Background
Methods
Preliminaries
Bilinear Maps
Linear Secret Sharing Scheme (LSSS)
Decisional Parallel Bilinear Diffie-Hellman Exponent Assumption
System Model and Definition
Model
Algorithm Definition
Security Definition
-
-Init. The adversary A submits the challenge access structure \( \mathbb{A} \) to the challenger C.
-
-Setup. The challenger C runs setup algorithm and gives the public parameters PK to the adversary A.
-
-Phase1. The adversary can issue following query.
-
Ext query : The adversary A submits a set of attributes S where S does not satisfy the access structure \( \mathbb{A} \) to the challenger. The challenger C gives secret key corresponding S.
-
Add query : The adversary A submits a set of attributes S′ where S ∪ S′ does not satisfy the challenge access structure \( \mathbb{A} \). The challenger C gives the secret key component K x corresponding to S′.
-
-
-Challenge. The adversary A submits two equal length messages M 0, M 1. The challenger flips a random coin b, and encrypts M b under \( \mathbb{A} \). The challenger gives ciphertext CT to the adversary A.
-
-Phase2. Phase1 is repeated.
-
-Guess. The adversary A outputs his guess b′ of b.
-
-Init. The adversary A submits the challenge access structure \( \mathbb{A} \) and version number ver* to the challenger C.
-
-Setup. The challenger C runs setup algorithm and gives the public parameters PK and PRE key and the keys for granting an attribute J to the adversary A.
-
-Phase1. The adversary can issue following query.
-
K x query : The adversary A submits a set of attribute S. The challenger C gives secret key component K x corresponding to S to the adversary A.
-
-
-Challenge. The adversary A submits two equal length messages M 0, M 1. The challenger flips a random coin b, and encrypts M b under \( \mathbb{A} \). The challenger gives ciphertext CT to the adversary A.
-
-Phase2. Phase1 is repeated.
-
-Guess. The adversary A outputs his guess b′ of b.
Our Scheme
Overview
Algorithm
Security Proof
Security Proof in the Attack Model 1
Security Proof in the Attack Model 2
Result and discussion
The proposed scheme
| |||
---|---|---|---|
PK |
\( \begin{array}{l}\left(3\left|U\right|+1\right)\\ {}\times \left|G\right|+\left|{G}_T\right|\end{array} \)
| 2 × |G| + |G
T
| |
\( \begin{array}{l}\left(2\left|U\right|+2\right)\\ {}\times \left|G\right|+\left|{G}_T\right|\end{array} \)
|
SK | (2|U| + 1) × |G| |
\( \begin{array}{l}\left(2\left|S\right|\kern0.5em +1\right)\times \left|G\right|\\ {}+ \log \kern0.5em \left|N\right|\times \left|K\right|\end{array} \)
| (|S| + 2) × |G| |
CT |
\( \begin{array}{l}\left(\left|U\right|+1\right)\\ {}+\left|G\right|+\left|{G}_T\right|\end{array} \)
|
\( \begin{array}{l}\left(2\left|I\right|+1\right)\\ {}\times \left|G\right|+\left|{G}_T\right|\end{array} \)
|
\( \begin{array}{l}\left(2\left|I\right|+1\right)\\ {}\times \left|G\right|+\left|{G}_T\right|\end{array} \)
|
RK |
r|U| × |Z
p
| | (2|N| − 1) × |K| |
r|U| × |X
p
| |
Enc | (|U| + 2) × exp
| (2|I| + 2) × exp
| (2|I| + 2) × exp
|
Ext | (2|U| + 1) × exp
| (2|S| + 2) × exp
| (|S| + 2) × exp
|
Re-enc | |R
CT
| × exp
| |R
CT
| × exp
| |R
CT
| × exp
|
Re-key | |R
SK
| × exp
| |R
SK
| × exp
| |R
SK
| × exp
|
Dec |
\( \begin{array}{l}\left(\left|U\right|+1\right)\times \widehat{e}\\ {}+\left(\left|U\right|1\right)\kern0.5em \times \kern0.5em exp\end{array} \)
|
\( \begin{array}{l}\left(2\left|R\right|+1\right)\times \widehat{e}\\ {}+\left(2\left|R\right|+2\right)\times exp\end{array} \)
|
\( \begin{array}{l}\left(2\left|R\right|+1\right)\times \kern0.5em \widehat{e}\\ {}+\left(2\left|R\right|+2\right)\times \kern0.5em exp\end{array} \)
|
The proposed scheme
| ||||
---|---|---|---|---|
Suporting acces policy type | ‘AND’ | ‘AND’, ‘OR’ | Any LSSS | Any LSSS |
Attibute level user revoction | Possible | Possible | Impossible | Possible |
Grant attributes to users | The authority generates a new secret key | The authority generates a new secret key | The authority generates a new secret key | Cloud server adds attributes to user’s secret key |