Generic Construction of Outsourced Attribute-Based Encryption Without Key Escrow

Attribute-based encryption (ABE) has a broad developing prospect in fine-grained sharing of ciphertext in the background of cloud computing. However, most of ABE schemes have a potential security risk called key escrow problem because users’ secret keys are issued by a trusted attribute authority (AA). Moreover, the pairing and exponential operations are heavy for users who are resource limited. In this paper, we introduce a semi-trusted organization called ministrant attribute authority (MAA). Based on our proposed master-key and parameters (MAP) transform, we construct a key issuing protocol where AA and MAA not only cooperate with but also restrain each other skillfully to generate users’ secret keys. These keys can be utilized directly for outsourced decryption. Based on the MAP transform, the key issuing protocol and an ABE scheme, we propose a generic construction of outsourced ABE without key escrow (OABE-WoKE). We provide security definitions for three types of adversaries where AA and MAA are included, and we are the first to prove that the construction is CPA secure against any one of the three types of adversaries. Finally, we provide two instantiations of OABE-WoKE schemes. Analyzing the simulation of them, we can conclude that they are more efficient than their competitive schemes.

[1]  Sherman S. M. Chow Removing Escrow from Identity-Based Encryption , 2009, Public Key Cryptography.

[2]  Hovav Shacham,et al.  Randomizable Proofs and Delegatable Anonymous Credentials , 2009, CRYPTO.

[3]  Xiaolei Dong,et al.  Auditable $\sigma $ -Time Outsourced Attribute-Based Encryption for Access Control in Cloud Computing , 2018, IEEE Transactions on Information Forensics and Security.

[4]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[5]  R. Kalaiselvi,et al.  SCALABLE AND SECURE SHARING OF PERSONAL HEALTH RECORDS IN CLOUD COMPUTING , 2016 .

[6]  Jacob T. Schwartz,et al.  Fast Probabilistic Algorithms for Verification of Polynomial Identities , 1980, J. ACM.

[7]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[8]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[9]  Weixin Xie,et al.  Attribute-Based Data Sharing Scheme Revisited in Cloud Computing , 2016, IEEE Transactions on Information Forensics and Security.

[10]  Sherman S. M. Chow,et al.  Improving privacy and security in multi-authority attribute-based encryption , 2009, CCS.

[11]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[12]  Tsz Hon Yuen,et al.  Fully Secure Multi-authority Ciphertext-Policy Attribute-Based Encryption without Random Oracles , 2011, ESORICS.

[13]  Richard Zippel,et al.  Probabilistic algorithms for sparse polynomials , 1979, EUROSAM.

[14]  Ian Miers,et al.  Charm: a framework for rapidly prototyping cryptosystems , 2013, Journal of Cryptographic Engineering.

[15]  Matthew Green,et al.  Outsourcing the Decryption of ABE Ciphertexts , 2011, USENIX Security Symposium.

[16]  Kyungtae Kang,et al.  Removing escrow from ciphertext policy attribute-based encryption , 2013, Comput. Math. Appl..

[17]  Stefan Katzenbeisser,et al.  Distributed Attribute-Based Encryption , 2009, ICISC.

[18]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[19]  Brent Waters,et al.  Online/Offline Attribute-Based Encryption , 2014, IACR Cryptol. ePrint Arch..

[20]  Joseph K. Liu,et al.  Secure sharing of Personal Health Records in cloud computing: Ciphertext-Policy Attribute-Based Signcryption , 2015, Future Gener. Comput. Syst..

[21]  Rui Zhang,et al.  A Blockchain based Access Control System for Cloud Storage , 2019 .

[22]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[23]  Sushil Jajodia,et al.  A data outsourcing architecture combining cryptography and access control , 2007, CSAW '07.

[24]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[25]  HuangXinyi,et al.  Secure sharing of Personal Health Records in cloud computing , 2015 .

[26]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).