Attribute-based encryption schemes with constant-size ciphertexts

Mostra el registre complet Registre parcial de l'ítem

• dc.contributor.author Attrapadung, Nuttapong
• dc.contributor.author Herranz, Javier
• dc.contributor.author Laguillaumie, Fabien
• dc.contributor.author Libert, Benoît
• dc.contributor.author De Panafieu, Elie
• dc.contributor.author Ràfols, Carla
• dc.date.accessioned 2019-09-10T13:33:16Z
• dc.date.available 2019-09-10T13:33:16Z
• dc.date.issued 2012
• dc.description.abstract Attribute-based encryption (ABE), as introduced by Sahai and Waters, allows for fine- grained access control on encrypted data. In its key-policy flavor (the dual ciphertext-policy scenario proceeds the other way around), the primitive enables senders to encrypt messages under a set of attributes and private keys are associated with access structures that specify which ciphertexts the key holder will be allowed to decrypt. In most ABE systems, the ciphertext size grows linearly with the number of ciphertext attributes and the only known exception only supports restricted forms of access policies. This paper proposes the first attribute-based encryption (ABE) schemes allowing for truly expressive access structures and with constant ciphertext size. Our first result is a ciphertext-policy attribute-based encryption (CP-ABE) scheme with O(1)-size ciphertexts for threshold access policies and where private keys remain as short as in previous systems. As a second result, we show that a certain class of identity-based broadcast encryption schemes generically yields monotonic key-policy attribute- based encryption (KP-ABE) systems in the selective set model. Our final contribution is a KP-ABE realization supporting non-monotonic access structures (i.e., that may contain negated attributes) with short ciphertexts. As an intermediate step towards this result, we describe a new efficient identity-based revocation mechanism that, when combined with a particular instantiation of our general monotonic construction, gives rise to the most expressive KP-ABE realization with constant-size ciphertexts. The downside of our second and third constructions is that private keys have quadratic size in the number of attributes. On the other hand, they reduce the number of pairing evaluations to a constant, which appears to be a unique feature among expressive KP-ABE schemes.en
• dc.format.mimetype application/pdf
• dc.identifier.citation Attrapadung N, Herranz J, Laguillaumie F, Libert B, E de Panafieu, Ràfols C. Attribute-based encryption schemes with constant-size ciphertexts. Theoretical Computer Science. 2012 Mar 9;422:15-38. DOI: 10.1016/j.tcs.2011.12.004
• dc.identifier.doi http://dx.doi.org/10.1016/j.tcs.2011.12.004
• dc.identifier.issn 0304-3975
• dc.identifier.uri http://hdl.handle.net/10230/42258
• dc.language.iso eng
• dc.publisher Elsevier
• dc.relation.ispartof Theoretical Computer Science. 2012 Mar 9;422:15-38.
• dc.rights © Elsevier This is the published version of an article http://dx.doi.org/10.1016/j.tcs.2011.12.004 that appeared in the journal Theoretical Computer Science. It is published in an Open Archive under an Elsevier user license. Details of this licence are available here: https://www.elsevier.com/about/our-business/policies/open-access-licenses/elsevier-user-license
• dc.rights.accessRights info:eu-repo/semantics/openAccess
• dc.subject.keyword Public-key cryptographyen
• dc.subject.keyword Provable securityen
• dc.subject.keyword Attribute-based encryptionen
• dc.subject.keyword Access controlen
• dc.subject.keyword Expressivity, efficiencyen
• dc.title Attribute-based encryption schemes with constant-size ciphertexts
• dc.type info:eu-repo/semantics/article
• dc.type.version info:eu-repo/semantics/acceptedVersion