Abstract
In this paper, we present a new and efficient construction of an Attribute-Based Authenticated Key Exchange (ABAKE) protocol, providing fine-grained access control over data. The state-of-the-art constructions of ABAKE protocols rely on extensive pairing and exponentiation operations (both polynomial in the size of the access policies) over appropriate groups equipped with bilinear maps. Our new construction of ABAKE protocol reduces the number of pairing operations to be constant (to be precise only 7) and the number of exponentiations to be linear in the number of clauses in the disjunctive normal form representing the general access policies. The main workhorse of our ABAKE construction is an Attribute-Based Signcryption (ABSC) scheme with constant number of pairings (only 7), which we construct. This also gives the first construction of ABSC schemes with constant number of pairings for general purpose access policies in the standard model. Our ABAKE protocol is also round-optimal, i.e., it is a single round protocol consisting of only a single message flow among the parties involved, and is asynchronous in nature, i.e., the message sent by one party does not depend on the incoming message from the other party. The security of our ABAKE protocol is proved under a variant of the Bilinear Diffie-Hellman Exponent assumption, in the Attribute-Based extended Canetti-Krawzyck (ABeCK) model, which is an extension of the extended Canetti-Krawzyck (eCK) model for attribute-based framework.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy. SP 2007, pp. 321–334. IEEE (2007)
Emura, K., Miyaji, A., Rahman, M.S.: Dynamic attribute-based signcryption without random oracles. Int. J. Appl. Cryptol. 2(3), 199–211 (2012)
Gagné, M., Narayan, S., Safavi-Naini, R.: Short pairing-efficient threshold-attribute-based signature. In: Abdalla, M., Lange, T. (eds.) Pairing 2012. LNCS, vol. 7708, pp. 295–313. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36334-4_19
Gorantla, M.C., Boyd, C., González Nieto, J.M.: Attribute-based authenticated key exchange. In: Steinfeld, R., Hawkes, P. (eds.) ACISP 2010. LNCS, vol. 6168, pp. 300–317. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14081-5_19
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98. ACM (2006)
LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-75670-5_1
Liu, J., Huang, X., Liu, J.K.: Secure sharing of personal health records in cloud computing: ciphertext-policy attribute-based signcryption. Futur. Gener. Comput. Syst. 52, 67–76 (2015). Special Section: Cloud Computing: Security, Privacy and Practice
Malluhi, Q.M., Shikfa, A., Trinh, V.C.: A ciphertext-policy attribute-based encryption scheme with optimized ciphertext size and fast decryption. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 230–240. ACM (2017)
Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 195–203. ACM (2007)
Pandit, T., Pandey, S.K., Barua, R.: Attribute-based signcryption : signer privacy, strong unforgeability and IND-CCA2 security in adaptive-predicates attack. In: Chow, S.S.M., Liu, J.K., Hui, L.C.K., Yiu, S.M. (eds.) ProvSec 2014. LNCS, vol. 8782, pp. 274–290. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12475-9_19
Rao, Y.S.: A secure and efficient ciphertext-policy attribute-based signcryption for personal health records sharing in cloud computing. Futur. Gener. Comput. Syst. 67, 133–151 (2017)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27
Steinwandt, R., Corona, A.S.: Attribute-based group key establishment. IACR Cryptology ePrint Archive, vol. 2010, p. 235 (2010)
Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19379-8_4
Yoneyama, K.: Strongly secure two-pass attribute-based authenticated key exchange. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 147–166. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17455-1_10
Yoneyama, K.: Two-party round-optimal session-policy attribute-based authenticated key exchange without random oracles. In: Kim, H. (ed.) ICISC 2011. LNCS, vol. 7259, pp. 467–489. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31912-9_31
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Chakraborty, S., Rao, Y.S., Rangan, C.P. (2018). An Efficient Attribute-Based Authenticated Key Exchange Protocol. In: Capkun, S., Chow, S. (eds) Cryptology and Network Security. CANS 2017. Lecture Notes in Computer Science(), vol 11261. Springer, Cham. https://doi.org/10.1007/978-3-030-02641-7_24
Download citation
DOI: https://doi.org/10.1007/978-3-030-02641-7_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02640-0
Online ISBN: 978-3-030-02641-7
eBook Packages: Computer ScienceComputer Science (R0)