Cryptology ePrint Archive: Report 2015/213

Attribute-Based Versions of Schnorr and ElGamal

Javier Herranz

Abstract: We design in this paper the first attribute-based cryptosystems that work in the classical Discrete Logarithm, pairing-free, setting. The attribute-based signature scheme can be seen as an extension of Schnorr signatures, with adaptive security relying on the Discrete Logarithm Assumption, in the random oracle model. The attribute-based encryption schemes can be seen as extensions of ElGamal cryptosystem, with adaptive security relying on the Decisional Diffie-Hellman Assumption, in the standard model.

The proposed schemes are secure only in a bounded model: the systems admit $L$ secret keys, at most, for a bound $L$ that must be fixed in the setup of the systems. The efficiency of the cryptosystems, later, depends on this bound $L$. Although this is an important drawback that can limit the applicability of the proposed schemes in some real-life applications, it turns out that the bounded security of our key-policy attribute-based encryption scheme (in particular, with $L=1$) is enough to implement the generic transformation of Parno, Raykova and Vaikuntanathan at TCC'2012. As a direct result, we obtain a protocol for the verifiable delegation of computation of boolean functions, which does not employ pairings or lattices, and whose adaptive security relies on the Decisional Diffie-Hellman Assumption.

Category / Keywords: cryptographic protocols / attribute-based cryptography, Discrete Logarithm setting, verifiable computation

Original Publication (with minor differences): Applicable Algebra in Engineering, Communication and Computing, 27(1), pp. 17-57, 2016
DOI:
10.1007/s00200-015-0270-7

Date: received 6 Mar 2015, last revised 11 Jan 2016

Contact author: jherranz at ma4 upc edu

Available format(s): PDF | BibTeX Citation

Version: 20160111:144509 (All versions of this report)

Short URL: ia.cr/2015/213

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]