Efficient Ciphertext-policy Attribute-based Encryption Research Articles

A metaverse-oriented CP-ABE scheme with cryptographic reverse firewall

Metaverse is an immersive, hyperspace virtual reality space. Due to its characteristics of hyperspace and immersive realism, metaverse has a bright future, but ubiquitous user analysis and calculation make it difficult to achieve one-to-multiple data sharing. As an innovative encryption algorithm, ciphertext-policy attribute-based encryption (CP-ABE) can realize one-to-multiple secure file sharing through fine-grained access control. Many evidences show that attackers may add backdoors to internal devices to make encryption algorithms insecure, CP-ABE also faces the above threats. In order to deal with such attacks, researchers put forward the notion of cryptographic reverse firewall (CRF), which has the ability of resistance to insider attack. However, the existing ABE scheme supporting CRF have the problems of low efficiency and no support for malicious user tracking. To improve safety and efficiency, we constructed an efficient CP-ABE scheme supporting CRF protection which has function of outsourcing decryption, offline encryption and black-box tracking.

An efficient ciphertext-policy attribute-based encryption with attribute and user revocation scheme in cloud environment

An efficient ciphertext-policy attribute-based encryption with attribute and user revocation scheme in cloud environment

A Blockchain-Based CP-ABE Scheme with Partially Hidden Access Structures

Data sharing has become a key technology to break down data silos in the big data era. Ciphertext-policy attribute-based encryption (CP-ABE) is widely used in secure data-sharing schemes to realize flexible and fine-grained access control. However, in traditional CP-ABE schemes, the access structure is directly shared along with the ciphertext, potentially leading to users’ private information leakage. Outsourcing data to a centralized third party can easily result in privacy leakage and single-point bottlenecks, and the lack of transparency in data storage and sharing casts doubts whether users’ data are safe. To address these issues, we propose a blockchain-based CP-ABE scheme with partially hidden access structures (BCP-ABE-PHAS) to achieve fine-grained access control while ensuring user privacy. First, we propose an efficient CP-ABE scheme with partially hidden access structures, where the ciphertext size is constant. To assist data decryption, we design a garbled Bloom filter to help users quickly locate the position of wildcards in the access structure. Then, to improve storage efficiency and system scalability, we propose a data storage scheme that combines blockchain technology and the interplanetary file system, ensuring data integrity. Finally, we employ smart contracts for a transparent data storage and sharing process without third-party participation. Security analysis and performance evaluation show that the proposed BCP-ABE-PHAS scheme can preserve policy privacy with efficient storage and low computational overhead.

An Efficient Access Control Scheme With Outsourcing and Attribute Revocation for Fog-Enabled E-Health

Fog computing is increasingly popular partly due to its capability to minimize data transfer and latency requirements, for example by moving some of the computational operations away from the cloud servers and closer to the users. To achieve fine-grained access control in fog-enabled application scenarios to guarantee data security and user privacy, one could use ciphertext-policy attribute-based encryption (CP-ABE). However, the lack of an effective mechanism to carry out access right revocation in conventional CP-ABE schemes limits the deployment of such schemes in practice. Thus, we propose an efficient CP-ABE scheme with attribute revocation capability, designed to construct a fine-grained access control system in fog-enabled E-health (referred to as AC-FEH). In our AC-FEH system, fog nodes undertake data encryption and decryption operations; thus, computational costs for data owners and users are minimized. In comparison to several other competing access control schemes based on CP-ABE, our AC-FEH system reduces the computational costs associated with encryption and decryption. We also prove the selective security of the underlying CP-ABE scheme under the intractability assumption of the $q$ -parallel BDHE problem.

Efficient ciphertext-policy attribute-based encryption with blackbox traceability

Traitor tracing scheme is a paradigm to classify the users who illegal use of their decryption keys in cryptosystems. In the ciphertext-policy attribute-based cryptosystem, the decryption key usually contains the users’ attributes, while the real identities are hidden. The decryption key with hidden identities enables malicious users to intentionally leak decryption keys or embed the decryption keys in the decryption device to gain illegal profits with a little risk of being discovered. To mitigate this problem, the concept of blackbox traceability in the ciphertext-policy attribute-based scheme was proposed to identify the malicious user via observing the I/O streams of the decryption device. However, current solutions with blackbox traceability are impractical since either the composite-order group or the linear complexity of system users is required. In this article, we proposed a secure ciphertext-policy attribute-based set encryption scheme with the short decryption key. The proposed scheme bases on the prime-order group to improve computational performances and aggregates multiple attributes into a constant-size attribute set to reduce the costs of communication overheads. By applying our proposed scheme with fingerprint codes, we then give an instantiation of the ciphertext-policy attribute-based scheme with blackbox traceability. Our scheme is provably secure under various q-type assumptions.

ERAC-MAC efficient revocable access control for multi-authority cloud storage system

In the current scenario, there is an appreciable escalation in the utilisation of cloud computing by critical industrial applications due to its cost-effective storage and computing. However, due to an untrusted server in a cloud, the access control turns out to be the challenging issue to ensure the confidentiality of sensitive data. The ciphertext policy attribute-based encryption (CP-ABE) is deliberated to be an apt technique to enforce the access control for encrypted cloud outsourced data. But, due to the computation complexity of decryption, user revocation and complexity of key management for achieving granularity, prevailing CP-ABE schemes when applied directly to multi authority attribute system, incurs more computational costs in the order of NP. In this paper, an efficient CP-ABE based multi authority attribute system is put forth that supports decryption and user revocation by CSP with the advent of a blind encryption/decryption technique and a novel colouring scheme for predicting user behaviour analysis. Security and performance of ERAC-MAC was analysed and found to be much better than the other prevailing schemes. The implementation was done using the paring based cryptography library of the Stanford University in Ubuntu environment.

ERAC-MAC efficient revocable access control for multi-authority cloud storage system

In the current scenario, there is an appreciable escalation in the utilisation of cloud computing by critical industrial applications due to its cost-effective storage and computing. However, due to an untrusted server in a cloud, the access control turns out to be the challenging issue to ensure the confidentiality of sensitive data. The ciphertext policy attribute-based encryption (CP-ABE) is deliberated to be an apt technique to enforce the access control for encrypted cloud outsourced data. But, due to the computation complexity of decryption, user revocation and complexity of key management for achieving granularity, prevailing CP-ABE schemes when applied directly to multi authority attribute system, incurs more computational costs in the order of NP. In this paper, an efficient CP-ABE based multi authority attribute system is put forth that supports decryption and user revocation by CSP with the advent of a blind encryption/decryption technique and a novel colouring scheme for predicting user behaviour analysis. Security and performance of ERAC-MAC was analysed and found to be much better than the other prevailing schemes. The implementation was done using the paring based cryptography library of the Stanford University in Ubuntu environment.

A revocable storage CP-ABE scheme with constant ciphertext length in cloud storage.

The ciphertext policy attribute-based encryption (CP-ABE) is widely used in cloud storage. It not only provides a secure data sharing scheme but also has the characteristics of fine-grained access control. However, most CP-ABE schemes have problems such as the ciphertext length increases with the complexity of the access policy, the encryption scheme is complex, the computational efficiency is low, and the fine-grained revocation cannot be performed. In view of the above problems, this pa-per proposes an efficient CP-ABE scheme with fine-grained revocable storage and constant ciphertext length. The scheme combines proxy re-encryption with CP-ABE technology, adopts the flexible access strategy AND-gates on multi-valued attributes with wildcards (AND∗m ), and realizes revocable storage and fixed-length ciphertext. At the same time, in order to reduce the amount of user decryption calcu-lation, the complex operation in the decryption process is outsourced to the third-party server and the decryption result is verified to ensure the correctness of the information. Finally, the security of the scheme is proved under the decisional bilinear Diffie-Hellman (DBDH) assumption. In addition, the performance analysis shows that the scheme is efficient and feasible in cloud storage.

Attribute-based encryption resilient to continual auxiliary leakage with constant size ciphertexts

For leakage-resilient ciphertext-policy attribute-based encryption (CP-ABE) at present, the size of the ciphertexts in most of them relies on the number of attributes. How to overcome this shortcoming is a challenge problem. Based on the Goldreich-Levin theorem and dual system encryption, an efficient CP-ABE scheme with constant size ciphertexts is proposed in this paper. It can tolerate leakage on master secret key and attribute-based secret keys with auxiliary inputs. Furthermore, the proposed scheme can be realized as resilience against continual leakage if keys are periodically updated. Under some static assumptions instead of other strong assumptions, the introduced scheme achieves adaptively security in the standard model.