This paper presents the first attribute-based signature (ABS) scheme in which the correspondence between signers and signatures is captured in an arithmetic model of computation. Specifically, we design a fully secure, i.e., adaptively unforgeable and perfectly signer-private ABS scheme for signing policies realizable by arithmetic branching programs (ABP), which are a quite expressive model of arithmetic computations. On a more positive note, the proposed scheme places no bound on the size and input length of the supported signing policy ABP's, and at the same time, supports the use of an input attribute for an arbitrary number of times inside a signing policy ABP, i.e., the so called unbounded multi-use of attributes. The size of our public parameters is constant with respect to the sizes of the signing attribute vectors and signing policies available in the system. The construction is built in (asymmetric) bilinear groups of prime order, and its unforgeability is derived in the standard model under (asymmetric version of) the well-studied decisional linear (DLIN) assumption coupled with the existence of standard collision resistant hash functions. Due to the use of the arithmetic model as opposed to the boolean one, our ABS scheme not only excels significantly over the existing state-of-the-art constructions in terms of concrete efficiency, but also achieves improved applicability in various practical scenarios. Our principal technical contributions are (a) extending the techniques of Okamoto and Takashima [PKC 2011, PKC 2013], which were originally developed in the context of boolean span programs, to the arithmetic setting; and (b) innovating new ideas to allow unbounded multi-use of attributes inside ABP's, which themselves are of unbounded size and input length.

We propose a key-policy attribute-based encryption (KP-ABE) scheme with constant-size ciphertexts, whose almost tightly semi-adaptive security is proven under the decisional linear (DLIN) assumption in the standard model. The access structure is expressive, that is given by non-monotone span programs. It also has fast decryption, i.e., a decryption includes only a constant number of pairing operations. As an application of our KP-ABE construction, we also propose an efficient, fully secure attribute-based signatures with constant-size secret (signing) keys from the DLIN. For achieving the above results, we extend the sparse matrix technique on dual pairing vector spaces. In particular, several algebraic properties of an elaborately chosen sparse matrix group are applied to the dual system security proofs.

This paper presents decentralized multi-authority attribute-based encryption and signature (DMA-ABE and DMA-ABS) schemes, in which no central authority exists and no global coordination is required except for the setting of a parameter for a prime order bilinear group and a hash function, which can be available from public documents, e.g., ISO and FIPS official documents. In the proposed DMA-ABE and DMA-ABS schemes, every process can be executed in a fully decentralized manner; any party can become an authority and issue a piece for a secret key to a user without interacting with any other party, and each user obtains a piece of his/her secret key from the associated authority without interacting with any other party. While enjoying such fully decentralized processes, the proposed schemes are still secure against collusion attacks, i.e., multiple pieces issued to a user by different authorities can form a collusion resistant secret key, composed of these pieces, of the user. The proposed ABE scheme is the first DMA-ABE for non-monotone relations (and more general relations), which is adaptively secure under the decisional linear (DLIN) assumption in the random oracle model. This paper also proposes the first DMA-ABS scheme for non-monotone relations (and more general relations), which is fully secure, adaptive-predicate unforgeable and perfect private, under the DLIN assumption in the random oracle model. DMA-ABS is a generalized notion of ring signatures. The efficiency of the proposed DMA-ABE and DMA-ABS schemes is comparable to those of the existing practical ABE and ABS schemes with comparable relations and security.

The concept of dual pairing vector spaces (DPVS) was introduced by Okamoto and Takashima in 2009, and it has been employed in various applications, functional encryption (FE) including attribute-based encryption (ABE) and inner-product encryption (IPE) as well as attribute-based signatures (ABS), generic conversion from composite-order group based schemes to prime-order group based ones and public-key watermarking. In this paper, we show the concept of DPVS, the major applications to FE and the key techniques employed in these applications. This paper presents them with placing more emphasis on plain and intuitive descriptions than formal preciseness.