Paper 2015/213

Attribute-Based Versions of Schnorr and ElGamal

Javier Herranz


We design in this paper the first attribute-based cryptosystems that work in the classical Discrete Logarithm, pairing-free, setting. The attribute-based signature scheme can be seen as an extension of Schnorr signatures, with adaptive security relying on the Discrete Logarithm Assumption, in the random oracle model. The attribute-based encryption schemes can be seen as extensions of ElGamal cryptosystem, with adaptive security relying on the Decisional Diffie-Hellman Assumption, in the standard model. The proposed schemes are secure only in a bounded model: the systems admit $L$ secret keys, at most, for a bound $L$ that must be fixed in the setup of the systems. The efficiency of the cryptosystems, later, depends on this bound $L$. Although this is an important drawback that can limit the applicability of the proposed schemes in some real-life applications, it turns out that the bounded security of our key-policy attribute-based encryption scheme (in particular, with $L=1$) is enough to implement the generic transformation of Parno, Raykova and Vaikuntanathan at TCC'2012. As a direct result, we obtain a protocol for the verifiable delegation of computation of boolean functions, which does not employ pairings or lattices, and whose adaptive security relies on the Decisional Diffie-Hellman Assumption.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. Applicable Algebra in Engineering, Communication and Computing, 27(1), pp. 17-57, 2016
attribute-based cryptographyDiscrete Logarithm settingverifiable computation
Contact author(s)
jherranz @ ma4 upc edu
2016-01-11: revised
2015-03-06: received
See all versions
Short URL
Creative Commons Attribution


      author = {Javier Herranz},
      title = {Attribute-Based Versions of Schnorr and ElGamal},
      howpublished = {Cryptology ePrint Archive, Paper 2015/213},
      year = {2015},
      doi = {10.1007/s00200-015-0270-7},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.