dc.contributor.author |
Attrapadung, Nuttapong |
dc.contributor.author |
Herranz, Javier |
dc.contributor.author |
Laguillaumie, Fabien |
dc.contributor.author |
Libert, Benoît |
dc.contributor.author |
De Panafieu, Elie |
dc.contributor.author |
Ràfols, Carla |
dc.date |
2012 |
dc.identifier.citation |
Attrapadung N, Herranz J, Laguillaumie F, Libert B, E de Panafieu, Ràfols C. Attribute-based encryption schemes with constant-size ciphertexts. Theoretical Computer Science. 2012 Mar 9;422:15-38. DOI: 10.1016/j.tcs.2011.12.004 |
dc.identifier.citation |
0304-3975 |
dc.identifier.citation |
https://dx.doi.org/10.1016/j.tcs.2011.12.004 |
dc.identifier.uri |
http://hdl.handle.net/10230/42258 |
dc.format |
application/pdf |
dc.language.iso |
eng |
dc.publisher |
Elsevier |
dc.relation |
Theoretical Computer Science. 2012 Mar 9;422:15-38. |
dc.rights |
info:eu-repo/semantics/openAccess |
dc.rights |
© Elsevier This is the published version of an article http://dx.doi.org/10.1016/j.tcs.2011.12.004 that appeared in the journal Theoretical Computer Science. It is published in an Open Archive under an Elsevier user license. Details of this licence are available here: https://www.elsevier.com/about/our-business/policies/open-access-licenses/elsevier-user-license |
dc.subject |
Public-key cryptography |
dc.subject |
Provable security |
dc.subject |
Attribute-based encryption |
dc.subject |
Access control |
dc.subject |
Expressivity, efficiency |
dc.title |
Attribute-based encryption schemes with constant-size ciphertexts |
dc.type |
info:eu-repo/semantics/article |
dc.type |
info:eu-repo/semantics/acceptedVersion |
dc.description.abstract |
Attribute-based encryption (ABE), as introduced by Sahai and Waters, allows for fine-
grained access control on encrypted data. In its key-policy flavor (the dual ciphertext-policy scenario
proceeds the other way around), the primitive enables senders to encrypt messages under a set of
attributes and private keys are associated with access structures that specify which ciphertexts the key
holder will be allowed to decrypt. In most ABE systems, the ciphertext size grows linearly with the
number of ciphertext attributes and the only known exception only supports restricted forms of access
policies. This paper proposes the first attribute-based encryption (ABE) schemes allowing for truly
expressive access structures and with constant ciphertext size. Our first result is a ciphertext-policy
attribute-based encryption (CP-ABE) scheme with O(1)-size ciphertexts for threshold access policies
and where private keys remain as short as in previous systems. As a second result, we show that a certain
class of identity-based broadcast encryption schemes generically yields monotonic key-policy attribute-
based encryption (KP-ABE) systems in the selective set model. Our final contribution is a KP-ABE
realization supporting non-monotonic access structures (i.e., that may contain negated attributes) with
short ciphertexts. As an intermediate step towards this result, we describe a new efficient identity-based
revocation mechanism that, when combined with a particular instantiation of our general monotonic
construction, gives rise to the most expressive KP-ABE realization with constant-size ciphertexts. The
downside of our second and third constructions is that private keys have quadratic size in the number
of attributes. On the other hand, they reduce the number of pairing evaluations to a constant, which
appears to be a unique feature among expressive KP-ABE schemes. |