Server-aided revocable attribute-based encryption resilient to decryption key exposure

Baodong Qin; Qinglan Zhao; Dong Zheng; Hui Cui

doi:10.1007/978-3-030-02641-7_25

Server-aided revocable attribute-based encryption resilient to decryption key exposure

Baodong Qin, Qinglan Zhao, Dong Zheng, Hui Cui

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

19 Citations (Scopus)

Abstract

Attribute-based encryption (ABE) is a promising approach that enables scalable access control on encrypted data. However, one of the main efficiency drawbacks of ABE is the lack of practical user revocation mechanisms. In CCS 2008, Boldyreva, Goyal and Kumar put forward an efficient way to revoke users. But, it requires each data user storing a (non-constant) number of long-term private keys and periodically communicating with the key generation center to update his/her decryption keys. In ESORICS 2016, Cui et al. proposed the first server-aided revocable ABE scheme to address the above two issues. It involves an untrusted server to transform any non-revoked user’s ABE ciphertexts into short ciphertexts using user’s short-term transformation keys. The data user can fully decrypt the transformed ciphertexts using his/her local decryption keys. Cui et al. also introduced the decryption key exposure (DKE) attacks on transformation keys. However, if the untrusted server colludes with an adversary, the scheme may be insecure against DKE attacks on user’s local decryption keys. In this paper, we first revisit Cui et al. security model, and enhance it by capturing the DKE attacks on user’s local decryption keys and allowing the adversary to fully corrupt the server simultaneously. We then construct a server-aided revocable ABE based on Rouselakis-Waters ciphertext-policy ABE (CCS 2013). We show that our scheme is secure against local decryption key exposure attacks, and maintains the outstanding properties of efficient user revocation, short local ciphertext size and fast local decryption.

Original language	English
Title of host publication	Cryptology and Network Security - 16th International Conference, CANS 2017 Hong Kong, China, November 30 – December 2, 2017 Revised Selected Papers
Editors	Srdjan Capkun, Sherman S.M. Chow
Place of Publication	Cham Switzerland
Publisher	Springer
Pages	504-514
Number of pages	11
ISBN (Electronic)	9783030026417
ISBN (Print)	9783030026400
DOIs	https://doi.org/10.1007/978-3-030-02641-7_25
Publication status	Published - 2018
Externally published	Yes
Event	International Conference on Cryptology and Network Security 2017 - Hong Kong, China Duration: 30 Nov 2017 → 2 Dec 2017 Conference number: 16th https://link.springer.com/book/10.1007/978-3-030-02641-7 (Proceedings) https://crypto.ie.cuhk.edu.hk/cans17/ (Website)

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	11261
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	International Conference on Cryptology and Network Security 2017
Abbreviated title	CANS 2017
Country/Territory	China
City	Hong Kong
Period	30/11/17 → 2/12/17
Internet address	https://link.springer.com/book/10.1007/978-3-030-02641-7 (Proceedings) https://crypto.ie.cuhk.edu.hk/cans17/ (Website)

Keywords

Attribute-based encryption
Decryption key exposure
Revocation
Server-aided

Access to Document

10.1007/978-3-030-02641-7_25

Cite this

Qin, B., Zhao, Q., Zheng, D., & Cui, H. (2018). Server-aided revocable attribute-based encryption resilient to decryption key exposure. In S. Capkun, & S. S. M. Chow (Eds.), Cryptology and Network Security - 16th International Conference, CANS 2017 Hong Kong, China, November 30 – December 2, 2017 Revised Selected Papers (pp. 504-514). (Lecture Notes in Computer Science; Vol. 11261). Springer. https://doi.org/10.1007/978-3-030-02641-7_25

Qin, Baodong ; Zhao, Qinglan ; Zheng, Dong et al. / Server-aided revocable attribute-based encryption resilient to decryption key exposure. Cryptology and Network Security - 16th International Conference, CANS 2017 Hong Kong, China, November 30 – December 2, 2017 Revised Selected Papers. editor / Srdjan Capkun ; Sherman S.M. Chow. Cham Switzerland : Springer, 2018. pp. 504-514 (Lecture Notes in Computer Science).

@inproceedings{0cd986986818424fbc0743668c93b819,

title = "Server-aided revocable attribute-based encryption resilient to decryption key exposure",

abstract = "Attribute-based encryption (ABE) is a promising approach that enables scalable access control on encrypted data. However, one of the main efficiency drawbacks of ABE is the lack of practical user revocation mechanisms. In CCS 2008, Boldyreva, Goyal and Kumar put forward an efficient way to revoke users. But, it requires each data user storing a (non-constant) number of long-term private keys and periodically communicating with the key generation center to update his/her decryption keys. In ESORICS 2016, Cui et al. proposed the first server-aided revocable ABE scheme to address the above two issues. It involves an untrusted server to transform any non-revoked user{\textquoteright}s ABE ciphertexts into short ciphertexts using user{\textquoteright}s short-term transformation keys. The data user can fully decrypt the transformed ciphertexts using his/her local decryption keys. Cui et al. also introduced the decryption key exposure (DKE) attacks on transformation keys. However, if the untrusted server colludes with an adversary, the scheme may be insecure against DKE attacks on user{\textquoteright}s local decryption keys. In this paper, we first revisit Cui et al. security model, and enhance it by capturing the DKE attacks on user{\textquoteright}s local decryption keys and allowing the adversary to fully corrupt the server simultaneously. We then construct a server-aided revocable ABE based on Rouselakis-Waters ciphertext-policy ABE (CCS 2013). We show that our scheme is secure against local decryption key exposure attacks, and maintains the outstanding properties of efficient user revocation, short local ciphertext size and fast local decryption.",

keywords = "Attribute-based encryption, Decryption key exposure, Revocation, Server-aided",

author = "Baodong Qin and Qinglan Zhao and Dong Zheng and Hui Cui",

note = "Funding Information: Acknowledgments. This work was supported by the National Natural Science Foundation of China (Grant No. 61502400 and Grant No. 61602378), and the Science Foundation of Sichuan Educational Committee (Grant No. 16ZB0140). Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2018.; International Conference on Cryptology and Network Security 2017, CANS 2017 ; Conference date: 30-11-2017 Through 02-12-2017",

year = "2018",

doi = "10.1007/978-3-030-02641-7_25",

language = "English",

isbn = "9783030026400",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "504--514",

editor = "Srdjan Capkun and Chow, {Sherman S.M.}",

booktitle = "Cryptology and Network Security - 16th International Conference, CANS 2017 Hong Kong, China, November 30 – December 2, 2017 Revised Selected Papers",

address = "Switzerland",

url = "https://link.springer.com/book/10.1007/978-3-030-02641-7, https://crypto.ie.cuhk.edu.hk/cans17/",

}

Qin, B, Zhao, Q, Zheng, D & Cui, H 2018, Server-aided revocable attribute-based encryption resilient to decryption key exposure. in S Capkun & SSM Chow (eds), Cryptology and Network Security - 16th International Conference, CANS 2017 Hong Kong, China, November 30 – December 2, 2017 Revised Selected Papers. Lecture Notes in Computer Science, vol. 11261, Springer, Cham Switzerland, pp. 504-514, International Conference on Cryptology and Network Security 2017, Hong Kong, China, 30/11/17. https://doi.org/10.1007/978-3-030-02641-7_25

Server-aided revocable attribute-based encryption resilient to decryption key exposure. / Qin, Baodong; Zhao, Qinglan; Zheng, Dong et al.
Cryptology and Network Security - 16th International Conference, CANS 2017 Hong Kong, China, November 30 – December 2, 2017 Revised Selected Papers. ed. / Srdjan Capkun; Sherman S.M. Chow. Cham Switzerland: Springer, 2018. p. 504-514 (Lecture Notes in Computer Science; Vol. 11261).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - Server-aided revocable attribute-based encryption resilient to decryption key exposure

AU - Qin, Baodong

AU - Zhao, Qinglan

AU - Zheng, Dong

AU - Cui, Hui

N1 - Conference code: 16th

PY - 2018

Y1 - 2018

N2 - Attribute-based encryption (ABE) is a promising approach that enables scalable access control on encrypted data. However, one of the main efficiency drawbacks of ABE is the lack of practical user revocation mechanisms. In CCS 2008, Boldyreva, Goyal and Kumar put forward an efficient way to revoke users. But, it requires each data user storing a (non-constant) number of long-term private keys and periodically communicating with the key generation center to update his/her decryption keys. In ESORICS 2016, Cui et al. proposed the first server-aided revocable ABE scheme to address the above two issues. It involves an untrusted server to transform any non-revoked user’s ABE ciphertexts into short ciphertexts using user’s short-term transformation keys. The data user can fully decrypt the transformed ciphertexts using his/her local decryption keys. Cui et al. also introduced the decryption key exposure (DKE) attacks on transformation keys. However, if the untrusted server colludes with an adversary, the scheme may be insecure against DKE attacks on user’s local decryption keys. In this paper, we first revisit Cui et al. security model, and enhance it by capturing the DKE attacks on user’s local decryption keys and allowing the adversary to fully corrupt the server simultaneously. We then construct a server-aided revocable ABE based on Rouselakis-Waters ciphertext-policy ABE (CCS 2013). We show that our scheme is secure against local decryption key exposure attacks, and maintains the outstanding properties of efficient user revocation, short local ciphertext size and fast local decryption.

AB - Attribute-based encryption (ABE) is a promising approach that enables scalable access control on encrypted data. However, one of the main efficiency drawbacks of ABE is the lack of practical user revocation mechanisms. In CCS 2008, Boldyreva, Goyal and Kumar put forward an efficient way to revoke users. But, it requires each data user storing a (non-constant) number of long-term private keys and periodically communicating with the key generation center to update his/her decryption keys. In ESORICS 2016, Cui et al. proposed the first server-aided revocable ABE scheme to address the above two issues. It involves an untrusted server to transform any non-revoked user’s ABE ciphertexts into short ciphertexts using user’s short-term transformation keys. The data user can fully decrypt the transformed ciphertexts using his/her local decryption keys. Cui et al. also introduced the decryption key exposure (DKE) attacks on transformation keys. However, if the untrusted server colludes with an adversary, the scheme may be insecure against DKE attacks on user’s local decryption keys. In this paper, we first revisit Cui et al. security model, and enhance it by capturing the DKE attacks on user’s local decryption keys and allowing the adversary to fully corrupt the server simultaneously. We then construct a server-aided revocable ABE based on Rouselakis-Waters ciphertext-policy ABE (CCS 2013). We show that our scheme is secure against local decryption key exposure attacks, and maintains the outstanding properties of efficient user revocation, short local ciphertext size and fast local decryption.

KW - Attribute-based encryption

KW - Decryption key exposure

KW - Revocation

KW - Server-aided

UR - http://www.scopus.com/inward/record.url?scp=85057122550&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-02641-7_25

DO - 10.1007/978-3-030-02641-7_25

M3 - Conference Paper

AN - SCOPUS:85057122550

SN - 9783030026400

T3 - Lecture Notes in Computer Science

SP - 504

EP - 514

BT - Cryptology and Network Security - 16th International Conference, CANS 2017 Hong Kong, China, November 30 – December 2, 2017 Revised Selected Papers

A2 - Capkun, Srdjan

A2 - Chow, Sherman S.M.

PB - Springer

CY - Cham Switzerland

T2 - International Conference on Cryptology and Network Security 2017

Y2 - 30 November 2017 through 2 December 2017

ER -

Qin B, Zhao Q, Zheng D, Cui H. Server-aided revocable attribute-based encryption resilient to decryption key exposure. In Capkun S, Chow SSM, editors, Cryptology and Network Security - 16th International Conference, CANS 2017 Hong Kong, China, November 30 – December 2, 2017 Revised Selected Papers. Cham Switzerland: Springer. 2018. p. 504-514. (Lecture Notes in Computer Science). doi: 10.1007/978-3-030-02641-7_25

Server-aided revocable attribute-based encryption resilient to decryption key exposure

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Cite this