Cryptology ePrint Archive: Report 2021/074

Cross-Domain Attribute-Based Access Control Encryption

Mahdi Sedaghat and Bart Preneel

Abstract: Logic access control enforces who can read and write data; the enforcement is typically performed by a fully trusted entity. At TCC 2016, Damgård et al. proposed Access Control Encryption (ACE) schemes where a predicate function decides whether or not users can read (decrypt) and write (encrypt) data, while the message secrecy and the users' anonymity are preserved against malicious parties. Subsequently several ACE constructions with an arbitrary identity-based access policy have been proposed, but they have huge ciphertext and key sizes and/or rely on indistinguishability obfuscation. At IEEE S&P 2021, Wang and Chow proposed a Cross-Domain ACE scheme with constant-size ciphertext and arbitrary identity-based policy; the key generators are separated into two distinct parties, called Sender Authority and Receiver Authority. In this paper, we improve over their work with a novel construction that provides a more expressive access control policy based on attributes rather than on identities, the security of which relies on standard assumptions. Our construction combines Structure-Preserving Signatures, Non-Interactive Zero-Knowledge proofs, and Re-randomizable Ciphertext-Policy Attribute-Based Encryption schemes. The sizes of ciphertexts and encryption and decryption keys are constant and thus independent of the number of receivers and their attributes. Not only is our system more flexible, it also is more efficient and results in shorter keys.

Category / Keywords: public-key cryptography / Access Control Encryption; Ciphertext-Policy Attribute-Based Encryption; Structure Preserving Signature; Non-Interactive Zero-Knowledge proofs

Date: received 21 Jan 2021, last revised 22 Jan 2021

Contact author: ssedagha at esat kuleuven be

Available format(s): PDF | BibTeX Citation

Version: 20210122:203231 (All versions of this report)

Short URL: ia.cr/2021/074


[ Cryptology ePrint archive ]