Abstract
Attribute-based encryption (ABE) is a promising cryptographic primitive for fine-grained access control of distributed data. In ciphertext policy attribute-based encryption (CP-ABE), each user is associated with a set of attributes and data are encrypted with access policies on attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the access policy embedded in the ciphertext. However, key escrow is inherent in ABE systems. A curious key generation center in that construction has the power to decrypt every ciphertext. We found that most of the existing ABE schemes depending on a single key authority suffer from the key escrow problem. In this study, we propose a novel CP-ABE key issuing architecture that solves the key escrow problem. The proposed scheme separates the power of issuing user keys into two parties: the key generation center and the attribute authority. In the proposed construction, the key generation center and the attribute authority issue different parts of secret key components to users through a secure two-party computation protocol such that none of them can determine the whole set of keys of users individually. We demonstrate how the proposed key issuing protocol can be applied in the existing CP-ABE scheme and resolve the key escrow problem.
| Original language | English |
|---|---|
| Pages (from-to) | 1310-1317 |
| Number of pages | 8 |
| Journal | Computers and Mathematics with Applications |
| Volume | 65 |
| Issue number | 9 |
| DOIs | |
| Publication status | Published - 2013 May |
| Externally published | Yes |
Bibliographical note
Funding Information:This work was supported by the research fund of Hanyang University (HY-2011-N).
Keywords
- Access control
- Attribute based encryption
- Ciphertext policy
- Privacy
- Removing escrow
ASJC Scopus subject areas
- Modelling and Simulation
- Computational Theory and Mathematics
- Computational Mathematics