Attributes Union in CP-ABE Algorithm for Large Universe Cryptographic Access Control

Abstract

Cloud storage is used wildly as online data storing and sharing paradigm today. And customers are willing to protect their data by cryptographic access control mechanisms. The cipher text policy attribute based encryption (CP-ABE) algorithm is a promising technique for building cryptographic access control systems. Using CP-ABE schemes, customers can share their files selectively without defining an exact list of receivers. The main disadvantage of CP-ABE based access control systems is that the CP-ABE is inefficient and its overhead grows significantly with the size of universe attributes set. Existing researches solve this problem by adopting the random oracle, which only reduce the size of public parameters or the master secret key. In this paper we introduce a novel technique named attributes union, which can integrate a certain number of attributes into an attributes union. The core of attributes union is based on an arithmetic theorem. First, each attribute in the universe attributes set will be mapped with a unique prime element. Second, we can represent users' attributes set with the multiply product of all primes corresponding to the attributes in the set. Finally, the access structure can also be represented by attributes union based on the actual situation. We present an example CP-ABE construction with the attributes union, and proof that our construction is still secure against chosen plaintext attacks under the decisional Bilinear Diffie-Hellman assumption. Using attributes union we can also modify almost all existing CP-ABE algorithms and reduce their storage and computational overhead. We compare our scheme with other similar systems in terms of the size of keys and cipher text and the computational time. The results show that our construction is more efficient thanks to attributes union.