A ciphertext-policy attribute-based encryption scheme with constant ciphertext length

Emura, Keita; Miyaji, Atsuko; Omote, Kazumasa; Nomura, Akito; Soshi, Masakazu

doi:10.1504/ijact.2010.033798

Cited by 83 publications

(150 citation statements)

References 28 publications

Supporting

Mentioning

148

Contrasting

Unclassified

Order By: Relevance

“…The first CP-ABE with constant-size ciphertexts under (n, n)-threshold access structure was proposed in [11]. While the KP-ABE scheme with constantsize ciphertexts was achieved by Attrapadung, Libert and Panafieu in [2] which supports general access structures.…”

Section: Related Workmentioning

confidence: 99%

Constant-size ciphertexts in threshold attribute-based encryption without dummy attributes

Susilo

Yang

Guo

et al. 2018

Information Sciences

View full text Add to dashboard Cite

Attribute-based encryption (ABE) is an augmentation of public key encryption that allows users to encrypt and decrypt messages based on users' attributes. In a ( t, s ) threshold ABE, users who can decrypt a ciphertext must hold at least t attributes among the s attributes specified by the encryptor. At PKC 2010, Herranz, Laguillaumie and Ràfols proposed the first threshold ABE with constant-size ciphertexts. In order to ensure the encryptor can flexibly select the attribute set and a threshold value, they use dummy attributes to satisfy the decryption requirement. The advantage of their scheme is that any addition or removal of the attributes will not require any change to users' private keys or public parameters. Unfortunately, the need for dummy attributes makes their scheme inefficient, since the computational cost of encryption is linear to the size of selected attribute set and dummy attribute set. In this work, we improve Herranz et al. 's work, and propose a new threshold ABE scheme which does not use any dummy attribute . Our scheme not only retains the nice feature of Herranz et al. 's scheme, but also offers two improvements in comparison to the previous work. Firstly, the computational costs of encryption and decryption are only linear in the size of the selected attribute set. Secondly, without any dummy attribute, most of the computations can be conducted without the knowledge of the threshold t . Hence, threshold change in the encryption phase does not require complete recomputation of the ciphertext. AbstractAttribute-based encryption (ABE) is an augmentation of public key encryption that allows users to encrypt and decrypt messages based on users' attributes. In a (t, s) threshold ABE, users who can decrypt a ciphertext must hold at least t attributes among the s attributes specified by the encryptor. At PKC 2010, Herranz, Laguillaumie and Ràfols proposed the first threshold ABE with constant-size ciphertexts. In order to ensure the encryptor can flexibly select the attribute set and a threshold value, they use dummy attributes to satisfy the decryption requirement. The advantage of their scheme is that any addition or removal of the attributes will not require any change to users' private keys or public parameters. Unfortunately, the need for dummy attributes makes their scheme inefficient, since the computational cost of encryption is linear to the size of selected attribute set and dummy attribute set. In this work, we improve Herranz et al.'s work, and propose a new threshold ABE scheme which does not use any dummy attribute. Our scheme not only retains the nice feature of Herranz et al.'s scheme, but also offers two improvements in comparison to the previous work. Firstly, the computational costs of encryption and decryption are only linear in the size of the selected attribute set. Secondly, without any dummy attribute, most of the computations can be conducted without the knowledge of the threshold t. Hence, threshold change in the encryption phase does not require complete reco...

show abstract

Section: Related Workmentioning

confidence: 99%

Constant-size ciphertexts in threshold attribute-based encryption without dummy attributes

Susilo

Yang

Guo

et al. 2018

Information Sciences

View full text Add to dashboard Cite

show abstract

“…The proposed scheme offloads the processing and storage intensive encryption and decryption operations on cloud without revealing any information about data contents and security keys. The problem with a ciphertext policy attribute-based encryption scheme is that the ciphertext grows linearly with an increase in number of ciphertext attributes [70]. The increase in ciphertext involves more pairing evaluation and exponential operations while decrypting the ciphertext.…”

Section: Data Security Frameworkmentioning

confidence: 99%

Towards secure mobile cloud computing: A survey

Khan

Kiah

Khan

et al. 2013

Future Generation Computer Systems

311

125

View full text Add to dashboard Cite

“…Several ABE schemes [3,7,11] with constant-size ciphertexts have been proposed. Among them, [7,11] only support limited classes of predicates that do not cover the classes supported by ZIPE or NIPE, while [3] supports a wider class of relations, non-monotone predicates, than those by ZIPE or NIPE.…”

Section: Related Workmentioning

confidence: 99%

“…Among them, [7,11] only support limited classes of predicates that do not cover the classes supported by ZIPE or NIPE, while [3] supports a wider class of relations, non-monotone predicates, than those by ZIPE or NIPE. All of these ABE schemes, however, are only selectively secure in the standard model.…”

Section: Related Workmentioning

confidence: 99%

Achieving Short Ciphertexts or Short Secret-Keys for Adaptively Secure General Inner-Product Encryption

Okamoto

Takashima

2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In this paper, we present two non-zero inner-product encryption (NIPE) schemes that are adaptively secure under a standard assumption, the decisional linear (DLIN) assumption, in the standard model. One of the proposed NIPE schemes features constant-size ciphertexts and the other features constant-size secret-keys. Our NIPE schemes imply an identity-based revocation (IBR) system with constant-size ciphertexts or constant-size secret-keys that is adaptively secure under the DLIN assumption. Any previous IBR scheme with constantsize ciphertexts or constant-size secret-keys was not adaptively secure in the standard model. This paper also presents two zero inner-product encryption (ZIPE) schemes each of which has constant-size ciphertexts or constant-size secret-keys and is adaptively secure under the DLIN assumption in the standard model. They imply an identity-based broadcast encryption (IBBE) system with constant-size ciphertexts or constant-size secret-keys that is adaptively secure under the DLIN assumption. We also extend the proposed ZIPE schemes into two directions, one is a fully-attribute-hiding ZIPE scheme with constant-size secret-keys, and the other a hierarchical ZIPE scheme with constant-size ciphertexts.

show abstract

A ciphertext-policy attribute-based encryption scheme with constant ciphertext length

Cited by 83 publications

References 28 publications

Constant-size ciphertexts in threshold attribute-based encryption without dummy attributes

Constant-size ciphertexts in threshold attribute-based encryption without dummy attributes

Towards secure mobile cloud computing: A survey

Achieving Short Ciphertexts or Short Secret-Keys for Adaptively Secure General Inner-Product Encryption

Contact Info

Product

Resources

About