Abstract
Policy-based chameleon hash (PCH) is a cryptographic building block which finds increasing practical applications. Given a message and an access policy, for any chameleon hash generated by a PCH scheme, a chameleon trapdoor holder whose rewriting privileges satisfy the access policy can amend the underlying message without affecting the hash value. In practice, it is necessary to revoke the rewriting privileges of a trapdoor holder due to various reasons, such as change of positions, compromise of credentials, or malicious behaviours. In this paper, we introduce the notion of revocable PCH (RPCH) and formally define its security. We instantiate a concrete RPCH construction by putting forward a practical revocable attribute-based encryption (RABE) scheme which is adaptively secure under a standard assumption on prime-order pairing groups. As application examples, we show how to effectively integrate RPCH into mutable blockchain and sanitizable signature for revoking the rewriting privileges of any chameleon trapdoor holders. We implement our RPCH scheme and evaluate its performance to demonstrate its efficiency.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
In the rest of the paper, unless otherwise specified, RABE represents indirect RABE.
- 2.
As explained above, previous RABE solutions are either selectively secure [15, 37,38,39,40,41] or adaptively secure under non-standard assumptions or composite-order groups [33]. Guillevic [22] reported that bilinear pairings are 254 times slower in composite-order than in prime-order groups for the same 128-bit security. Despite dual pairing vector space [30] can transfer composite-order groups to prime-order groups, it could be paramount for enormous encoding schemes [5].
- 3.
In RABE, the decryption privilege is based on the decryption key, which is derived from the long-term secret key and public key-updating material.
- 4.
- 5.
Outsourced decryption has also not taken into consideration due to a (semi-)trusted third party is needed and processes outsourced decryption.
References
General data protection regulation. https://gdpr-info.eu/
Agrawal, S., Chase, M.: FAME: fast attribute-based message encryption. In: CCS, pp. 665–682 (2017)
Ateniese, G., Chou, D.H., de Medeiros, B., Tsudik, G.: Sanitizable signatures. In: ESORICS, vol. 3679, pp. 159–177 (2005)
Ateniese, G., Magri, B., Venturi, D., Andrade, E.R.: Redactable blockchain - or - rewriting history in bitcoin and friends. In: EuroS&P, pp. 111–126 (2017)
Attrapadung, N.: Dual system encryption framework in prime-order groups via computational pair encodings. In: ASIACRYPT, pp. 591–623 (2016)
Attrapadung, N., Imai, H.: Attribute-based encryption supporting direct/indirect revocation modes. In: IMA, pp. 278–300 (2009)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE S&P, pp. 321–334 (2007)
Bilzhause, A., Pöhls, H.C., Samelin, K.: Position paper: the past, present, and future of sanitizable and redactable signatures. In: ARES, pp. 87:1–87:9 (2017)
Boldyreva, A., Goyal, V., Kumar, V.: Identity-based encryption with efficient revocation. In: CCS, pp. 417–426 (2008)
Boneh, D., Boyen, X.: Efficient selective-id secure identity-based encryption without random oracles. In: EUROCRYPT, vol. 3027, pp. 223–238 (2004)
Boneh, D., Boyen, X., Goh, E.: Hierarchical identity based encryption with constant size ciphertext. In: EUROCRYPT, vol. 3494, pp. 440–456 (2005)
Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13
Bultel, X., Lafourcade, P., Lai, R.W.F., Malavolta, G., Schröder, D., Thyagarajan, S.A.K.: Efficient invisible and unlinkable sanitizable signatures. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11442, pp. 159–189. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17253-4_6
Camenisch, J., Derler, D., Krenn, S., Pöhls, H.C., Samelin, K., Slamanig, D.: Chameleon-hashes with ephemeral trapdoors. In: Fehr, S. (ed.) PKC 2017. LNCS, vol. 10175, pp. 152–182. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54388-7_6
Cui, H., Deng, R.H., Li, Y., Qin, B.: Server-aided revocable attribute-based encryption. In: ESORICS, vol. 9879, pp. 570–587 (2016)
Derler, D., Samelin, K., Slamanig, D., Striecks, C.: Fine-grained and controlled rewriting in blockchains: Chameleon-hashing gone attribute-based. In: NDSS (2019)
Deuber, D., Magri, B., Thyagarajan, S.A.K.: Redactable blockchain in the permissionless setting. In: IEEE SP, pp. 124–138 (2019)
Fischlin, M., Harasser, P.: Invisible sanitizable signatures and public-key encryption are equivalent. In: Preneel, B., Vercauteren, F. (eds.) ACNS 2018. LNCS, vol. 10892, pp. 202–220. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93387-0_11
Fleischhacker, N., Krupp, J., Malavolta, G., Schneider, J., Schröder, D., Simkin, M.: Efficient unlinkable sanitizable signatures from signatures with re-randomizable keys. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9614, pp. 301–330. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49384-7_12
Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_34
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: CCS, pp. 89–98 (2006)
Guillevic, A.: Comparing the pairing efficiency over composite-order and prime-order elliptic curves. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 357–372. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38980-1_22
Kohno, T., Stubblefield, A., Rubin, A.D., Wallach, D.S.: Analysis of an electronic voting system. In: IEEE S&P, p. 27 (2004)
Krawczyk, H., Rabin, T.: Chameleon signatures. In: NDSS (2000)
Lewko, A.B., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In: EUROCRYPT, vol. 6110, pp. 62–91 (2010)
Liu, J.K., Yuen, T.H., Zhang, P., Liang, K.: Time-based direct revocable ciphertext-policy attribute-based encryption with short revocation list. In: Preneel, B., Vercauteren, F. (eds.) ACNS 2018. LNCS, vol. 10892, pp. 516–534. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93387-0_27
Matzutt, R., et al.: A quantitative analysis of the impact of arbitrary blockchain content on bitcoin. In: Meiklejohn, S., Sako, K. (eds.) FC 2018. LNCS, vol. 10957, pp. 420–438. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-662-58387-6_23
Matzutt, R., Hohlfeld, O., Henze, M., Rawiel, R., Ziegeldorf, J.H., Wehrle, K.: POSTER: i don’t want that content! on the risks of exploiting bitcoin’s blockchain as a content store. In: CCS, pp. 1769–1771 (2016)
Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_3
Okamoto, T., Takashima, K.: Fully secure unbounded inner-product and attribute-based encryption. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 349–366. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_22
Qin, B., Zhao, Q., Zheng, D., Cui, H.: Server-aided revocable attribute-based encryption resilient to decryption key exposure. In: Capkun, S., Chow, S.S.M. (eds.) CANS 2017. LNCS, vol. 11261, pp. 504–514. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-02641-7_25
Rouselakis, Y., Waters, B.: Practical constructions and new proof methods for large universe attribute-based encryption. In: CCS, pp. 463–474 (2013)
Sahai, A., Seyalioglu, H., Waters, B.: Dynamic credentials and ciphertext delegation for attribute-based encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 199–217. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_13
Samelin, K., Slamanig, D.: Policy-based sanitizable signatures. In: Jarecki, S. (ed.) CT-RSA 2020. LNCS, vol. 12006, pp. 538–563. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-40186-3_23
Seo, J.H., Emura, K.: Revocable identity-based encryption revisited: security model and construction. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 216–234. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36362-7_14
Tian, Y., Li, N., Li, Y., Szalachowski, P., Zhou, J.: Policy-based chameleon hash for blockchain rewriting with black-box accountability. In: ACSAC, pp. 813–828 (2020)
Xu, S., Yang, G., Mu, Y.: Revocable attribute-based encryption with decryption key exposure resistance and ciphertext delegation. Inf. Sci. 479, 116–134 (2019)
Xu, S., Yang, G., Mu, Y., Deng, R.H.: Secure fine-grained access control and data sharing for dynamic groups in the cloud. IEEE Trans. Inf. Forensics Secur. 13(8), 2101–2113 (2018)
Xu, S., Yang, G., Mu, Y., Liu, X.: A secure IoT cloud storage system with fine-grained access control and decryption key exposure resistance. Future Gener. Comput. Syst. 97, 284–294 (2019)
Xu, S., Zhang, Y., Li, Y., Liu, X., Yang, G.: Generic construction of ElGama-type attribute-based encryption schemes with revocability and dual-policy. In: SecureComm, vol. 305, pp. 184–204 (2019)
Yang, Y., Liu, J.K., Liang, K., Choo, K.-K.R., Zhou, J.: Extended proxy-assisted approach: achieving revocable fine-grained encryption of cloud data. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9327, pp. 146–166. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24177-7_8
Acknowledgments
This work is supported in part by AXA Research Fund, the National Natural Science Foundation of China (Grant Nos. 62102090, 62032005, 61972094), the young talent promotion project of Fujian Science and Technology Association, and Science Foundation of Fujian Provincial Science and Technology Agency (2020J02016).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Xu, S., Ning, J., Ma, J., Xu, G., Yuan, J., Deng, R.H. (2021). Revocable Policy-Based Chameleon Hash. In: Bertino, E., Shulman, H., Waidner, M. (eds) Computer Security – ESORICS 2021. ESORICS 2021. Lecture Notes in Computer Science(), vol 12972. Springer, Cham. https://doi.org/10.1007/978-3-030-88418-5_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-88418-5_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-88417-8
Online ISBN: 978-3-030-88418-5
eBook Packages: Computer ScienceComputer Science (R0)