CryptoDB
Provably Secure Ciphertext Policy ABE
| Authors: | |
|---|---|
| Download: | |
| Abstract: | In ciphertext policy attribute-based encryption (CP-ABE), every secret key is associated with a set of attributes, and every ciphertext is associated with an access structure on attributes. Decryption is enabled if and only if the user's attribute set satisfies the ciphertext access structure. This provides fine-grained access control on shared data in many practical settings, including secure databases and secure multicast. In this paper, we study CP-ABE schemes in which access structures are AND gates on positive and negative attributes. Our basic scheme is proven to be chosen plaintext (CPA) secure under the decisional bilinear Diffie-Hellman (DBDH) assumption. We then apply the Canetti-Halevi-Katz technique to obtain a chosen ciphertext (CCA) secure extension using one-time signatures. The security proof is a reduction to the DBDH assumption and the strong existential unforgeability of the signature primitive. In addition, we introduce hierarchical attributes to optimize our basic scheme, reducing both ciphertext size and encryption/decryption time while maintaining CPA security. Finally, we propose an extension in which access policies are arbitrary threshold trees, and we conclude with a discussion of practical applications of CP-ABE. |
BibTeX
@misc{eprint-2007-13465,
title={Provably Secure Ciphertext Policy ABE},
booktitle={IACR Eprint archive},
keywords={public-key cryptography / attribute based encryption, ciphertext access policy},
url={http://eprint.iacr.org/2007/183},
note={ lcheung@theory.csail.mit.edu 13649 received 16 May 2007},
author={Ling Cheung and Calvin Newport},
year=2007
}