Attribute-based Encryption

(20110705) Threshold ABE

(20110719) KP-ABE

(20110719) CP-ABE

(20111003) v21

Attribute-Based Encryption

[SW05] Threshold ABE

[GPSW06] Key-policy ABE

[BSW07] Cipher-policy ABE

2

[SW05] THRESHOLD ABE

3

Threshold ABE

aka Fuzzy IBE

Using biometrics in IBE

Identity as a set of “attributes”

First propose the term of Attribute Based Encryption

4

Threshold ABE

5

Setup

Bilinear map: e e: G1× G1 -> G2 G1 has prime order p g is a generator of G1

6

Setup

7

Setup

8

Encryption

9

Extract

10

Decryption

11

Decryption

12

[GPSW06] KEY-POLICY ABE

13

Key-policy ABE

Ciphertexts are labeled with a set of attributes

private keys are associated with access

structures that control which ciphertext a user is able to decrypt.

14

Example

C1(3,5,6,7) ╳ K1( 1 and 2) ○ K2( 3 or 5 ) ○ K3( (1 and 2) or (3 and 7) ) ○ K4 ( 3 out of (1,2,3,4,5,6,7) ) ╳ K5 ( 2 out of (1,2,5) )

15

Access Tree

(“child” and “<120cm”) or (2 of (“student”, ”<20”, ”disabled”,))

OR

AND 2 of 3

“student” “disabled”

“<20”

“<120cm”

“child”

16

Access Tree

parent(x): parent of a node x

att(x): if x is a leaf node then return the attribute associated with x

17

Access Tree

18

Access Tree

index(x): return node’s index

1

8

32

5 67

4

19

Setup

Bilinear map: e e: G1× G1 -> G2 G1 has prime order p g is a generator of G1

20

Setup

21

Setup

22

Encryption

23

Key Generation KeyGen(T, MK)

Choose a polynomial qx for each node:q1, q2, q3, … , q8. degree(qx) = K(x) - 1 degree(q1) = 0 degree(q2) = 1 degree(q3) = 1 degree(q4) = 0 ︴ degree(q8) = 0

24

Key Generation

q1(0)=y

q2(0)=q1(2) q3(0)=q1(3)

q4(0)=q2(4) q5(0)=q2(5) q6(0)=q3(6)

q7(0)=q3(7)q8(0)=q3(8)

25

Key Generation

26

Decryption

27

28

q6(0)=q3(6)

q7(0)=q3(7)

q3(0)=q1(3)

29

[BSW07] CIPHER-POLICY ABE

30

Cipher-policy ABE

Private keys are labeled with a set S of attributes

Ciphertexts are associated with access

structures T that control which user is able to decrypt the ciphertext.

31

Example

C1( (1 and 2) or (3 of (4,5,6,7)) )

╳ K1( 1) ○ K2(1, 2) ○ K3(4,5,6) ○ K4 (1,2,4,6,7) ╳ K5 (4,5,8)

32

Setup

Bilinear map: e e: G1× G1 -> G2 G1 has prime order p g is a generator of G1

33

Setup

U = {a1=child, a2=<120cm, … ,an } U is the set of all attributes

H: U -> G1

34

Setup

35

Encryption

36

Encryption

q1(0)=s

q2(0)=q1(2) q3(0)=q1(3)

q4(0)=q2(4) q5(0)=q2(5) q6(0)=q3(6)

q7(0)=q3(7)q8(0)=q3(8)

37

Encryption

38

Key Generation

39

Decryption

40

41

42