Realizing Chosen Ciphertext Security Generically in Attribute-Based Encryption and Predicate Encryption

Abstract Efficient user revocation is a necessary but challenging problem in many multi-user cryptosystems. Among known approaches, server-aided revocation yields a promising solution, because it allows to outsource the major workloads of system users to a computationally powerful third party, called the server, whose only requirement is to carry out the computations correctly. Such a revocation mechanism was considered in the settings of identity-based encryption and attribute-based encryption by Qin et al. (2015, ESORICS) and Cui et al. (2016, ESORICS ), respectively. In this work, we consider the server-aided revocation mechanism in the more elaborate setting of predicate encryption (PE). The latter, introduced by Katz et al. (2008, EUROCRYPT), provides fine-grained and role-based access to encrypted data and can be viewed as a generalization of identity-based and attribute-based encryption. Our contribution is 2-fold. First, we formalize the model of server-aided revocable PE (SR-PE), with rigorous definitions and security notions. Our model can be seen as a non-trivial adaptation of Cui et al.’s work into the PE context. Second, we put forward a lattice-based instantiation of SR-PE. The scheme employs the PE scheme of Agrawal et al. (2011, ASIACRYPT) and the complete subtree method of Naor et al. (2001, CRYPTO) as the two main ingredients, which work smoothly together thanks to a few additional techniques. Our scheme is proven secure in the standard model (in a selective manner), based on the hardness of the learning with errors problem.

Download Full-text

Large Universe CCA2 CP-ABE With Equality and Validity Test in the Standard Model

The Computer Journal ◽

10.1093/comjnl/bxaa075 ◽

2020 ◽

Author(s):

Cong Li ◽

Qingni Shen ◽

Zhikang Xie ◽

Xinyu Feng ◽

Yuejian Fang ◽

...

Keyword(s):

Standard Model ◽

Random Oracle Model ◽

Random Oracle ◽

Fine Grained ◽

Validity Check ◽

Attribute Based Encryption ◽

The Standard Model ◽

Series Of Experiments ◽

Ciphertext Policy ◽

Chosen Ciphertext Security

Abstract Attribute-based encryption with equality test (ABEET) simultaneously supports fine-grained access control on the encrypted data and plaintext message equality comparison without decrypting the ciphertexts. Recently, there have been several literatures about ABEET proposed. Nevertheless, most of them explore the ABEET schemes in the random oracle model, which has been pointed out to have many defects in practicality. The only existing ABEET scheme in the standard model, proposed by Wang et al., merely achieves the indistinguishable against chosen-plaintext attack security. Considering the aforementioned problems, in this paper, we propose the first direct adaptive chosen-ciphertext security ciphertext-policy ABEET scheme in the standard model. Our method only adopts a chameleon hash function and adds one dummy attribute to the access structure. Compared with the previous works, our scheme achieves the security improvement, ciphertext validity check and large universe. Besides, we further optimize our scheme to support the outsourced decryption. Finally, we first give the detailed theoretical analysis of our constructions in computation and storage costs, then we implement our constructions and carry out a series of experiments. Both results indicate that our constructions are more efficient in Setup and Trapdoor and have the shorter public parameters than the existing ABEET ones do.

Download Full-text

Revocable attribute-based proxy re-encryption

Journal of Mathematical Cryptology ◽

10.1515/jmc-2020-0039 ◽

2021 ◽

Vol 15 (1) ◽

pp. 465-482

Author(s):

Fucai Luo ◽

Saif Al-Kuwari

Keyword(s):

Cloud Storage ◽

Security Model ◽

Encrypted Data ◽

Practical Applications ◽

Access Policy ◽

Attribute Based Encryption ◽

The Standard Model ◽

Identity Based ◽

Learning With Errors ◽

Predicate Encryption

Abstract Attribute-based proxy re-encryption (ABPRE), which combines the notions of proxy re-encryption (PRE) and attribute-based encryption (ABE), allows a semi-trusted proxy with re-encryption key to transform a ciphertext under a particular access policy into a ciphertext under another access policy, without revealing any information about the underlying plaintext. This primitive is very useful in applications where encrypted data need to be stored in untrusted environments, such as cloud storage. In many practical applications, and in order to address scenarios where users misbehave or the re-encryption keys are compromised, an efficient revocation mechanism is necessary for ABPRE. Previously, revocation mechanism was considered in the settings of identity-based encryption (IBE), ABE, predicate encryption (PE), and broadcast PRE, but not ABPRE, which is what we set to do in this paper. We first formalize the concept of revocable ABPRE and its security model. Then, we propose a lattice-based instantiation of revocable ABPRE. Our scheme not only supports an efficient revocation mechanism but also supports polynomial-depth policy circuits and has short private keys, where the size of the keys is dependent only on the depth of the supported policy circuits. In addition, we prove that our scheme is selectively chosen-plaintext attack (CPA) secure in the standard model, based on the learning with errors assumption.

Download Full-text

Public Key Encryption with Keyword Search in Cloud: A Survey

Entropy ◽

10.3390/e22040421 ◽

2020 ◽

Vol 22 (4) ◽

pp. 421 ◽

Cited By ~ 3

Author(s):

Yunhong Zhou ◽

Na Li ◽

Yanmei Tian ◽

Dezhi An ◽

Licheng Wang

Keyword(s):

Keyword Search ◽

Public Key ◽

Future Research ◽

Public Key Encryption ◽

Encrypted Data ◽

Research Survey ◽

Attribute Based Encryption ◽

Cryptographic Primitive ◽

Potential Applications ◽

Predicate Encryption

With the popularization of cloud computing, many business and individuals prefer to outsource their data to cloud in encrypted form to protect data confidentiality. However, how to search over encrypted data becomes a concern for users. To address this issue, searchable encryption is a novel cryptographic primitive that enables user to search queries over encrypted data stored on an untrusted server while guaranteeing the privacy of the data. Public key encryption with keyword search (PEKS) has received a lot of attention as an important branch. In this paper, we focus on the development of PEKS in cloud by providing a comprehensive research survey. From a technological viewpoint, the existing PEKS schemes can be classified into several variants: PEKS based on public key infrastructure, PEKS based on identity-based encryption, PEKS based on attribute-based encryption, PEKS based on predicate encryption, PEKS based on certificateless encryption, and PEKS supporting proxy re-encryption. Moreover, we propose some potential applications and valuable future research directions in PEKS.

Download Full-text

Control Cloud Data Access Privilge Anonymity with Attributed Based Encryption

International Journal of Advanced Research in Computer Science and Software Engineering ◽

10.23956/ijarcsse.v7i8.68 ◽

2017 ◽

Vol 7 (8) ◽

pp. 279

Author(s):

P. Sudheer ◽

T. Lakshmi Surekha

Keyword(s):

Data Privacy ◽

Low Cost ◽

Data Access ◽

Privacy Concerns ◽

Cloud Data ◽

Computing Paradigm ◽

Attribute Based Encryption ◽

Data Content ◽

Identity Privacy ◽

Cloud Servers

Cloud computing is a revolutionary computing paradigm, which enables flexible, on-demand, and low-cost usage of computing resources, but the data is outsourced to some cloud servers, and various privacy concerns emerge from it. Various schemes based on the attribute-based encryption have been to secure the cloud storage. Data content privacy. A semi anonymous privilege control scheme AnonyControl to address not only the data privacy. But also the user identity privacy. AnonyControl decentralizes the central authority to limit the identity leakage and thus achieves semi anonymity. The Anonymity –F which fully prevent the identity leakage and achieve the full anonymity.

Download Full-text