AI helps you reading Science

AI generates interpretation videos

AI extracts and analyses the key points of the paper to generate videos automatically


pub
Go Generating

AI Traceability

AI parses the academic lineage of this thesis


Master Reading Tree
Generate MRT

AI Insight

AI extracts a summary of this paper


Weibo:
A KP-attribute-based encryption system is like a CP-attribute-based encryption system with the roles of keys and ciphertexts reversed: in a KP-attribute-based encryption system, keys are associated with access structures and ciphertexts are associated with subsets of attributes

Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption

IACR Cryptology ePrint Archive, (2010): 62-91

Cited by: 1356|Views202
EI

Abstract

We present two fully secure functional encryption schemes: a fully secure attribute-based encryption (ABE) scheme and a fully secure (attribute-hiding) predicate encryption (PE) scheme for inner-product predicates. In both cases, previous constructions were only proven to be selectively secure. Both results use novel strategies to adapt t...More

Code:

Data:

Introduction
  • In a traditional public key encryption system, data is encrypted to be read by a particular individual who has already established a public key.
  • A user’s set of attributes S satisfies the LSSS access matrix if the rows labeled by the attributes in S have the linear reconstruction property, which means there exist constants {ωi} such that, for any valid shares {λi} of a secret s according to the LSSS matrix, the authors have: i ωiλi = s.
  • A user will be able to decrypt a ciphertext with access matrix A if and only if the rows of A labeled by the user’s attributes include the vector (1, 0, .
  • A user will be able to decrypt a ciphertext with access matrix A if and only if the rows of A labeled by the user’s attributes include the vector (1, 0, . . . , 0) in their span
Highlights
  • In a traditional public key encryption system, data is encrypted to be read by a particular individual who has already established a public key
  • The attribute-based encryption and predicate encryption schemes described in this paper have essential commonalities: both are functional encryption schemes that employ the dual system methodology of Waters [40] to prove full security
  • The attribute-based encryption result was obtained by Lewko, Sahai, and Waters, while the predicate encryption result was obtained by Okamoto and Takashima
  • Our KP-attribute-based encryption system and the proof of its security can be found in the full version of this paper
  • A KP-attribute-based encryption system is like a CP-attribute-based encryption system with the roles of keys and ciphertexts reversed: in a KP-attribute-based encryption system, keys are associated with access structures and ciphertexts are associated with subsets of attributes
  • Our techniques readily adapt to KP-attribute-based encryption, and the proof of security is very similar to the CP-attribute-based encryption case
Results
  • The ABE and PE schemes described in this paper have essential commonalities: both are functional encryption schemes that employ the dual system methodology of Waters [40] to prove full security.
  • This is a powerful tool for achieving full security of systems with advanced functionalities, but realizing the dual system methodology in each new context presents unique challenges.
Conclusion
  • The authors have obtained the first fully secure CP-ABE system in the standard model. The authors' techniques yield a fully secure KP-ABE system.
  • In a large universe construction, the authors could use all elements of Z∗p1 as attributes, with the size of the public parameters linear in n, a parameter which denotes the maximum size of a set of attributes used in the system
  • This reduces the size of the public parameters and allows them to use arbitrary strings as attributes by applying a collision-resistant hash function H : {0, 1}∗ → Z∗p1.
  • Pandey, Sahai, and Waters [25] do this for their KP-ABE construction
Related work
  • Identity Based Encryption (IBE) was proposed by Shamir [35]. In an identity based encryption system, an authority distributes keys to users with associated identities, and messages are encrypted directly to identities. The first IBE schemes were constructed by Boneh and Franklin [9] and Cocks [19]. These schemes were proven secure in the random oracle model. Then selectively secure schemes in the standard model were constructed [15,6]. Boneh and Boyen [7] and Waters [38] constructed fully secure IBE schemes in the standard model. Gentry [21] gave an IBE system and security proof that moved beyond the confines of the partitioning strategy, but at the cost of a large and complicated complexity assumption.
Reference
  • Al-Riyami, S., Malone-Lee, J., Smart, N.: Escrow-free encryption supporting cryptographic workflow. Int. J. Inf. Sec. 5, 217–229 (2006)
    Google ScholarLocate open access versionFindings
  • Bagga, W., Molva, R., Crosta, S.: Policy-based encryption schemes from bilinear pairings. In: ASIACCS, p. 368 (2006)
    Google ScholarFindings
  • Barbosa, M., Farshim, P.: Secure cryptographic workflow in the standarad model. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 379–393. Springer, Heidelberg (2006)
    Google ScholarLocate open access versionFindings
  • Beimel, A.: Secure schemes for secret sharing and key distribution. PhD thesis, Israel Institute of Technology, Technion, Haifa, Israel (1996)
    Google ScholarFindings
  • Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of the IEEE Symposium on Security and Privacy (2007)
    Google ScholarLocate open access versionFindings
  • Boneh, D., Boyen, X.: Efficient selective-id secure identity based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)
    Google ScholarLocate open access versionFindings
  • Boneh, D., Boyen, X.: Secure identity based encryption without random oracles. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 443–459. Springer, Heidelberg (2004)
    Google ScholarLocate open access versionFindings
  • Boneh, D., Boyen, X., Goh, E.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005)
    Google ScholarLocate open access versionFindings
  • Boneh, D., Franklin, M.: Identity based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
    Google ScholarLocate open access versionFindings
  • Boneh, D., Goh, E., Nissim, K.: Evaluating 2-dnf formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–342.
    Google ScholarLocate open access versionFindings
  • Boneh, D., Katz, J.: Improved efficiency for cca-secure cryptosystems built using identity based encryption. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 87–103. Springer, Heidelberg (2005)
    Google ScholarLocate open access versionFindings
  • Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 535–554. Springer, Heidelberg (2007)
    Google ScholarLocate open access versionFindings
  • Boyen, X., Waters, B.: Anonymous hierarchical identity-based encryption (without random oracles). In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 290–307. Springer, Heidelberg (2006)
    Google ScholarLocate open access versionFindings
  • Bradshaw, R., Holt, J., Seamons, K.: Concealing complex policies with hidden credentials. In: CCS, pp. 146–157 (2004)
    Google ScholarFindings
  • Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003)
    Google ScholarLocate open access versionFindings
  • Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–222.
    Google ScholarLocate open access versionFindings
  • Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007)
    Google ScholarLocate open access versionFindings
  • Cheung, L., Newport, C.: Provably secure ciphertext policy abe. In: CCS, pp. 456– 465 (2007)
    Google ScholarFindings
  • Cocks, C.: An identity based encryption scheme based on quadratic residues. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 26–28. Springer, Heidelberg (2001)
    Google ScholarLocate open access versionFindings
  • Freeman, D.M.: Converting pairing-based cryptosystems from composite-order groups to prime-order groups. In: EUROCRYPT (2010)
    Google ScholarFindings
  • Gentry, C.: Practical identity-based encryption without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 445–464. Springer, Heidelberg (2006)
    Google ScholarLocate open access versionFindings
  • Gentry, C., Halevi, S.: Hierarchical identity based encryption with polynomially many levels. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 437–456. Springer, Heidelberg (2009)
    Google ScholarLocate open access versionFindings
  • Gentry, C., Silverberg, A.: Hierarchical id-based cryptography. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 548–566. Springer, Heidelberg (2002)
    Google ScholarLocate open access versionFindings
  • Goyal, V., Jain, A., Pandey, O., Sahai, A.: Bounded ciphertext policy attributebased encryption. In: Aceto, L., Damgard, I., Goldberg, L.A., Halldorsson, M.M., Ingolfsdottir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 579–591. Springer, Heidelberg (2008)
    Google ScholarLocate open access versionFindings
  • Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute Based Encryption for FineGrained Access Conrol of Encrypted Data. In: CCS (2006)
    Google ScholarFindings
  • Horwitz, J., Lynn, B.: Toward hierarchical identity-based encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 466–481. Springer, Heidelberg (2002)
    Google ScholarLocate open access versionFindings
  • Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 146–162.
    Google ScholarFindings
  • Lewko, A., Waters, B.: New techniques for dual system encryption and fully secure hibe with short ciphertexts. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 455–479. Springer, Heidelberg (2010)
    Google ScholarLocate open access versionFindings
  • Miklau, G., Suciu, D.: Controlling access to published data using cryptography. In: VLDB, pp. 898–909 (2003)
    Google ScholarFindings
  • Okamoto, T., Takashima, K.: Homomorphic encryption and signatures from vector decomposition. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 57–74. Springer, Heidelberg (2008)
    Google ScholarLocate open access versionFindings
  • Okamoto, T., Takashima, K.: Hierarchical predicate encryption for inner-products. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 214–231.
    Google ScholarLocate open access versionFindings
  • Ostrovksy, R., Sahai, A., Waters, B.: Attribute Based Encryption with NonMonotonic Access Structures. In: CCS (2007)
    Google ScholarFindings
  • Pirretti, M., Traynor, P., McDaniel, P., Waters, B.: Secure attribute-based systems. In: CCS, pp. 99–112 (2006)
    Google ScholarFindings
  • Sahai, A., Waters, B.: Fuzzy Identity Based Encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473.
    Google ScholarLocate open access versionFindings
  • Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)
    Google ScholarLocate open access versionFindings
  • Shi, E., Waters, B.: Delegating capabilities in predicate encryption systems. In: Aceto, L., Damgard, I., Goldberg, L.A., Halldorsson, M.M., Ingolfsdottir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 560–578.
    Google ScholarLocate open access versionFindings
  • Smart, N.: Access control using pairing based cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 111–121. Springer, Heidelberg (2003)
    Google ScholarFindings
  • Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127.
    Google ScholarLocate open access versionFindings
  • Waters, B.: Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. Cryptology ePrint Archive, Report 2008/290 (2008)
    Google ScholarFindings
  • Waters, B.: Dual system encryption: realizing fully secure ibe and hibe under simple assumptions. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 619–636.
    Google ScholarLocate open access versionFindings
Your rating :
0

 

Tags
Comments
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科