Cryptanalysis on the Anonymity of Li et al.’s Ciphertext-Policy Attribute-Based Encryption Scheme

  • Yi-Fan Tseng
  • Chun-I Fan
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 733)


Attribute-based encryption is a very powerful primitive in public-key cryptography. It can be adopted in many applications, such as cloud storage, etc. To further protect the privacy of users, anonymity has been considered as an important property in an attribute-based encryption. In an anonymous attribute-based encryption, the access structure of a ciphertext is hidden from users. In this paper, we find an attack method against Li et al.’s anonymous attribute-based encryption schemes. The proposed attack uses an “invalid attribute key” to recover the hidden access structure of a given ciphertext. No information of the master secret key nor private keys are necessary in our attack.


Attribute-based encryption Anonymity Hidden access structure Cryptanalysis 



This work was partially supported by the Ministry of Science and Technology of the Taiwan under grants MOST 105-2923-E-110-001-MY3, MOST 105-2221-E-110-053-MY2, and MOST 106-3114-E-110-001.


  1. 1.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Advances in Cryptology – Eurocrypt, vol. 3494. LNCS, pp. 457–473. Springer (2005)Google Scholar
  2. 2.
    Attrapadung, N., Libert, B., de Panafieu, E.: Expressive key-policy attribute-based encryption with constant-size ciphertexts. In: International Workshop on Public Key Cryptography, pp. 90–108. Springer (2011)Google Scholar
  3. 3.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 89–98 (2006)Google Scholar
  4. 4.
    Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 195–203. ACM (2007)Google Scholar
  5. 5.
    Bethencournt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy, SP 2007, pp. 321–334 (2007)Google Scholar
  6. 6.
    Cheung, L., Newprot, C.: Provably secure ciphertext policy ABE. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 456–465 ACM (2007)Google Scholar
  7. 7.
    Goyal, V., Jain, A., Pandey, O., Sahai, A: Bounded ciphertext policy attribute based encryption. In: Automata, Languages and Programing, pp. 579–591. Springer (2008)Google Scholar
  8. 8.
    Liang, X., Cao, Z., Lin, H., Xing, D.: Provably secure and efficient bounded ciphertext-policy attribute-based encryption. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 343–352. ACM (2009)Google Scholar
  9. 9.
    Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Public Key Cryptography. Lecture Notes in Computer Science, pp. 53–70 (2011)Google Scholar
  10. 10.
    Li, J., Ren, K., Zhu, B., Wan, Z.: Privacy-aware attribute-based encryption with user accountability. In: International Conference on Information Security, vol. 9, pp. 347–362 Springer (2009)Google Scholar
  11. 11.
    Balu, A., Kuppusamy, K.: Ciphertext-policy attribute-based encryption with anonymous access policy. arXiv preprint arXiv:1011.0527 (2010)
  12. 12.
    Balu, A., Kuppusamy, K.: Privacy preserving ciphertext-policy attribute-based encryption. In: Recent Trends in Network Security and Applications, pp. 402–409. Springer (2010)Google Scholar
  13. 13.
    Lai, J., Deng, R.H, Li, Y.: Fully secure cipertext-policy hiding CP-ABE. In: Information Security Practice and Experience, pp. 24–39. Springer (2011)Google Scholar
  14. 14.
    Nishide, T., Yoneyama, K., Ohta, K.: Attribute-based encryption with partially hidden encryptor-specified access structures. In: Applied Cryptography and Network Security, pp. 111–129. Springer (2008)Google Scholar
  15. 15.
    Padhya, M., Jinwala, D.: A novel approach for searchable CP-ABE with hidden ciphertext-policy. In: Information Systems Security, pp. 167–184. Springer (2014)Google Scholar
  16. 16.
    Phuong, T.V.X., Yang, G., Susilo, W.: Hidden ciphertext policy attribute-based encryption under standard assumptions. IEEE Trans. Inf. Forensics Secur. 11(1), 35–45 (2016)CrossRefGoogle Scholar
  17. 17.
    Wang, Z., He, M.: CP-ABE with hidden policy from waters efficient construction. Int. J. Distrib. Sens. Netw. 2016, 11 (2016)Google Scholar
  18. 18.
    Li, J., et al.: Multi-authority ciphertext-policy attribute-based encryption with accountability. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security. ACM (2011)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringNational Sun Yat-sen UniversityKaohsiungTaiwan

Personalised recommendations