Abstract
A key-aggregate cryptosystem (KAC) is the dual of the well-known notion of broadcast encryption (BE). In KAC, each plaintext message is encrypted with respect to some identity, and a single aggregate key can be generated for any arbitrary subset \begin{document}$ \mathcal{S} $\end{document} of identities, such that any ciphertext designated for any identity in \begin{document}$ \mathcal{S} $\end{document} can be decrypted using this aggregate key. A KAC scheme is said to be efficient if all public parameters, ciphertexts and aggregate keys have polynomial overhead, and can be generated using poly-time algorithms. A KAC scheme is said to be identity-based if remains efficient even when the number of unique identities supported by the system is exponential in the security parameter \begin{document}$ \lambda $\end{document} . Unfortunately, existing KAC constructions do not satisfy this property. In particular, adopting these constructions to the identity-based setting leads to public parameters with exponential overhead. In this paper, we propose new identity-based KAC constructions using multilinear maps that are secure in the generic multilinear map model, and are fully collusion resistant against any number of colluding parties. Our first construction is based on asymmetric multilinear maps, with a poly-logarithmic overhead for the public parameters, and a constant overhead for the ciphertexts and aggregate keys. Our second construction is based on the more generalized symmetric multilinear maps, and offers tighter security bounds in the generic multilinear map model. This construction has a poly-logarithmic overhead for the public parameters and the ciphertexts, while the overhead for the aggregate keys is still constant.
Highlights
The recent advent of cloud computing has led to unforeseen amounts of data being shared online with wide-ranging applications
We demonstrate how each of the three key-aggregate cryptosystem (KAC) constructons may be efficiently combined with broadcast encryption schemes [BGW05,BWZ14a] so that the aggregate keys may be securely broadcast to the target subset of data users without the need for secure channels
We presented the first identity-based key-aggregate cryptosystem (KAC) for access delegation to arbitrarily large subsets of data classes shared online, among any number of authorized data users
Summary
The recent advent of cloud computing has led to unforeseen amounts of data being shared online with wide-ranging applications. In KAC, a single aggregate key is distributed among multiple users and may be used to decrypt ciphertexts encrypted with respect to different classes. The security framework for KAC constructions as well as the notions for collusion resistance, anticipated in [CCT+14] and introduced concretely [PSM15], are very different from that for the broadcast encryption techniques [BGW05,BWZ14a]. This motivates the dedicated study of KAC constructions separately from broadcast encryption. Since KAC has only recently been introduced, there exist only a handful of constructions that achieve full collusion resistance while maintaining low ciphertext and aggregate key overhead. For a system with M data owners and M data users, these schemes require O(M M ) secure channels for distribution of the aggregate keys
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
