1-2hit |
Go OHTAKE Kazuto OGAWA Goichiro HANAOKA Shota YAMADA Kohei KASAMATSU Takashi YAMAKAWA Hideki IMAI
Attribute-based encryption (ABE) enables flexible data access control based on attributes and policies. In ciphertext-policy ABE (CP-ABE), a secret key is associated with a set of attributes and a policy is associated with a ciphertext. If the set of attributes satisfies the policy, the ciphertext can be decrypted. CP-ABE can be applied to a variety of services such as access control for file sharing systems and content distribution services. However, a CP-ABE scheme usually has larger costs for encryption and decryption than conventional public-key encryption schemes due to flexible policy setting. In particular, wildcards, which mean that certain attributes are not relevant to the ciphertext policy, are not essential for a certain service. In this paper, we propose a partially wildcarded CP-ABE scheme with a lower encryption and decryption cost. In our scheme, user's attributes are separated into those requiring wildcards and those not requiring wildcards. Our scheme embodies a CP-ABE scheme with a wildcard functionality and an efficient CP-ABE scheme without wildcard functionality. We show that our scheme is provably secure under the DBDH assumption. Then, we compare our scheme with the conventional CP-ABE schemes and describe a content distribution service as an application of our scheme. Also, we implement our scheme on a PC and measure the processing time. The result shows that our scheme can reduce all of the costs for key generation, encryption, and decryption as much as possible.
Nuttapong ATTRAPADUNG Hideki IMAI
We present a new variant of Attribute based encryption (ABE) called Dual-Policy ABE. Basically, it is a conjunctively combined scheme between Key-Policy and Ciphertext-Policy ABE, the only two previous types of ABE. Dual-Policy ABE allows simultaneously two access control mechanisms over encrypted data: one involves policies over objective attributes ascribed to data and the other involves policies over subjective attributes ascribed to user credentials. The previous two types of ABE can only allow either functionality above one at a time.