Ciphertext-Policy Attribute-Based Threshold Decryption with Flexible Delegation and Revocation of User Attributes (extended version)

In Ciphertext-Policy Attribute-Based Encryption (CP-ABE), a user secret key is associated with a set of attributes, and the ciphertext is associated with an access structure or decryption policy over attributes. The user can decrypt the ciphertext if and only if the attribute set of his secret key satisfies the decryption policy specified in the ciphertext. Several CP-ABE schemes have been proposed, however, to become practical the problem of revocation and delegation should be addressed. In this paper, we propose Ciphertext-Policy Attribute-Based Threshold Decryption (CP-ABTD) which extends CP-ABE with flexible attribute delegation and instantaneous attribute revocation. CP-ABTD has three advantages over CP-ABE. First, Alice (delegator), who has a secret key associated with a set of attributes, can delegate her authorization to Bob (delegatee). Second, Alice can decide whether to allow Bob to be able to delegate her authorization further. Third, the proposed scheme achieves instantaneous attribute revocation, that is, once the attribute is revoked the user cannot use it in the decryption phase. We demonstrate how to apply the proposed CP-ABTD scheme to securely manage Personal Health Records (PHRs).

[1]  Jean-Jacques Quisquater,et al.  Efficient revocation and threshold pairing based cryptosystems , 2003, PODC '03.

[2]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[3]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[4]  Sean W. Smith,et al.  Distributing security-mediated PKI , 2004, International Journal of Information Security.

[5]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[6]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[7]  Brent Waters,et al.  Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) , 2006, CRYPTO.

[8]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[9]  Dan Boneh,et al.  A Method for Fast Revocation of Public Key Certificates and Security Capabilities , 2001, USENIX Security Symposium.

[10]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[11]  M. Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2008, Journal of Cryptology.

[12]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[13]  Ben Lynn,et al.  Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[14]  Ali Miri,et al.  Using Mediated Identity-Based Cryptography to Support Role-Based Access Control , 2004, ISC.

[15]  Jacob T. Schwartz,et al.  Fast Probabilistic Algorithms for Verification of Polynomial Identities , 1980, J. ACM.

[16]  Elaine Shi,et al.  Delegating Capabilities in Predicate Encryption Systems , 2008, ICALP.

[17]  Ali Miri,et al.  Efficient Revocation of Dynamic Security Privileges in Hierarchically Structured Communities , 2004, PST.

[18]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[19]  Brent Waters,et al.  Secure attribute-based systems , 2006, CCS '06.

[20]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[21]  Dan Boneh,et al.  Fine-grained control of security capabilities , 2004, TOIT.

[22]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[23]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.