Skip to main content
placeholder image

Revocable attribute-based encryption with decryption key exposure resistance and ciphertext delegation

Journal Article


Abstract


  • Attribute-based encryption (ABE) enables fine-grained access control over encrypted data. A practical and popular approach for handing revocation in ABE is to use the indirect revocation mechanism, in which a key generation centre (KGC) periodically broadcasts key update information for all data users over a public channel. Unfortunately, existing RABE schemes are vulnerable to decryption key exposure attack which has been well studied in the identity-based setting. In this paper, we introduce a new notion for RABE called re-randomizable piecewise key generation by allowing a data user to re-randmomize the combined secret key and the key update to obtain the decryption key, and the secret key is unrecoverable even both the decryption key and the key update are known by the attacker. We then propose a new primitive called re-randomizable attribute-based encryption (RRABE) that can achieve both re-randomizable piecewise key generation and ciphertext delegation. We also refine the existing security model for RABE to capture decryption key exposure resistance and present a generic construction of RABE from RRABE. Finally, by applying our generic transformation, we give a concrete RABE scheme achieving decryption key exposure resistance and ciphertext delegation simultaneously.

Authors


  •   Xu, Shengmin (external author)
  •   Yang, Guomin
  •   Mu, Yi (external author)

Publication Date


  • 2019

Citation


  • Xu, S., Yang, G. & Mu, Y. (2019). Revocable attribute-based encryption with decryption key exposure resistance and ciphertext delegation. Information Sciences, 479 116-134.

Scopus Eid


  • 2-s2.0-85057792684

Number Of Pages


  • 18

Start Page


  • 116

End Page


  • 134

Volume


  • 479

Place Of Publication


  • United States

Abstract


  • Attribute-based encryption (ABE) enables fine-grained access control over encrypted data. A practical and popular approach for handing revocation in ABE is to use the indirect revocation mechanism, in which a key generation centre (KGC) periodically broadcasts key update information for all data users over a public channel. Unfortunately, existing RABE schemes are vulnerable to decryption key exposure attack which has been well studied in the identity-based setting. In this paper, we introduce a new notion for RABE called re-randomizable piecewise key generation by allowing a data user to re-randmomize the combined secret key and the key update to obtain the decryption key, and the secret key is unrecoverable even both the decryption key and the key update are known by the attacker. We then propose a new primitive called re-randomizable attribute-based encryption (RRABE) that can achieve both re-randomizable piecewise key generation and ciphertext delegation. We also refine the existing security model for RABE to capture decryption key exposure resistance and present a generic construction of RABE from RRABE. Finally, by applying our generic transformation, we give a concrete RABE scheme achieving decryption key exposure resistance and ciphertext delegation simultaneously.

Authors


  •   Xu, Shengmin (external author)
  •   Yang, Guomin
  •   Mu, Yi (external author)

Publication Date


  • 2019

Citation


  • Xu, S., Yang, G. & Mu, Y. (2019). Revocable attribute-based encryption with decryption key exposure resistance and ciphertext delegation. Information Sciences, 479 116-134.

Scopus Eid


  • 2-s2.0-85057792684

Number Of Pages


  • 18

Start Page


  • 116

End Page


  • 134

Volume


  • 479

Place Of Publication


  • United States