Key regeneration-free ciphertext-policy attribute-based encryption and its application

Attribute-based encryption (ABE) provides a promising solution for enabling scalable access control over encrypted data stored in the untrusted servers (e.g., cloud) due to its ability to perform data encryption and decryption defined over descriptive attributes. In order to bind different components which correspond to different attributes in a user's attribute-based decryption key together, key randomization technique has been applied in most existing ABE schemes. This randomization method, however, also empowers a user the capability of regenerating a newly randomized decryption key over a subset of the attributes associated with the original decryption key. Because key randomization breaks the linkage between this newly generated key and the original key, a malicious user could leak the new decryption key to others without taking any responsibility for the key abuse. To solve this problem, we think of key regeneration-free ABE to disallow a user from randomizing his/her decryption key in any manner, i.e., a user can only delegate his/her decryption key in exactly the same form without any modification so that any abused or pirated key can be traced back to its original owner. Motivated by strongly unforgeable signature, we first define a security notion called strong key unforgeability, and show that ABE schemes equipped with the strong key unforgeability are immune to key regeneration. We then provide a generic transformation to convert ciphertext-policy ABE (CP-ABE) schemes of certain type to key regeneration-free CP-ABE schemes, and show how the transformation works by presenting two concrete constructions.