Welcome to the UPF Digital Repository

Attribute-based encryption schemes with constant-size ciphertexts

Show simple item record

dc.contributor.author Attrapadung, Nuttapong
dc.contributor.author Herranz, Javier
dc.contributor.author Laguillaumie, Fabien
dc.contributor.author Libert, Benoît
dc.contributor.author De Panafieu, Elie
dc.contributor.author Ràfols, Carla
dc.date.accessioned 2019-09-10T13:33:16Z
dc.date.available 2019-09-10T13:33:16Z
dc.date.issued 2012
dc.identifier.citation Attrapadung N, Herranz J, Laguillaumie F, Libert B, E de Panafieu, Ràfols C. Attribute-based encryption schemes with constant-size ciphertexts. Theoretical Computer Science. 2012 Mar 9;422:15-38. DOI: 10.1016/j.tcs.2011.12.004
dc.identifier.issn 0304-3975
dc.identifier.uri http://hdl.handle.net/10230/42258
dc.description.abstract Attribute-based encryption (ABE), as introduced by Sahai and Waters, allows for fine- grained access control on encrypted data. In its key-policy flavor (the dual ciphertext-policy scenario proceeds the other way around), the primitive enables senders to encrypt messages under a set of attributes and private keys are associated with access structures that specify which ciphertexts the key holder will be allowed to decrypt. In most ABE systems, the ciphertext size grows linearly with the number of ciphertext attributes and the only known exception only supports restricted forms of access policies. This paper proposes the first attribute-based encryption (ABE) schemes allowing for truly expressive access structures and with constant ciphertext size. Our first result is a ciphertext-policy attribute-based encryption (CP-ABE) scheme with O(1)-size ciphertexts for threshold access policies and where private keys remain as short as in previous systems. As a second result, we show that a certain class of identity-based broadcast encryption schemes generically yields monotonic key-policy attribute- based encryption (KP-ABE) systems in the selective set model. Our final contribution is a KP-ABE realization supporting non-monotonic access structures (i.e., that may contain negated attributes) with short ciphertexts. As an intermediate step towards this result, we describe a new efficient identity-based revocation mechanism that, when combined with a particular instantiation of our general monotonic construction, gives rise to the most expressive KP-ABE realization with constant-size ciphertexts. The downside of our second and third constructions is that private keys have quadratic size in the number of attributes. On the other hand, they reduce the number of pairing evaluations to a constant, which appears to be a unique feature among expressive KP-ABE schemes.
dc.format.mimetype application/pdf
dc.language.iso eng
dc.publisher Elsevier
dc.relation.ispartof Theoretical Computer Science. 2012 Mar 9;422:15-38.
dc.rights © Elsevier This is the published version of an article http://dx.doi.org/10.1016/j.tcs.2011.12.004 that appeared in the journal Theoretical Computer Science. It is published in an Open Archive under an Elsevier user license. Details of this licence are available here: https://www.elsevier.com/about/our-business/policies/open-access-licenses/elsevier-user-license
dc.title Attribute-based encryption schemes with constant-size ciphertexts
dc.type info:eu-repo/semantics/article
dc.identifier.doi https://dx.doi.org/10.1016/j.tcs.2011.12.004
dc.subject.keyword Public-key cryptography
dc.subject.keyword Provable security
dc.subject.keyword Attribute-based encryption
dc.subject.keyword Access control
dc.subject.keyword Expressivity, efficiency
dc.rights.accessRights info:eu-repo/semantics/openAccess
dc.type.version info:eu-repo/semantics/acceptedVersion


This item appears in the following Collection(s)

Show simple item record

Search DSpace


Advanced Search

Browse

My Account

Statistics

Compliant to Partaking