Paper 2014/616

Practical Attribute-Based Encryption: Traitor Tracing, Revocation, and Large Universe

Zhen Liu and Duncan S. Wong

Abstract

In Ciphertext-Policy Attribute-Based Encryption (CP-ABE), a user's decryption key is associated with attributes which in general are not related to the user's identity, and the same set of attributes could be shared between multiple users. From the decryption key, if the user created a decryption blackbox for sale, this malicious user could be difficult to identify from the blackbox. Hence in practice, a useful CP-ABE scheme should have some tracing mechanism to identify this `traitor' from the blackbox. In addition, being able to revoke compromised keys is also an important step towards practicality, and for scalability, the scheme should support an exponentially large number of attributes. However, none of the existing traceable CP-ABE schemes simultaneously supports revocation and large attribute universe. In this paper, we construct the first practical CP-ABE which possesses these three important properties: (1) blackbox traceability, (2) revocation, and (3) supporting large universe. This new scheme achieves the fully collusion-resistant blackbox traceability, and when compared with the latest fully collusion-resistant blackbox traceable CP-ABE schemes, this new scheme achieves the same efficiency level, enjoying the sub-linear overhead of $O(\sqrt{N})$, where $N$ is the number of users in the system, and attains the same security level, namely, the fully collusion-resistant traceability against policy-specific decryption blackbox, which is proven in the standard model with selective adversaries. The scheme supports large attribute universe, and attributes do not need to be pre-specified during the system setup. In addition, the scheme supports revocation while keeping the appealing capability of conventional CP-ABE, i.e. it is highly expressive and can take any monotonic access structures as ciphertext policies. We also present the analogous results in the Key-Policy Attribute-Based Encryption (KP-ABE) setting, where users' description keys are described by access policies and ciphertexts are associated with attributes. We construct the first practical KP-ABE which possesses the three important properties: (1) blackbox traceability, (2) revocation, and (3) supporting large universe. The scheme is highly expressive and can take any monotonic access structures as key policies, and is efficient, namely, enjoys the sub-linear overhead of $O(\sqrt{N})$ while supporting fully collusion-resistant blackbox traceability and revocation, and does not need to pre-specify the attributes during the system setup. The scheme is proven selectively secure in the standard model.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. MAJOR revision.ACNS 2015. This is a full and extended version.
Keywords
Attribute-Based EncryptionTraitor TracingRevocationLarge Attribute Universe
Contact author(s)
liuzhen sjtu @ gmail com
duncan @ cityu edu hk
History
2015-05-15: last of 3 revisions
2014-08-13: received
See all versions
Short URL
https://ia.cr/2014/616
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/616,
      author = {Zhen Liu and Duncan S.  Wong},
      title = {Practical Attribute-Based Encryption: Traitor Tracing, Revocation, and Large Universe},
      howpublished = {Cryptology ePrint Archive, Paper 2014/616},
      year = {2014},
      note = {\url{https://eprint.iacr.org/2014/616}},
      url = {https://eprint.iacr.org/2014/616}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.