Anonymous and Adaptively Secure Revocable IBE with Constant Size Public Parameters

In Identity-Based Encryption (IBE) systems, key revocation is non-trivial. This is because a user's identity is itself a public key. Moreover, the private key corresponding to the identity needs to be obtained from a trusted key authority through an authenticated and secrecy protected channel. So far, there exist only a very small number of revocable IBE (RIBE) schemes that support non-interactive key revocation, in the sense that the user is not required to interact with the key authority or some kind of trusted hardware to renew her private key without changing her public key (or identity). These schemes are either proven to be only selectively secure or have public parameters which grow linearly in a given security parameter. In this paper, we present two constructions of non-interactive RIBE that satisfy all the following three attractive properties: (i) proven to be adaptively secure under the Symmetric External Diffie-Hellman (SXDH) and the Decisional Linear (DLIN) assumptions; (ii) have constant-size public parameters; and (iii) preserve the anonymity of ciphertexts---a property that has not yet been achieved in all the current schemes

Attribute-based encryption for cloud computing access control: A survey

National Research Foundation (NRF) Singapore; AXA Research Fun

Forward-secure hierarchical predicate encryption

Secrecy of decryption keys is an important pre-requisite for security of any encryption scheme and compromised private keys must be immediately replaced. \emph{Forward Security (FS)}, introduced to Public Key Encryption (PKE) by Canetti, Halevi, and Katz (Eurocrypt 2003), reduces damage from compromised keys by guaranteeing confidentiality of messages that were encrypted prior to the compromise event. The FS property was also shown to be achievable in (Hierarchical) Identity-Based Encryption (HIBE) by Yao, Fazio, Dodis, and Lysyanskaya (ACM CCS 2004). Yet, for emerging encryption techniques, offering flexible access control to encrypted data, by means of functional relationships between ciphertexts and decryption keys, FS protection was not known to exist.\smallskip In this paper we introduce FS to the powerful setting of \emph{Hierarchical Predicate Encryption (HPE)}, proposed by Okamoto and Takashima (Asiacrypt 2009). Anticipated applications of FS-HPE schemes can be found in searchable encryption and in fully private communication. Considering the dependencies amongst the concepts, our FS-HPE scheme implies forward-secure flavors of Predicate Encryption and (Hierarchical) Attribute-Based Encryption.\smallskip Our FS-HPE scheme guarantees forward security for plaintexts and for attributes that are hidden in HPE ciphertexts. It further allows delegation of decrypting abilities at any point in time, independent of FS time evolution. It realizes zero-inner-product predicates and is proven adaptively secure under standard assumptions. As the ``cross-product" approach taken in FS-HIBE is not directly applicable to the HPE setting, our construction resorts to techniques that are specific to existing HPE schemes and extends them with what can be seen as a reminiscent of binary tree encryption from FS-PKE

Energy-efficient secure outsourcing decryption of attribute based encryption for mobile device in cloud computation

This is a copy of the author 's final draft version of an article published in the "Journal of ambient intelligence and humanized computing". The final publication is available at Springer via http://dx.doi.org/10.1007/s12652-017-0658-2In this paper two new ways for efficient secure outsourcing the decryption of key-policy attribute-based encryption (KP-ABE) with energy efficiency are proposed. Based on an observation about the permutation property of the access structure for the attribute based encryption schemes, we propose a high efficient way for outsourcing the decryption of KP-ABE, which is suitable for being used in mobile devices. But it can only be used for the ABE schemes having tree-like access structure for the self-enclosed system. The second way is motivated from the fact that almost all the previous work on outsourcing the decryption of KP-ABE cares little about the ciphertext length. Almost all the previous schemes for secure outsourcing the decryption of ABE have linear length ciphertext with the attributes or the policy. But transferring so long ciphertexts via wireless network for mobile phone can easily run out of battery power, therefore it can not be adapted to practical application scenarios. Thus another new scheme for outsourcing the decryption of ABE but with constant-size ciphertexts is proposed. Furthermore, our second proposal gives a new efficient way for secure outsourcing the decryptor’s secret key to the cloud, which need only one modular exponentiation while all the previous schemes need many. We evaluate the efficiency of our proposals and the results show that our proposals are practical.Peer ReviewedPostprint (author's final draft

Ciphertext-policy attribute based encryption supporting access policy update

Attribute-based encryption (ABE) allows one-to-many encryption with static access control. In many occasions, the access control policy must be updated and the original encryptor might be required to re-encrypt the message, which is impractical, since the encryptor might be unavailable. Unfortunately, to date the work in ABE does not consider this issue yet, and hence this hinders the adoption of ABE in practice. In this work, we consider how to efficiently update access policies in Ciphertext-policy Attribute-based Encryption (CP-ABE) systems without re-encryption. We introduce a new notion of CP-ABE supporting access policy update that captures the functionalities of attribute addition and revocation to access policies. We formalize the security requirements for this notion, and subsequently construct two provably secure CP-ABE schemes supporting AND-gate access policy with constant-size ciphertext for user decryption. The security of our schemes are proved under the Augmented Multi-sequences of Exponents Decisional Diffie-Hellman assumption