Removing escrow from ciphertext policy attribute-based encryption

Junbeom Hur, Dongyoung Koo, Seong Oun Hwang, Kyungtae Kang

Research output: Contribution to journalArticle

13 Citations (Scopus)

Abstract

Attribute-based encryption (ABE) is a promising cryptographic primitive for fine-grained access control of distributed data. In ciphertext policy attribute-based encryption (CP-ABE), each user is associated with a set of attributes and data are encrypted with access policies on attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the access policy embedded in the ciphertext. However, key escrow is inherent in ABE systems. A curious key generation center in that construction has the power to decrypt every ciphertext. We found that most of the existing ABE schemes depending on a single key authority suffer from the key escrow problem. In this study, we propose a novel CP-ABE key issuing architecture that solves the key escrow problem. The proposed scheme separates the power of issuing user keys into two parties: the key generation center and the attribute authority. In the proposed construction, the key generation center and the attribute authority issue different parts of secret key components to users through a secure two-party computation protocol such that none of them can determine the whole set of keys of users individually. We demonstrate how the proposed key issuing protocol can be applied in the existing CP-ABE scheme and resolve the key escrow problem.

Original languageEnglish
Pages (from-to)1310-1317
Number of pages8
JournalComputers and Mathematics with Applications
Volume65
Issue number9
DOIs
Publication statusPublished - 2013 May 1
Externally publishedYes

Fingerprint

Encryption
Cryptography
Attribute
Access control
Policy
Access Control
Resolve
If and only if

Keywords

  • Access control
  • Attribute based encryption
  • Ciphertext policy
  • Privacy
  • Removing escrow

ASJC Scopus subject areas

  • Modelling and Simulation
  • Computational Theory and Mathematics
  • Computational Mathematics

Cite this

Removing escrow from ciphertext policy attribute-based encryption. / Hur, Junbeom; Koo, Dongyoung; Hwang, Seong Oun; Kang, Kyungtae.

In: Computers and Mathematics with Applications, Vol. 65, No. 9, 01.05.2013, p. 1310-1317.

Research output: Contribution to journalArticle

Hur, Junbeom ; Koo, Dongyoung ; Hwang, Seong Oun ; Kang, Kyungtae. / Removing escrow from ciphertext policy attribute-based encryption. In: Computers and Mathematics with Applications. 2013 ; Vol. 65, No. 9. pp. 1310-1317.
@article{0d6d223f35b9476ea645e7de1152240b,
title = "Removing escrow from ciphertext policy attribute-based encryption",
abstract = "Attribute-based encryption (ABE) is a promising cryptographic primitive for fine-grained access control of distributed data. In ciphertext policy attribute-based encryption (CP-ABE), each user is associated with a set of attributes and data are encrypted with access policies on attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the access policy embedded in the ciphertext. However, key escrow is inherent in ABE systems. A curious key generation center in that construction has the power to decrypt every ciphertext. We found that most of the existing ABE schemes depending on a single key authority suffer from the key escrow problem. In this study, we propose a novel CP-ABE key issuing architecture that solves the key escrow problem. The proposed scheme separates the power of issuing user keys into two parties: the key generation center and the attribute authority. In the proposed construction, the key generation center and the attribute authority issue different parts of secret key components to users through a secure two-party computation protocol such that none of them can determine the whole set of keys of users individually. We demonstrate how the proposed key issuing protocol can be applied in the existing CP-ABE scheme and resolve the key escrow problem.",
keywords = "Access control, Attribute based encryption, Ciphertext policy, Privacy, Removing escrow",
author = "Junbeom Hur and Dongyoung Koo and Hwang, {Seong Oun} and Kyungtae Kang",
year = "2013",
month = "5",
day = "1",
doi = "10.1016/j.camwa.2012.02.005",
language = "English",
volume = "65",
pages = "1310--1317",
journal = "Computers and Mathematics with Applications",
issn = "0898-1221",
publisher = "Elsevier Limited",
number = "9",

}

TY - JOUR

T1 - Removing escrow from ciphertext policy attribute-based encryption

AU - Hur, Junbeom

AU - Koo, Dongyoung

AU - Hwang, Seong Oun

AU - Kang, Kyungtae

PY - 2013/5/1

Y1 - 2013/5/1

N2 - Attribute-based encryption (ABE) is a promising cryptographic primitive for fine-grained access control of distributed data. In ciphertext policy attribute-based encryption (CP-ABE), each user is associated with a set of attributes and data are encrypted with access policies on attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the access policy embedded in the ciphertext. However, key escrow is inherent in ABE systems. A curious key generation center in that construction has the power to decrypt every ciphertext. We found that most of the existing ABE schemes depending on a single key authority suffer from the key escrow problem. In this study, we propose a novel CP-ABE key issuing architecture that solves the key escrow problem. The proposed scheme separates the power of issuing user keys into two parties: the key generation center and the attribute authority. In the proposed construction, the key generation center and the attribute authority issue different parts of secret key components to users through a secure two-party computation protocol such that none of them can determine the whole set of keys of users individually. We demonstrate how the proposed key issuing protocol can be applied in the existing CP-ABE scheme and resolve the key escrow problem.

AB - Attribute-based encryption (ABE) is a promising cryptographic primitive for fine-grained access control of distributed data. In ciphertext policy attribute-based encryption (CP-ABE), each user is associated with a set of attributes and data are encrypted with access policies on attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the access policy embedded in the ciphertext. However, key escrow is inherent in ABE systems. A curious key generation center in that construction has the power to decrypt every ciphertext. We found that most of the existing ABE schemes depending on a single key authority suffer from the key escrow problem. In this study, we propose a novel CP-ABE key issuing architecture that solves the key escrow problem. The proposed scheme separates the power of issuing user keys into two parties: the key generation center and the attribute authority. In the proposed construction, the key generation center and the attribute authority issue different parts of secret key components to users through a secure two-party computation protocol such that none of them can determine the whole set of keys of users individually. We demonstrate how the proposed key issuing protocol can be applied in the existing CP-ABE scheme and resolve the key escrow problem.

KW - Access control

KW - Attribute based encryption

KW - Ciphertext policy

KW - Privacy

KW - Removing escrow

UR - http://www.scopus.com/inward/record.url?scp=84877728131&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84877728131&partnerID=8YFLogxK

U2 - 10.1016/j.camwa.2012.02.005

DO - 10.1016/j.camwa.2012.02.005

M3 - Article

VL - 65

SP - 1310

EP - 1317

JO - Computers and Mathematics with Applications

JF - Computers and Mathematics with Applications

SN - 0898-1221

IS - 9

ER -