Paper 2008/502

Extended Access Structures and Their Cryptographic Applications

Vanesa Daza, Javier Herranz, Paz Morillo, and Carla Rafols

Abstract

In secret sharing schemes a secret is distributed among a set of users $\mathcal{P}$ in such a way that only some sets, the authorized sets, can recover it. The family $\mathrm{\Gamma }$ of authorized sets is called access structure. Given such a monotone family $\mathrm{\Gamma }\subset 2^{\text{P}}$, we introduce the concept of \emph{extended access structures}, defined over a larger set ${\text{P}}^{\prime }=\text{P}\cup \tilde{\text{P}}$, satisfying these two properties: (1) the set $\text{P}$ is a minimal subset of ${\mathrm{\Gamma }}^{\prime }$, i.e. $\text{P}-\{R_i\}\notin {\mathrm{\Gamma }}^{\prime }$ for every $R_i\in \text{P}$, (2) a subset $A\subset \text{P}$ is in $\mathrm{\Gamma }$ if and only if the subset $A\cup \tilde{\text{P}}$ is in ${\mathrm{\Gamma }}^{\prime }$. As our first contribution, we give an explicit construction of an extended access structure ${\mathrm{\Gamma }}^{\prime }$ starting from a vector space access structure $\mathrm{\Gamma }$, and we prove that ${\mathrm{\Gamma }}^{\prime }$ is also vector space. Our second contribution is to show that the concept of extended access structure can be used to design encryption schemes which involve access structures that are chosen ad-hoc at the time of encryption. Specifically, we design and analyze a dynamic distributed encryption scheme and a ciphertext-policy attribute-based encryption scheme. In some cases, the new schemes enjoy better properties than the existing ones.