Gradual identity exposure using attribute-based encryption

Many ciphertext policy attribute-based encryption (CP-ABE) schemes do not protect receivers’ privacy, since all the attributes to describe the eligible receivers are transmitted in plaintexts. Hidden policy-based ABE schemes have been proposed to protect receivers’ privacy. However, hidden policy-based constructions require every user to ‘try’ decrypting all received cipher messages, which incurs great computation and communication overhead. To address this issue, in this paper, we propose a new concept – gradual identity exposure (GIE) – to protect data receivers’ identity. Our main idea is to reveal the receivers’ identities (i.e., the access policy) gradually in the process of decryption, where the required attributes are exposed one-by-one. If the receiver does not possess one attribute in the decryption procedure, the rest of attributes remain hidden. Compared to hidden-policy-based solutions, GIE supports more flexible access policy and, more importantly, provides significant performance improvement...