Paper 2023/1277

Dually Computable Cryptographic Accumulators and Their Application to Attribute Based Encryption

Anaïs Barthoulot, Université de Limoges, XLIM
Olivier Blazy, Computer Science Laboratory of the École Polytechnique
Sébastien Canard, Télécom Paris
Abstract

In 1993, Benaloh and De Mare introduced cryptographic accumulator, a primitive that allows the representation of a set of values by a short object (the accumulator) and offers the possibility to prove that some input values are in the accumulator. For this purpose, so-called asymmetric accumulators require the creation of an additional cryptographic object, called a witness. Through the years, several instantiations of accumulators were proposed either based on number theoretic assumptions, hash functions, bilinear pairings or more recently lattices. In this work, we present the first instantiation of an asymmetric cryptographic accumulator that allows private computation of the accumulator but public witness creation. This is obtained thanks to our unique combination of the pairing based accumulator of Nguyen with dual pairing vector spaces. We moreover introduce the new concept of dually computable cryptographic accumulators, in which we offer two ways to compute the representation of a set: either privately (using a dedicated secret key) or publicly (using only the scheme's public key), while there is a unique witness creation for both cases. All our constructions of accumulators have constant size accumulated value and witness, and satisfy the accumulator security property of collision resistance, meaning that it is not possible to forge a witness for an element that is not in the accumulated set. As a second contribution, we show how our new concept of dually computable cryptographic accumulator can be used to build a Ciphertext Policy Attribute Based Encryption (CP-ABE). Our resulting scheme permits policies expressed as disjunctions of conjunctions (without ``NO'' gates), and is adaptively secure in the standard model. This is the first CP-ABE scheme having both constant-size user secret keys and ciphertexts (i.e. independent of the number of attributes in the scheme, or the policy size). For the first time, we provide a way to use cryptographic accumulators for both key management and encryption process.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Major revision. CANS 2023
Keywords
Cryptographic AccumulatorsAttribute Based EncryptionPairingsDual Pairing Vector Spaces
Contact author(s)
anais barthoulot @ orange com
olivier blazy @ polytechnique edu
sebastien canard @ telecom-paris fr
History
2023-10-23: last of 3 revisions
2023-08-24: received
See all versions
Short URL
https://ia.cr/2023/1277
License
No rights reserved
CC0

BibTeX 

@misc{cryptoeprint:2023/1277,
      author = {Anaïs Barthoulot and Olivier Blazy and Sébastien Canard},
      title = {Dually Computable Cryptographic Accumulators and Their Application to Attribute Based Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1277},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/1277}},
      url = {https://eprint.iacr.org/2023/1277}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.