Attribute-Based Encryption Without Key Escrow

  • Xing Zhang
  • Cancan Jin
  • Zilong Wen
  • Qingni Shen
  • Yuejian Fang
  • Zhonghai Wu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9483)


Attribute-Based Encryption (ABE) is a promising cryptographic primitive for fine-grained sharing of encrypted data. However, ABE has a major shortcoming which is called the key escrow problem. Key generation center (KGC) can generate the secret key of a user with arbitrary set of attributes. Even worse, KGC can decrypt ciphertext directly using its master key. This could be a potential intimidation to data security and privacy. In this paper, we propose a novel ciphertext-policy ABE scheme without key escrow. In our construction, we use two authorities, KGC and OAA (outsourced attribute authority). Unless KGC colludes with OAA, neither KGC nor OAA can decrypt the ciphertext independently. Our scheme is proved to be selectively secure in the standard model. We give universal methods for transforming both KP-ABE and CP-ABE with a single authority to solve the problem of key escrow. Our scheme naturally supports outsourcing the decryption of ciphertexts.


Cloud storage Access control Attribute-based encryption Key escrow Outsourcing decryption 



This work is supported by the National High Technology Research and Development Program (“863” Program) of China under Grant No. 2015AA016009, the National Natural Science Foundation of China under Grant No. 61232005, and the Science and Technology Program of Shen Zhen, China under Grant No. JSGG2014051 6162852628.


  1. 1.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: ACM Conference on Computer and Communications Security, pp. 89–98 (2006)Google Scholar
  4. 4.
    Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: ACM Conference on Computer and Communications Security, pp. 195–203 (2007)Google Scholar
  5. 5.
    Attrapadung, N., Libert, B., de Panafieu, E.: Expressive key-policy attribute-based encryption with constant-size ciphertexts. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 90–108. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Rouselakis, Y., Waters, B.: Practical constructions and new proof methods for large universe attribute-based encryption. In: ACM Conference on Computer and Communications Security, pp. 463–474 (2013)Google Scholar
  7. 7.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, pp. 321–334 (2007)Google Scholar
  8. 8.
    Cheung, L., Newport, C.: Provably secure ciphertext policy ABE. In: ACM Conference on Computer and Communications Security, pp. 456–465 (2007)Google Scholar
  9. 9.
    Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Hur, J., Koo, D., Hwang, S.O., Kang, K.: Removing escrow from ciphertext policy attribute-based encryption. Comput. Math Appl. 65(9), 1310–1317 (2013)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Hur, J.: Improving security and efficiency in attribute-based data sharing. IEEE Trans. Knowl. Data Eng. 25(10), 2271–2282 (2013)CrossRefGoogle Scholar
  12. 12.
    Zhang, G., Liu, L., Liu, Y.: An attribute-based encryption scheme secure against malicious KGC. In: IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1376–1380 (2012)Google Scholar
  13. 13.
    Wang, Y., Chen, K., Long, Y., Liu, Z.: Accountable authority key policy attribute-based encryption. Sci. China Inf. Sci. 55(7), 1631–1638 (2012)zbMATHMathSciNetCrossRefGoogle Scholar
  14. 14.
    Libert, B., Vergnaud, D.: Towards black-box accountable authority IBE with short ciphertexts and private keys. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 235–255. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    Green, M., Hohenberger, S., Waters, B.: Outsourcing the decryption of ABE ciphertexts. In: USENIX Security Symposium (2011)Google Scholar
  16. 16.
    Beimel, A.: Secure schemes for secret sharing and key distribution. PhD thesis, Israel Institute of Technology, Technion, Haifa, Israel (1996)Google Scholar
  17. 17.
    Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Chase, M., Chow, S.S.: Improving privacy and security in multi-authority attribute-based encryption. In: ACM Conference on Computer and Communications Security, pp. 121–130 (2009)Google Scholar
  19. 19.
    Lewko, A., Waters, B.: Decentralizing attribute-based encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 568–588. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  20. 20.
    Liu, Z., Cao, Z., Huang, Q., Wong, D.S., Yuen, T.H.: Fully secure multi-authority ciphertext-policy attribute-based encryption without random oracles. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 278–297. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  21. 21.
    Wang, G., Liu, Q., Wu, J.: Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 735–737 (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Xing Zhang
    • 1
  • Cancan Jin
    • 2
  • Zilong Wen
    • 2
  • Qingni Shen
    • 2
  • Yuejian Fang
    • 2
  • Zhonghai Wu
    • 2
  1. 1.School of Electronics Engineering and Computer SciencePeking UniversityBeijingChina
  2. 2.School of Software and MicroelectronicsPeking UniversityBeijingChina

Personalised recommendations