Generic Constructions for Chosen-Ciphertext Secure Attribute Based Encryption

Yamada, Shota; Attrapadung, Nuttapong; Hanaoka, Goichiro; Kunihiro, Noboru

doi:10.1007/978-3-642-19379-8_5

Cited by 63 publications

(59 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Interestingly, our IND-CCA secure CP-ABE component is more efficient than the previous ABE schemes achieving IND-CCA security [27] because ours replies only one dummy attribute in the ciphertext.…”

Section: Introductionmentioning

confidence: 93%

Combined Public-Key Schemes: The Case of ABE and ABS

et al. 2012

View full text Add to dashboard Cite

Abstract. In the context of public key cryptography, combined encryption and signature schemes have attractive properties and are sometimes used in practice. The topic of joint security of signature and encryption schemes has a fairly extensive history. In this paper, we focus on the combined public-key schemes in attribute-based setting. We present a security model for combined CP-ABE and ABS schemes in the joint security setting. An efficient concrete construction of CP-ABE and ABS based on Waters's CP-ABE scheme is proposed. Our scheme is proved to be selectively jointly secure in standard model under reasonable assumptions. Moreover, we consider the problem of how to build attribute-based signcryption (ABSC) and obtain an ABSC scheme and show that it is secure. We also give a general construction of combined ABSC, CP-ABE and ABS schemes from combined CP-ABE and ABS schemes.

show abstract

Section: Introductionmentioning

confidence: 93%

Combined Public-Key Schemes: The Case of ABE and ABS

et al. 2012

View full text Add to dashboard Cite

show abstract

“…The security in [16] is provable secure against chosen plaintext attacks (CPA) in the generic group model. Later, Yamada et al [28] showed a generic construction for achieving chosenciphertext security (CCA) under the condition that the ABE scheme is of either delegatability or verifiability. Aiming to achieve CCA security in the standard model, Ge et al [13] presented another threshold CP-ABE scheme with constant size ciphertexts by using the technique of [6].…”

Section: Related Workmentioning

confidence: 99%

“…Furthermore, the size of the public parameters is linear to the upper bound of attribute number in the selected attribute set in the encryption phase. For further details about the differences between small universe and large universe, we refer the readers to [19,28]. The notion of ABE was originally proposed for flexible access control.…”

Section: Related Workmentioning

confidence: 99%

Constant-size ciphertexts in threshold attribute-based encryption without dummy attributes

Susilo

Yang

Guo

et al. 2018

Information Sciences

View full text Add to dashboard Cite

Attribute-based encryption (ABE) is an augmentation of public key encryption that allows users to encrypt and decrypt messages based on users' attributes. In a ( t, s ) threshold ABE, users who can decrypt a ciphertext must hold at least t attributes among the s attributes specified by the encryptor. At PKC 2010, Herranz, Laguillaumie and Ràfols proposed the first threshold ABE with constant-size ciphertexts. In order to ensure the encryptor can flexibly select the attribute set and a threshold value, they use dummy attributes to satisfy the decryption requirement. The advantage of their scheme is that any addition or removal of the attributes will not require any change to users' private keys or public parameters. Unfortunately, the need for dummy attributes makes their scheme inefficient, since the computational cost of encryption is linear to the size of selected attribute set and dummy attribute set. In this work, we improve Herranz et al. 's work, and propose a new threshold ABE scheme which does not use any dummy attribute . Our scheme not only retains the nice feature of Herranz et al. 's scheme, but also offers two improvements in comparison to the previous work. Firstly, the computational costs of encryption and decryption are only linear in the size of the selected attribute set. Secondly, without any dummy attribute, most of the computations can be conducted without the knowledge of the threshold t . Hence, threshold change in the encryption phase does not require complete recomputation of the ciphertext. AbstractAttribute-based encryption (ABE) is an augmentation of public key encryption that allows users to encrypt and decrypt messages based on users' attributes. In a (t, s) threshold ABE, users who can decrypt a ciphertext must hold at least t attributes among the s attributes specified by the encryptor. At PKC 2010, Herranz, Laguillaumie and Ràfols proposed the first threshold ABE with constant-size ciphertexts. In order to ensure the encryptor can flexibly select the attribute set and a threshold value, they use dummy attributes to satisfy the decryption requirement. The advantage of their scheme is that any addition or removal of the attributes will not require any change to users' private keys or public parameters. Unfortunately, the need for dummy attributes makes their scheme inefficient, since the computational cost of encryption is linear to the size of selected attribute set and dummy attribute set. In this work, we improve Herranz et al.'s work, and propose a new threshold ABE scheme which does not use any dummy attribute. Our scheme not only retains the nice feature of Herranz et al.'s scheme, but also offers two improvements in comparison to the previous work. Firstly, the computational costs of encryption and decryption are only linear in the size of the selected attribute set. Secondly, without any dummy attribute, most of the computations can be conducted without the knowledge of the threshold t. Hence, threshold change in the encryption phase does not require complete reco...

show abstract

“…4 Informally, it states that a decryption oracle cannot help the adversary break the semantic security of the scheme, and it has been studied for years in the setting of PKE [30,12]. It has also been examined in the context of identity-based encryption [9,23] and attribute-based encryption [34], which are particular cases of functional encryption. It is thus natural to analyze it for inner-product functional encryption.…”

Section: Inner-product Functional Encryptionmentioning

confidence: 99%

CCA-Secure Inner-Product Functional Encryption from Projective Hash Functions

Benhamouda

Bourse

Lipmaa

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In an inner-product functional encryption scheme, the plaintexts are vectors and the owner of the secret key can delegate the ability to compute weighted sums of the coefficients of the plaintext of any ciphertext. Recently, many inner-product functional encryption schemes were proposed. However, none of the known schemes are secure against chosen ciphertext attacks (IND-FE-CCA). We present a generic construction of IND-FE-CCA inner-product functional encryption from projective hash functions with homomorphic properties. We show concrete instantiations based on the DCR assumption, the DDH assumption, and more generally, any Matrix DDH assumption.

show abstract

Generic Constructions for Chosen-Ciphertext Secure Attribute Based Encryption

Cited by 63 publications

References 31 publications

Combined Public-Key Schemes: The Case of ABE and ABS

Combined Public-Key Schemes: The Case of ABE and ABS

Constant-size ciphertexts in threshold attribute-based encryption without dummy attributes

CCA-Secure Inner-Product Functional Encryption from Projective Hash Functions

Contact Info

Product

Resources

About