Disabling Tracing in Black-Box-Traceable CP-ABE System: Alert Decryption Black Box

Abstract

In application scenarios such as cloud storage, a symmetric algorithm can be used to encrypt massive data. However, using the symmetric operation and keys in encryption and decryption, it is very difficult to realize an efficient access control system. The asymmetric encryption algorithm ciphertext-policy attribute-based encryption (CP-ABE), as a versatile one-to-many encryption algorithm, is considered an ideal access control tool to solve the user’s distrust of the service provider of cloud storage. However, in a traditional CP-ABE system, the malicious users may deliberately leak their attribute keys to others or build a decryption black box (DB) to provide illegal decryption services for benefits, while no one can determine their identities. To deal with the problems, especially the problem of tracing the DB builder, CP-ABE schemes with black-box traceability have been proposed in the past few years. But in this paper, we point out that for now, the tracing algorithms in all existing schemes actually work on an impractical assumption. That is, whenever a DB receives a decryption request, it always performs the decryption algorithm honestlycorrectly. We argue that if a DB finds the decryption request comes from the tracing algorithm, it may intentionally output incorrect decryption results to counter the tracing. Thus, we present the structural defect of the tracing algorithm applied to all known traceable CP-ABE schemes. We describe the construction of an alert decryption black box (ADB) that is capable of distinguishing a tracing ciphertext from a normal one. We also show how an ADB frustrates the tracing algorithm, and furthermore, malicious users can even apply an ADB to frame innocent users.