Revocable attribute-based encryption with decryption key exposure resistance and ciphertext delegation

Attribute-based encryption (ABE) enables fine-grained access control over encrypted data. A practical and popular approach for handing revocation in ABE is to use the indirect revocation mechanism, in which a key generation centre (KGC) periodically broadcasts key update information for all data use...

Full description

Saved in:
Bibliographic Details
Main Authors: XU, Shengmin, YANG, Guomin, MU, Yi
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2019
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/5246
https://ink.library.smu.edu.sg/context/sis_research/article/6249/viewcontent/1559537938_E11243_e_tarjome.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:Attribute-based encryption (ABE) enables fine-grained access control over encrypted data. A practical and popular approach for handing revocation in ABE is to use the indirect revocation mechanism, in which a key generation centre (KGC) periodically broadcasts key update information for all data users over a public channel. Unfortunately, existing RABE schemes are vulnerable to decryption key exposure attack which has been well studied in the identity-based setting. In this paper, we introduce a new notion for RABE called re-randomizable piecewise key generation by allowing a data user to re-randmomize the combined secret key and the key update to obtain the decryption key, and the secret key is unrecoverable even both the decryption key and the key update are known by the attacker. We then propose a new primitive called re-randomizable attribute-based encryption (RRABE) that can achieve both re-randomizable piecewise key generation and ciphertext delegation. We also refine the existing security model for RABE to capture decryption key exposure resistance and present a generic construction of RABE from RRABE. Finally, by applying our generic transformation, we give a concrete RABE scheme achieving decryption key exposure resistance and ciphertext delegation simultaneously.