Paper 2017/054

Attribute-Based Encryption Implies Identity-Based Encryption

Javier Herranz

Abstract

In this short paper we formally prove that designing attribute-based encryption schemes cannot be easier than designing identity-based encryption schemes. In more detail, we show how an attribute-based encryption scheme which admits, at least, AND policies can be combined with a collision-resistant hash function to obtain an identity-based encryption scheme. Even if this result may seem natural, not surprising at all, it has not been explicitly written anywhere, as far as we know. Furthermore, it may be an unknown result for some people: Odelu et al. \cite{OdKu16,J+17} have proposed both an attribute-based encryption scheme in the Discrete Logarithm setting, without bilinear pairings, and an attribute-based encryption scheme in the RSA setting, both admitting AND policies. If these schemes were secure, then by using the implication that we prove in this paper, we would obtain secure identity-based encryption schemes in both the RSA and the Discrete Logarithm settings, without bilinear pairings, which would be a breakthrough in the area. Unfortunately, we present here complete attacks of the two schemes proposed by Odelu et al. in \cite{OdKu16,J+17}.

Note: I found another paper by Odelu, Kas et al., recently accepted for publication in another journal (also with publication funded by authors), proposing a (surprising) RSA-based ABE scheme. New section 5 contains an explicit attack against this new scheme.