Expressive Black-box Traceable Ciphertext-Policy Attribute-Based Encryption

In a Ciphertext-Policy Attribute-Based Encryption (CP-ABE) system, decryption privileges are defined over attributes that could be shared by multiple users. If some of the users leak their decryption privileges to the public or to some third party, say for profit gain, a conventional CP-ABE has no tracing mechanism for finding these malicious users out. There are two levels of traceability for tackling this problem: (1) given a well-formed decryption key, a White-Box tracing algorithm can find out the original key owner; and (2) given a decryption-device while the underlying decryption algorithm or key may not be given, a Black-Box tracing algorithm, which treats the decryption-device as an oracle, can find out at least one of the malicious users whose keys have been used for constructing the decryption-device. In this paper we propose the first Expressive Black-box Traceable CP-ABE system which has two main merits: (1) it supports fully collusion-resistant black-box traceability, that is, an adversary is allowed to access an arbitrary number of keys of its own choice when building the decryption-device, and (2) it is highly expressive, that is, the system supports policies expressed in any monotonic access structures. In addition, the traceability of this new system is public, that no secret input is required and no authority needs to be called in, instead, anyone can run the tracing algorithm. We show that the system is secure against adaptive adversaries in the standard model, and is efficient, that when compared with the expressive (non-traceable) CP-ABE due to Lewko et al. in Eurocrypt 2010, our new system adds fully collusion-resistant black-box traceability with the price of adding only O( √ K) elements into the ciphertext and public key, rather than increasing the sizes linearly with K, which is the number of users in the system.

[1]  Jin Li,et al.  A2BE: Accountable Attribute-Based Encryption for Abuse Free Access Control , 2009, IACR Cryptol. ePrint Arch..

[2]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[3]  Moni Naor,et al.  Efficient trace and revoke schemes , 2000, International Journal of Information Security.

[4]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[5]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[6]  Allison Bishop,et al.  New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques , 2012, CRYPTO.

[7]  Amos Fiat,et al.  Tracing Traitors , 1994, CRYPTO.

[8]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[9]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[10]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[11]  Jonathan Katz,et al.  Tracing Insider Attacks in the Context of Predicate Encryption Schemes , 2011 .

[12]  Javier Herranz,et al.  Constant Size Ciphertexts in Threshold Attribute-Based Encryption , 2010, Public Key Cryptography.

[13]  Brent Waters,et al.  A fully collusion resistant broadcast, trace, and revoke system , 2006, CCS '06.

[14]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[15]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[16]  Reihaneh Safavi-Naini,et al.  Attribute-Based Encryption with Key Cloning Protection , 2008, IACR Cryptol. ePrint Arch..

[17]  Jonathan Katz,et al.  Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products , 2008, Journal of Cryptology.

[18]  Brent Waters,et al.  Fully Collusion Resistant Traitor Tracing with Short Ciphertexts and Private Keys , 2006, EUROCRYPT.

[19]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[20]  Zhen Liu,et al.  White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Any Monotone Access Structures , 2013, IEEE Transactions on Information Forensics and Security.

[21]  Jian-Hong Chen,et al.  Attribute-Based Traitor Tracing , 2011, J. Inf. Sci. Eng..

[22]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[23]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[24]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[25]  Jin Li,et al.  Defending against Key Abuse Attacks in KP-ABE Enabled Broadcast Systems , 2009, SecureComm.

[26]  Brent Waters,et al.  Building efficient fully collusion-resilient traitor tracing and revocation schemes , 2010, CCS '10.

[27]  Amit Sahai,et al.  Bounded Ciphertext Policy Attribute Based Encryption , 2008, ICALP.

[28]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[29]  Allison Lewko,et al.  Tools for simulating features of composite order bilinear groups in the prime order setting , 2012 .

[30]  Dongqing Xie,et al.  Multi-authority ciphertext-policy attribute-based encryption with accountability , 2011, ASIACCS '11.

[31]  Tatsuaki Okamoto,et al.  Fully Secure Functional Encryption with General Relations from the Decisional Linear Assumption , 2010, IACR Cryptol. ePrint Arch..

[32]  Nuttapong Attrapadung,et al.  Expressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts , 2011, Public Key Cryptography.

[33]  P. MuraliKrishna,et al.  SECURE SCHEMES FOR SECRET SHARING AND KEY DISTRIBUTION USING PELL'S EQUATION , 2013 .

[34]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.