Abstract
Recently, Attrapadung (Eurocrypt 2014) proposed a generic framework that abstracts the concept of dual system encryption techniques. We expand their framework by proposing an extended perfect security for pair encoding scheme, which implies a new approach to employ dual system encryption methodology to obtain full security of attribute-based encryption (ABE) system via a generic construction.
Using this expanded framework, we obtain a fully secure ciphertext-policy ABE (CP-ABE) construction in composite order groups with short public parameters. Compared with previous works that either have public parameter size scaling linear with the number of attributes or require parameterized assumptions, our CP-ABE system achieves the advantages of an exponential improvement in terms of public parameter size and static assumptions relied on simultaneously.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
Agrawal, S., Chase, M.: A study of pair encodings: predicate encryption in prime order groups. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 259–288. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49099-0_10
Attrapadung, N.: Dual system encryption via doubly selective security: framework, fully secure functional encryption for regular languages, and more. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 557–577. Springer, Heidelberg (2014). doi:10.1007/978-3-642-55220-5_31
Attrapadung, N., Yamada, S.: Duality in ABE: converting attribute based encryption for dual predicate and dual policy via computational encodings. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 87–105. Springer, Heidelberg (2015). doi:10.1007/978-3-319-16715-2_5
Beimel, A.: Secure schemes for secret sharing and key distribution. Technion-Israel Institute of technology, Faculty of computer science (1996)
Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004). doi:10.1007/978-3-540-28628-8_3
Boneh, D., Sahai, A., Waters, B.: Functional encryption: definitions and challenges. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 253–273. Springer, Heidelberg (2011). doi:10.1007/978-3-642-19571-6_16
Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007). doi:10.1007/978-3-540-70936-7_28
Chase, M., Chow, S.S.: Improving privacy and security in multi-authority attribute-based encryption. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 121–130. ACM (2009)
Chase, M., Meiklejohn, S.: Déjà Q: using dual systems to revisit q-type assumptions. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 622–639. Springer, Heidelberg (2014). doi:10.1007/978-3-642-55220-5_34
Chen, J., Gay, R., Wee, H.: Improved dual system ABE in prime-order groups via predicate encodings. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 595–624. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46803-6_20
Chen, J., Wee, H.: Fully, (Almost) tightly secure IBE and dual system groups. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 435–460. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40084-1_25
Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38348-9_1
Garg, S., Gentry, C., Halevi, S., Sahai, A., Waters, B.: Attribute-based encryption for circuits from multilinear maps. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 479–499. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40084-1_27
Gorbunov, S., Vaikuntanathan, V., Wee, H.: Attribute-based encryption for circuits. J. ACM (JACM) 62(6), 45 (2015)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98. ACM (2006)
Kowalczyk, L., Lewko, A.B.: Bilinear entropy expansion from the decisional linear assumption. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 524–541. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48000-7_26
Lewko, A.: Tools for simulating features of composite order bilinear groups in the prime order setting. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 318–335. Springer, Heidelberg (2012). doi:10.1007/978-3-642-29011-4_20
Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 62–91. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13190-5_4
Lewko, A., Waters, B.: New techniques for dual system encryption and fully secure HIBE with short ciphertexts. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 455–479. Springer, Heidelberg (2010). doi:10.1007/978-3-642-11799-2_27
Lewko, A., Waters, B.: Decentralizing attribute-based encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 568–588. Springer, Heidelberg (2011). doi:10.1007/978-3-642-20465-4_31
Lewko, A., Waters, B.: Unbounded HIBE and attribute-based encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 547–567. Springer, Heidelberg (2011). doi:10.1007/978-3-642-20465-4_30
Lewko, A., Waters, B.: New proof methods for attribute-based encryption: achieving full security through selective techniques. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 180–198. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32009-5_12
Okamoto, T., Takashima, K.: Fully secure functional encryption with general relations from the decisional linear assumption. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 191–208. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14623-7_11
Okamoto, T., Takashima, K.: Fully secure unbounded inner-product and attribute-based encryption. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 349–366. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34961-4_22
Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 195–203. ACM (2007)
Rouselakis, Y., Waters, B.: Practical constructions and new proof methods for large universe attribute-based encryption. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 463–474. ACM (2013)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). doi:10.1007/11426639_27
Waters, B.: Dual system encryption: realizing fully secure IBE and HIBE under simple assumptions. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 619–636. Springer, Heidelberg (2009). doi:10.1007/978-3-642-03356-8_36
Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011). doi:10.1007/978-3-642-19379-8_4
Wee, H.: Dual system encryption via predicate encodings. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 616–637. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54242-8_26
Acknowledgement
We would like to thank the anonymous reviewers for their valuable comments. This work is supported by the National Natural Science Foundation of China (No. U1536205) and the National Basic Research Program of China (No. 2013CB338003).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Linear Secret Sharing Schemes
A Linear Secret Sharing Schemes
Here we present the definition of access structure and linear secret sharing schemes introduced in [4], adapted to match our ABE setting.
Definition 3
(Access Structure). Let \(\mathcal {U}\) be the attribute universe. An access structure on \(\mathcal {U}\) is a collection \(\mathbb {A}\) of non-empty sets of attributes, i.e. \(\mathbb {A}\subseteq 2^{\mathcal {U}} \backslash \{\}\). The sets in \(\mathbb {A}\) are called the authorized sets and the sets not in \(\mathbb {A}\) are called the unauthorized sets.
Additionally, an access structure is called monotone if \(\forall B, C \in \mathbb {A}: \text {if}\ B \in \mathbb {A}\) and \(B \subseteq C\), then \(C \in \mathbb {A}\).
Definition 4
(Linear Secret Sharing Schemes (LSSS)). Let p be a prime and \(\mathcal {U}\) the attribute universe. A secret sharing scheme \(\varPi \) realizing access structures on \(\mathcal {U}\) is linear over \(\mathbb {Z}_p\) if
-
1.
The shares of a secret \(s \in \mathbb {Z}_p\) for each attribute form a vector over \(\mathbb {Z}_p\).
-
2.
For each access structure \(\mathbb {A}\) on \(\mathcal {U}\), there exists an \(\ell \times n\) matrix A called the share-generating matrix, and a function \(\rho \), that labels the rows of A with attributes from \(\mathcal {U}\), i.e. \(\rho : [\ell ] \rightarrow \mathcal {U}\), which satisfy the following: During the generation of the shares, we consider the column vector \(\varvec{v} = (s, v_2, \ldots , v_n)\), where \(v_2, \ldots , v_n \leftarrow \mathbb {Z}_p\). Then the vector of \(\ell \) shares of the secret s according to \(\varPi \) is equal to \(A\varvec{v}\). The share \((A\varvec{v})_j\) where \(j \in [\ell ]\) belongs to attribute \(\rho (j)\). We will refer to the pair \((A, \rho )\) as the policy of the access structure \(\mathbb {A}\).
According to [4], each secret sharing scheme should satisfy the reconstruction requirement (each authorized set can reconstruct the secret) and the security requirement (any unauthorized set cannot reveal any partial information about the secret).
For our composite order group construction, we will employ LSSS matrices over \(\mathbb {Z}_N\), where N is a product of three distinct primes \(p_1\), \(p_2\) and \(p_3\). Let S denote an authorized set for the access structure \(\mathbb {A}\), and I be the set of rows whose labels are in S, i.e. \(I = \{i | i \in [\ell ] \wedge \rho (i) \in S\}\). The reconstruction requirement asserts that the vector \((1, 0, \ldots , 0)\) is in the span of rows of A indexed by I modulo N. This means that there exist constants \(\{\omega _i\}_{i \in I}\) such that, for any valid shares \(\{\lambda _i = {(A\varvec{v})}\}_{i \in I}\) of a secret s according to \(\varPi \), we have \(\sum \nolimits _{i \in I} {{\omega _i}\lambda _i} = s\). Furthermore, these constants \(\{\omega _i\}_{i \in I}\) can be found in time polynomial in the size of the share-generating matrix A.
On the other hand, for unauthorized sets \(S'\), no such \(\{\omega _i\}\) exist. However, in our security proof for composite order system, we will further assume that for an unauthorized set, the corresponding rows of A do not include the vector \((1, 0, \ldots , 0)\) in their span modulo \(p_2\). We may assume this because if an adversary can produce an access matrix A over \(\mathbb {Z}_N\) and an unauthorized set over \(\mathbb {Z}_N\) that is authorized over \(\mathbb {Z}_{p_2}\), this can be used to produce a non-trivial factor of the group order N, which would violate our subgroup decision assumptions.
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Wang, M., Zhang, Z. (2017). Expanded Framework for Dual System Encryption and Its Application. In: Hong, S., Park, J. (eds) Information Security and Cryptology – ICISC 2016. ICISC 2016. Lecture Notes in Computer Science(), vol 10157. Springer, Cham. https://doi.org/10.1007/978-3-319-53177-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-53177-9_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-53176-2
Online ISBN: 978-3-319-53177-9
eBook Packages: Computer ScienceComputer Science (R0)