetic circuit access policy based on the multilinear maps. First, we outline a basic design and then two improved versions of this scheme, with or without the property of hidden attributes, are introduced. We also define the concept of hidden result attribute based encryption (HR-ABE) which means that the result of the arithmetic function will not be revealed to the users. We define a new hardness assumption, called the \((k-1)\)-distance decisional Diffie–Hellman assumption, which is at least as hard as the k-multilinear decisional Diffie–Hellman assumption. Under this assumption, we prove the adaptive security of the proposed scheme.
Similar content being viewed by others
Data availability
Data sharing is not applicable to this article as no datasets were generated or analysed during the current study.
Notes
Note that although the basic scheme is described for \(d=n= k\), it can support functions with \(d\le k\) and \(n\le k\). For the latter case, we consider that a dummy term \(\prod _{j \in [k]}x_j\) with zero coefficient is included in \(f(\textbf{x})\) description.
Note that this way of defining the secret keys does not make this scheme vulnerable to the collusion attack. The reason for that will be discussed more in Remark 2 at the end of this section
References
Qin, X., Huang, Y., Yang, Z., Li, X.: LBAC: a lightweight blockchain-based access control scheme for the internet of things. Inform. Sci. 554, 222–235 (2021)
Wei, J., Chen, X., Huang, X., Hu, X., Susilo, W.: RS-HABE: revocable-storage and hierarchical attribute-based access scheme for secure sharing of e-health records in public cloud. IEEE Trans. Dependable Secure Comput. 18, 2301–2315 (2019)
Wang, P., Xiang, T., Li, X., Xiang, H.: Access control encryption without sanitizers for internet of energy. Inf. Sci. 546, 924–942 (2021)
Aghili, S.F., Sedaghat, M., Singelée, D., Gupta, M.: MLS-ABAC: efficient multi-level security attribute-based access control scheme. Future Gener. Comput. Syst. 131, 75–90 (2022)
Saxena, U.R., Alam, T.: Role based access control using identity and broadcast based encryption for securing cloud data. J. Comput. Virol. Hacking Tech. 18, 1–12 (2021)
Cui, H., Deng, R.H., Wang, G.: An attribute-based framework for secure communications in vehicular ad hoc networks. IEEE/ACM Tran. Netw. 27(2), 721–733 (2019)
Wang, H., Ning, J., Huang, X., Wei, G., Poh, G.S., Liu, X.: Secure fine-grained encrypted keyword search for e-healthcare cloud. IEEE Trans. Dependable Secure Comput. 18, 1307–1319 (2019)
Jian, S., Zhang, L., Yi, M.: BA-RMKABSE: blockchain-aided ranked multi-keyword attribute-based searchable encryption with hiding policy for smart health system. Future Gener. Comput. Syst. 132, 299–309 (2022)
Arfaoui, A., Cherkaoui, S., Kribeche, A., Senouci, S.M.: Context-aware adaptive remote access for IoT applications. IEEE Internet Things J. 7(1), 786–799 (2019)
Kapil, G., Agrawal, A., Attaallah, A., Algarni, A., Kumar, R., Khan, R.A.: Attribute based honey encryption algorithm for securing big data: hadoop distributed file system perspective. PeerJ Comput. Sci. 6, e259 (2020)
Nasiraee, H., Ashouri-Talouki, M.: Anonymous decentralized attribute-based access control for cloud-assisted IoT. Future Gener. Comput. Syst. 110, 45–56 (2020)
Kumar, A., Kumar, S.A., Dutt, V., Dubey, A.K., Narang, S.: A hybrid secure cloud platform maintenance based on improved attribute-based encryption strategies. Int. J. Artif. Intell. Interact. Multimed. (2021). https://doi.org/10.9781/ijimai.2021.11.004
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 457–473. Springer (2005)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98 (2006)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy (SP’07), pp. 321–334. IEEE (2007)
Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: International Workshop on Public Key Cryptography, pp. 53–70. Springer (2011)
Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 195–203 (2007)
Zeng, P., Zhang, Z., Lu, R., Choo, K.-K.R.: Efficient policy-hiding and large universe attribute-based encryption with public traceability for internet of medical things. IEEE Internet Things J. 8(13), 10963–10972 (2021)
Green, M., Hohenberger, S., Waters, B., et al.: Outsourcing the decryption of ABE ciphertexts. In: USENIX Security Symposium, vol. 2011 (2011)
Das, S., Namasudra, S.: Multi-authority CP-ABE-based access control model for IoT-enabled healthcare infrastructure. IEEE Trans. Ind. Inform. 19, 821–829 (2022)
Shengmin, X., Yuan, J., Guowen, X., Li, Y., Liu, X., Zhang, Y., Ying, Z.: Efficient ciphertext-policy attribute-based encryption with blackbox traceability. Inf. Sci. 538, 19–38 (2020)
Deng, H., Qin, Z., Qianhong, W., Guan, Z., Zhou, Y.: Flexible attribute-based proxy re-encryption for efficient data sharing. Inf. Sci. 511, 94–113 (2020)
Koppula, V., Waters, B.: Realizing chosen ciphertext security generically in attribute-based encryption and predicate encryption. In: Annual international cryptology conference, pp. 671–700. Springer (2019)
Attrapadung, ., Libert, B., De Panafieu, E.: Expressive key-policy attribute-based encryption with constant-size ciphertexts. In: International Workshop on Public Key Cryptography, pp. 90–108. Springer (2011)
Mandal, M.: Privacy-preserving fully anonymous ciphertext policy attribute-based broadcast encryption with constant-size secret keys and fast decryption. J. Inf. Secur. Appl. 55, 102666 (2020)
Hur, J., Noh, D.K.: Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel Distrib. Syst. 22(7), 1214–1221 (2010)
Ge, C., Susilo, W., Baek, J., Liu, Z., Xia, J., Fang, L.: Revocable attribute-based encryption with data integrity in clouds. IEEE Trans. Dependable Secure Comput. 19, 2864–2872 (2021)
Chase, M.: Multi-authority attribute based encryption. In: Theory of Cryptography Conference, pp. 515–534. Springer (2007)
Sarma, R., Kumar, C., Barbhuiya, F.A.: MACFI: a multi-authority access control scheme with efficient ciphertext and secret key size for fog-enhanced IoT. J. Syst. Archit. 123, 102347 (2022)
Attrapadung, N., Imai, H.: Dual-policy attribute based encryption. In: International Conference on Applied Cryptography and Network Security, pp. 168–185. Springer (2009)
Li, J., Qihong, Yu., Zhang, Y.: Hierarchical attribute based encryption with continuous leakage-resilience. Inf. Sci. 484, 113–134 (2019)
Garg, S., Gentry, C., Halevi, S., Sahai, A., Waters, B.: Attribute-based encryption for circuits from multilinear maps. In: Annual Cryptology Conference, pp. 479–499. Springer (2013)
Gorbunov, S., Vaikuntanathan, V., Wee, H.: Attribute-based encryption for circuits. J. ACM JACM 62(6), 1–33 (2015)
Kudinov, M.A., Chilikov, A.A., Kiktenko, E.O., Fedorov, A.K.: Advanced attribute-based encryption protocol based on the modified secret sharing scheme. J. Comput. Virol. Hacking Tech. 16(4), 333–341 (2020)
Agrawal, S., Boyen, X., Vaikuntanathan, V., Voulgaris, P., Wee, H.: Fuzzy identity based encryption from lattices. IACR Cryptol. ePrint Arch. 2011, 414 (2011)
Boyen, X.: Attribute-based functional encryption on lattices. In: Theory of Cryptography Conference, pp. 122–142. Springer (2013)
Zhang, J., Zhang, Z.: A ciphertext policy attribute-based encryption scheme without pairings. In: International Conference on Information Security and Cryptology, pp. 324–340. Springer (2011)
Agrawal, S., Biswas, R., Nishimaki, R., Xagawa, K., Xie, X., Yamada, S.: Cryptanalysis of Boyen’s attribute-based encryption scheme in TCC 2013. Cryptology ePrint Archive (2021)
Adelin, R., Nugier, C., Alata, É., Nicomette, V., Migliore, V., Kaâniche, M.: Facing emerging challenges in connected vehicles: a formally proven, legislation compliant, and post-quantum ready security protocol. J. Comput. Virol. Hacking Tech. 18, 1–28 (2022)
Boneh, D., Gentry, C., Gorbunov, S., Halevi, S., Nikolaenko, V., Segev, G., Vaikuntanathan, V., Vinayagamurthy, D.: Fully key-homomorphic encryption, arithmetic circuit ABE and compact garbled circuits. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 533–556. Springer (2014)
Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. J. Cryptol. 26(2), 191–224 (2013)
Belguith, S., Kaaniche, N., Laurent, M., Jemai, A., Attia, R.: Phoabe: Securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT. Comput. Netw. 133, 141–156 (2018)
Xiong, H., Zhao, Y., Peng, L., Zhang, H., Yeh, K.-H.: Partially policy-hidden attribute-based broadcast encryption with secure delegation in edge computing. Future Gener. Comput. Syst. 97, 453–461 (2019)
Boneh, D., Nikolaenko, V., Segev, G.: Attribute-based encryption for arithmetic circuits. Cryptology ePrint Archive (2013)
Dai, W., Doröz, Y., Polyakov, Y., Rohloff, K., Sajjadpour, H., Savaş, E., Sunar, B.: Implementation and evaluation of a lattice-based key-policy ABE scheme. IEEE Trans. Inf. Forensics Secur. 13(5), 1169–1184 (2017)
Genise, N., Micciancio, D., Polyakov, Y.: Building an efficient lattice gadget toolkit: Subgaussian sampling and more. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 655–684. Springer (2019)
Acknowledgements
This work was supported by the Iranian National Science Foundation (INSF) under Contract No. 99021948. We would like to thank Bart Preneel and COSIC group at KU Leuven as part of this work was done when the first author was visiting KU Leuven.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
MahdaviOliaee, M., Ahmadian, Z. Fine-grained flexible access control: ciphertext policy attribute based encryption for arithmetic circuits. J Comput Virol Hack Tech 19, 515–528 (2023). https://doi.org/10.1007/s11416-022-00459-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-022-00459-6