Attribute-Based Encryption for Range Attributes

Abstract

Attribute-Based Encryption ABE is an advanced form of public-key encryption where access control mechanisms based on attributes and policies are possible. In conventional ABE, attributes are specified as strings. However, there are certain applications where it is useful to specify attributes as numerical values and consider a predicate that determines if a certain numerical range would include a certain value. Examples of these types of attributes include time, position coordinate, person's age, rank, identity, and so on. In this paper, we introduce ABE for boolean formulae over Range Membership ABE-RM. We show generic methods to convert conventional ABE to ABE-RM. Our generic conversions are efficient as they introduce only logarithmic overheads in key and ciphertext sizes, as opposed to trivial methods, which would pose linear overheads. By applying our conversion to previous ABE schemes, we obtain new efficient and expressive ABE-RM schemes. Previous works that considered ABE with range attributes are specific and can only deal with either a single relation of range membership Paterson and Quaglia at SCN 2010, and Kasamatsu et al. at SCN 2012, or limited classes of policies, namely, only AND-gates of range attributes Shi et al. at IEEE S&P 2007, and some subsequent work. Our schemes are generic and can deal with expressive boolean formulae.