Constant Size Ciphertexts in Threshold Attribute-Based Encryption

  • Javier Herranz
  • Fabien Laguillaumie
  • Carla Ràfols
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6056)


Attribute-based cryptography has emerged in the last years as a promising primitive for digital security. For instance, it provides good solutions to the problem of anonymous access control. In a ciphertext-policy attribute-based encryption scheme, the secret keys of the users depend on their attributes. When encrypting a message, the sender chooses which subset of attributes must be held by a receiver in order to be able to decrypt.

All current attribute-based encryption schemes that admit reasonably expressive decryption policies produce ciphertexts whose size depends at least linearly on the number of attributes involved in the policy. In this paper we propose the first scheme whose ciphertexts have constant size. Our scheme works for the threshold case: users authorized to decrypt are those who hold at least t attributes among a certain universe of attributes, for some threshold t chosen by the sender. An extension to the case of weighted threshold decryption policies is possible. The security of the scheme against selective chosen plaintext attacks can be proven in the standard model by reduction to the augmented multi-sequence of exponents decisional Diffie-Hellman (aMSE-DDH) problem.


attribute-based encryption provable security pairings 


  1. [AMS06]
    Al-Riyami, S., Malone-Lee, J., Smart, N.P.: Escrow-free encryption supporting cryptographic workflow. International Journal of Information Security 5(4), 217–229 (2006)CrossRefGoogle Scholar
  2. [BM05]
    Bagga, W., Molva, R.: Policy-based cryptography and applications. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 72–87. Springer, Heidelberg (2005)Google Scholar
  3. [BSW07]
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 321–334. IEEE Society Press, Los Alamitos (2007)Google Scholar
  4. [BBG05]
    Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005)Google Scholar
  5. [CG99]
    Canetti, R., Goldwasser, S.: An efficient threshold public key cryptosystem secure against adaptive chosen ciphertext attack. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 90–106. Springer, Heidelberg (1999)Google Scholar
  6. [CHK04]
    Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–222. Springer, Heidelberg (2004)Google Scholar
  7. [CCZ06]
    Chai, Z., Cao, Z., Zhou, Y.: Efficient ID-based broadcast threshold decryption in ad hoc network. In: Proceedings of IMSCCS 2006, vol. 2, pp. 148–154. IEEE Computer Society, Los Alamitos (2006)Google Scholar
  8. [CN07]
    Cheung, L., Newport, C.C.: Provably secure ciphertext policy ABE. In: Proceedings of Computer and Communications Security, CCS 2007, pp. 456–465. ACM, New York (2007)CrossRefGoogle Scholar
  9. [Cha07]
    Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. [DHMR07]
    Daza, V., Herranz, J., Morillo, P., Ràfols, C.: CCA2-secure threshold broadcast encryption with shorter ciphertexts. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 35–50. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. [DHMR08]
    Daza, V., Herranz, J., Morillo, P., Ràfols, C.: Extended access structures and their cryptographic applications. To appear in Applicable Algebra in Engineering, Communication and Computing (2008),
  12. [DP08]
    Delerablée, C., Pointcheval, D.: Dynamic threshold public-key encryption. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 317–334. Springer, Heidelberg (2008)Google Scholar
  13. [EM+09]
    Emura, K., Miyaji, A., Nomura, A., Omote, K., Soshi, M.: A ciphertext-policy attribute-based encryption scheme with constant ciphertext length. In: Bao, F., Li, H., Wang, G. (eds.) ISPEC 2009. LNCS, vol. 5451, pp. 13–23. Springer, Heidelberg (2009)Google Scholar
  14. [FST10]
    Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. Journal of Cryptology 23(2), 224–280 (2010)zbMATHCrossRefGoogle Scholar
  15. [FuOk99]
    Fujisaki, E., Okamoto, T.: How to enhance the security of public-key encryption at minimum cost. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, pp. 53–68. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  16. [GJPS08]
    Goyal, V., Jain, A., Pandey, O., Sahai, A.: Bounded ciphertext policy attribute-based encryption. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 579–591. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. [GPSW06]
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of Computer and Communications Security, CCS 2006, pp. 89–98. ACM, New York (2006)CrossRefGoogle Scholar
  18. [KSW08]
    Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 146–162. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. [LO+10]
    Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. To appear in Proceedings of Eurocrypt 2010 (2010),
  20. [SW05]
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)Google Scholar
  21. [Sha79]
    Shamir, A.: How to share a secret. Communications of the ACM 22, 612–613 (1979)zbMATHCrossRefMathSciNetGoogle Scholar
  22. [Sha84]
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  23. [Wat08]
    Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. (2008), manuscript available at,

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Javier Herranz
    • 1
  • Fabien Laguillaumie
    • 2
  • Carla Ràfols
    • 1
  1. 1.Dept. Matemàtica Aplicada IVUniversitat Politècnica de CatalunyaBarcelonaSpain
  2. 2.Boulevard du Maréchal JuinGREYC - Université de Caen Basse-NormandieCaen CedexFrance

Personalised recommendations