Attacking Pairing-Free Attribute-Based Encryption Schemes

Combining several results that have been published in the last years, it is known that it is impossible to design simple and secure attribute-based encryption schemes that work in (classical) settings like the RSA or the pairing-free discrete logarithm ones. The purpose of this article is to broadcast this message through a wide (maybe non-cryptographic) audience, specially now that attribute-based encryption is considered as a useful tool to secure real systems like the Internet of Things. Today, only attribute-based encryption schemes that employ tools like bilinear pairings or lattices can provide some real (and provable) level of security. As an example of the fact that this message is still unknown for many people, we revisit a (maybe non exhaustive) list of articles proposing such insecure attribute-based encryption schemes: we recall which of these schemes have already been attacked and we describe attacks for the other ones.

[1]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[2]  Periklis A. Papakonstantinou,et al.  On the Impossibility of Basing Identity Based Encryption on Trapdoor Permutations , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[3]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[4]  Periklis A. Papakonstantinou,et al.  How powerful are the DDH hard groups? , 2012, Electron. Colloquium Comput. Complex..

[5]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[6]  Alwyn Roshan Pais,et al.  Expressive CP-ABE Scheme Satisfying Constant-Size Keys and Ciphertexts , 2019, IACR Cryptol. ePrint Arch..

[7]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[8]  Arkady Yerukhimovich,et al.  Bounded-Collusion Attribute-Based Encryption from Minimal Assumptions , 2017, Public Key Cryptography.

[9]  Ruhul Amin,et al.  Provably Secure Threshold-Based ABE Scheme Without Bilinear Map , 2016 .

[10]  Vanga Odelu,et al.  Design of a new CP-ABE with constant-size secret keys for lightweight devices using elliptic curve cryptography , 2016, Secur. Commun. Networks.

[11]  Kim-Kwang Raymond Choo,et al.  Expressive CP-ABE Scheme for Mobile Devices in IoT Satisfying Constant-Size Keys and Ciphertexts , 2017, IEEE Access.

[12]  Nico Döttling,et al.  Identity-Based Encryption from the Diffie-Hellman Assumption , 2017, CRYPTO.

[13]  Zhi Chen,et al.  A lightweight attribute-based encryption scheme for the Internet of Things , 2015, Future Gener. Comput. Syst..

[14]  Javier Herranz Attribute-based versions of Schnorr and ElGamal , 2015, Applicable Algebra in Engineering, Communication and Computing.

[15]  Javier Herranz Attribute-based encryption implies identity-based encryption , 2017, IET Inf. Secur..

[16]  Stefano Tessaro,et al.  Bounded-Collusion Identity-Based Encryption from Semantically-Secure Public-Key Encryption: Generic Constructions with Short Ciphertexts , 2014, Public Key Cryptography.

[17]  Seong Oun Hwang,et al.  Enhancement of a Lightweight Attribute-Based Encryption Scheme for the Internet of Things , 2019, IEEE Internet of Things Journal.

[18]  Mohammad S. Obaidat,et al.  An Efficient Elliptic Curve Cryptography-Based Without Pairing KPABE for Internet of Things , 2020, IEEE Systems Journal.

[19]  Chen Li,et al.  A Novel Efficient Pairing-Free CP-ABE Based on Elliptic Curve Cryptography for IoT , 2018, IEEE Access.