General Circuit Realizing Compact Revocable Attribute-Based Encryption from Multilinear Maps

This paper demonstrates new technique for managing revocation in the context of attribute-based encryption (ABE) and presents two selectively secure directly revocable ABE (RABE) constructions – supporting decryption policies realizable by polynomial size Boolean circuits of arbitrary fan-out and – featuring compactness in the sense that the number of revocation controlling components in ciphertexts and decryption keys are constant. In fact, our RABE schemes are the first to achieve these parameters. Both our constructions utilize multilinear maps. The size of public parameter in our first construction is linear to the maximum number of users supported by the system while in the second construction we reduce it to logarithmic

Controlled secure social cloud data sharing based on a novel identity based proxy re-encryption plus scheme

Currently we are witnessing a rapid integration of social networks and cloud computing, especially on storing social media contents on cloud storage due to its cheap management and easy accessing at any time and from any place. However, how to securely store and share social media contents such as pictures/videos among social groups is still a very challenging problem. In this paper, we try to tackle this problem by using a new cryptographic primitive: identity based proxy re-encryption plus (IBPRE ), which is a variant of proxy re-encryption (PRE). In PRE, by using re-encryption keys, a ciphertext computed for Alice can be transferred to a new one for Bob. Recently, the concept of PRE plus (PRE) was introduced by Wang et al. In PRE, all the algorithms are almost the same as traditional PRE, except the re-encryption keys are generated by the encrypter instead of the delegator. The message-level based fine-grained delegation property and the weak non-transferable property can be easily achieved by PRE , while traditional PRE cannot achieve them. Based on the 3-linear map, we first propose a new IBE scheme and a new IBPRE scheme, we prove the security of these schemes and give the properties and performance analysis of the new IBPRE scheme. Finally, we propose a new framework based on this new primitive for secure cloud social data sharingPeer ReviewedPostprint (author's final draft

Revocable Key-Aggregate Cryptosystem for Data Sharing in Cloud

With the rapid development of network and storage technology, cloud storage has become a new service mode, while data sharing and user revocation are important functions in the cloud storage. Therefore, according to the characteristics of cloud storage, a revocable key-aggregate encryption scheme is put forward based on subset-cover framework. The proposed scheme not only has the key-aggregate characteristics, which greatly simplifies the user’s key management, but also can revoke user access permissions, realizing the flexible and effective access control. When user revocation occurs, it allows cloud server to update the ciphertext so that revoked users can not have access to the new ciphertext, while nonrevoked users do not need to update their private keys. In addition, a verification mechanism is provided in the proposed scheme, which can verify the updated ciphertext and ensure that the user revocation is performed correctly. Compared with the existing schemes, this scheme can not only reduce the cost of key management and storage, but also realize user revocation and achieve user’s access control efficiently. Finally, the proposed scheme can be proved to be selective chosen-plaintext security in the standard model

A Generic Construction of Revocable Identity-Based Encryption

Revocable identity-based encryption (RIBE) is an extension of IBE that supports a key revocation mechanism, which is important when deployed an IBE system in practice. Boneh and Franklin presented the first generic construction of RIBE, however, their scheme is not scalable where the size of key update is linear in the number of users in the system. Then, Boldyreva, Goyal and Kumar presented the first scalable RIBE where the size of key update is logarithmic in the number of users and linear in the number of revoked users. In this paper, we present a generic construction of scalable RIBE from any IBE in a black-box way. Our construction has some merits both in theory and in practice. We obtain the first RIBE scheme based on quadratic residuosity problem and the first adaptively secure RIBE scheme based on lattices if we instantiate the underlying IBE with IBE schemes from quadratic residuosity assumption and adaptively secure IBE from lattices, respectively. In addition, the size of public parameters and secret keys are the same as that of the underlying IBE schemes. In server-aided model, the overheads of communication and computation for receivers are the same as those of underlying IBE schemes. Furthermore, the storage overhead for key update in our scheme is constant (in the number of users) while it was linear in the number of users in previous works

Generic Constructions of RIBE via Subset Difference Method

Revocable identity-based encryption (RIBE) is an extension of IBE which can support a key revocation mechanism, and it is important when deploying an IBE system in practice. Boneh and Franklin (Crypto\u2701) presented the first generic construction of RIBE, however, their scheme is not scalable where the size of key updates is linear in the number of users in the system. The first generic construction of RIBE is presented by Ma and Lin with complete subtree (CS) method by combining IBE and hierarchical IBE (HIBE) schemes. Recently, Lee proposed a new generic construction using the subset difference (SD) method by combining IBE,identity-based revocation (IBR), and two-level HIBE schemes. In this paper, we present a new primitive called Identity-Based Encryption with Ciphertext Delegation (CIBE) and propose a generic construction of RIBE scheme via subset difference method using CIBE and HIBE as building blocks. CIBE is a special type of Wildcarded IBE (WIBE) and Identity-Based Broadcast Encryption (IBBE). Furthermore, we show that CIBE can be constructed from IBE in a black-box way. Instantiating the underlying building blocks with different concrete schemes, we can obtain a RIBE scheme with constant-size public parameter, ciphertext, private key and $O(r)$ key updates in the selective-ID model. Additionally, our generic RIBE scheme can be easily converted to a sever-aided RIBE scheme which is more suitable for lightweight devices

Lattice-based Revocable (Hierarchical) IBE with Decryption Key Exposure Resistance

Revocable identity-based encryption (RIBE) is an extension of IBE that supports a key revocation mechanism; an indispensable feature for practical cryptographic schemes. Due to this extra feature, RIBE is often required to satisfy a strong security notion unique to the revocation setting called decryption key exposure resistance (DKER). Additionally, hierarchal IBE (HIBE) is another orthogonal extension of IBE that supports key delegation functionalities allowing for scalable deployments of cryptographic schemes. Thus far, R(H)IBE constructions with DKER are only known from bilinear maps, where all constructions rely heavily on the so-called key re-randomization property to achieve the DKER and/or hierarchal feature. Since lattice-based schemes seem to be inherently ill-fit with the key re-randomization property, we currently do not know of any lattice-based R(H)IBE schemes with DKER. In this paper, we propose the first lattice-based RHIBE scheme with DKER without relying on the key re-randomization property, departing from all the previously known methods. We start our work by providing a generic construction of RIBE schemes with DKER, which uses as building blocks any two-level standard HIBE scheme and (weak) RIBE scheme without DKER. Based on previous lattice-based RIBE constructions, our result implies the first lattice-based RIBE scheme with DKER. Then, building on top of our generic construction, we construct the first lattice-based RHIBE scheme with DKER, by further exploiting the algebraic structure of lattices. To this end, we prepare a new tool called the level conversion keys, which allows us to achieve the hierarchal feature without relying on the key re-randomization property

Unbounded Hierarchical Identity-Based Encryption with Efficient Revocation

Hierarchical identity-based encryption (HIBE) is an extension of identity-based encryption (IBE) where an identity of a user is organized as a hierarchical structure and a user can delegate the private key generation to another user. Providing a revocation mechanism for HIBE is highly necessary to keep a system securely. Revocable HIBE (RHIBE) is an HIBE scheme that can revoke a user\u27s private key if his credential is expired or revealed. In this paper, we first propose an unbounded HIBE scheme where the maximum hierarchy depth is not limited and prove its selective security under a q-type assumption. Next, we propose an efficient unbounded RHIBE scheme by combining our unbounded HIBE scheme and a binary tree structure, and then we prove its selective security. By presenting the unbounded RHIBE scheme, we solve the open problem of Seo and Emura in CT-RSA 2015

Generic Construction of Server-Aided Revocable Hierarchical Identity-Based Encryption with Decryption Key Exposure Resistance

In this paper, we extend the notion of server-aided revocable identity-based encryption (SR-IBE) to the hierarchical IBE (HIBE) setting and propose a generic construction of server-aided revocable hierarchical IBE (SR-HIBE) schemes with decryption key exposure resistance (DKER) from any (weak) L-level revocable HIBE scheme without DKER and (L+1)-level HIBE scheme. In order to realize the server-aided revocation mechanism, we use the “double encryption” technique, and this makes our construction has short ciphertext size. Furthermore, when the maximum hierarchical depth is one, we obtain a generic construction of SR-IBE schemes with DKER from any IBE scheme and two-level HIBE scheme

Identity-Based Key Aggregate Cryptosystem from Multilinear Maps

The key-aggregate cryptosystem~(KAC) proposed by Chu et al. in 2014 offers a solution to the flexible access delegation problem in shared data environments such as the cloud. KAC allows a data owner, owning $N$ classes of encrypted data, to securely grant access to any subset $S$ of these data classes among a subset $\hat{S}$ of data users, via a single low overhead \emph{aggregate key} $K_{\mathcal{S}}$. Existing constructions for KAC are efficient in so far they achieve constant size ciphertexts and aggregate keys. But they resort to a public parameter that has size linear in the number of data classes $N$, and require $O(M\u27M)$ secure channels for distribution of aggregate keys in a system with $M\u27$ data owners and $M$ data users. In this paper, we propose three different multilinear-map based KAC constructions that have at most polylogarithmic overhead for both ciphertexts and public parameters, and generate constant size aggregate keys. We further demonstrate how the aggregate keys may be efficiently broadcast among any arbitrary size subset of $M$ data users using only $O(M\u27+M)$ secure channels, in a system with $M\u27$ data owners. Our constructions are secure in the generic multilinear group model and are fully collusion resistant against any number of colluding parties. In addition, they naturally give rise to \emph{identity based} secure access delegation schemes