Research Article Efficient and Adaptively Secure Attribute ...downloads.hindawi.com/journals/ijdsn/2016/5235714.pdfin which a user is able to empower designated users to decrypt reencrypted

Research ArticleEfficient and Adaptively Secure Attribute-Based ProxyReencryption Scheme

Huixian Li1 and Liaojun Pang2

1School of Computer Science and Engineering Northwestern Polytechnical University Xirsquoan 710072 China2State Key Laboratory of Integrated Services Networks School of Life Science and Technology Xidian University Xirsquoan 710071 China

Correspondence should be addressed to Huixian Li lihuixiannwpueducn

Received 8 January 2016 Revised 31 March 2016 Accepted 26 April 2016

Academic Editor Mauro Conti

Copyright copy 2016 H Li and L Pang This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

Ciphertext-Policy Attribute-Based Proxy Reencryption (CP-ABPRE) has found many practical applications in the real worldbecause it extends the traditional Proxy Reencryption (PRE) and allows a semitrusted proxy to transform a ciphertext underan access policy to the one with the same plaintext under another access policy The existing CP-ABPRE schemes were provensecure only in the selective security model a limited model which is an unnatural constraint on the attacker The scheme provedin this model can only be called selectively secure one However from a security perspective the adaptively secure CP-ABPREscheme is more desirable In this paper an adaptively secure CP-ABPRE scheme is proposed which is based on Watersrsquo dualsystem encryption technology The proposed scheme is constructed in composite order bilinear groups and proven secure underthe complexity assumptions of the subgroup decision problem for 3 primes (3P-SDP) Analyses show that our proposal provideshigher computational efficiency compared with the existing schemes

1 Introduction

With the development of Internet and open distributednetworks the Attribute-Based Encryption (ABE) scheme [1]has drawn great attention of researchers in recent yearsUnlike the Public Key Encryption mechanism ABE schemetakes attributes as the public key and associates the ciphertextand userrsquos secret key with attributes so that it provides moreflexible access control mechanism over encrypted data Thisdramatically reduces the cost of network bandwidth andsending nodersquos operation in fine-grained access control ofdata sharing Therefore ABE has a broad prospect in thelarge-scale distributed applications to support one-to-manycommunication mode Traditional ABE has two variantsaccording to the form of access policy Key-Policy ABE(KP-ABE) and Ciphertext-Policy ABE (CP-ABE) [2] In aKP-ABE system ciphertexts are associated with attributesets and secret keys are associated with access policiesHowever CP-ABE is complementary and the sender couldspecify access control policy so compared with KP-ABEschemes CP-ABE schemes are more suitable for the realisticscenes

As the research and application of the ABE go aheadProxy Reencryption (PRE) [3] has been introduced into ABEschemes Considering such a scenario in the email forward-ing Alice is going on vacation and wishes the others like Bobcould still read the message in her encrypted emails Withan Attribute-Based Proxy Reencryption (ABPRE) system inwhich a proxy is allowed to transform a ciphertext undera specified access policy into the one under another accesspolicy she couldmeet her intentionswithout giving her secretkey to either the mail server or Bob So ABPRE schemes[4] are needed in most of practical network applicationsespecially Ciphertext-Policy ABPRE (CP-ABPRE) schemes[5] which have more flexible access control policy than Key-Policy ABPRE (KP-ABPRE) schemes [4] Generally speak-ing an ABPRE scheme has an authority a sender a usercalled a delegator who needs to delegate hisher decryptionability to someone else a proxy who helps the delegatorto generate a reencrypted ciphertext and some receivers asparticipants Recently due to their widespread use in therealistic scenes widespread attention was paid to ABPREschemes by researchers and some excellent ABPRE schemeshave been proposed [6ndash12]

Hindawi Publishing CorporationInternational Journal of Distributed Sensor NetworksVolume 2016 Article ID 5235714 12 pageshttpdxdoiorg10115520165235714

2 International Journal of Distributed Sensor Networks

However most of existing ABPRE schemes [6ndash12] wereproven secure only in the selective security model [13] inwhich an adversarymust firstly choose an attack target beforethe public parameters are published This restriction on anattacker was not natural which causes attackers to behavedifferently from the way in a real environment And mostof existing schemes [11ndash15] demanded a number of paringoperations which indeed costsmuch in the communicationsTherefore motivated by these concerns an efficient andadaptively secure CP-ABPRE scheme is proposed in ourpaper Our scheme overcomes the restriction on an attackerin a selective security model and could be better appliedto the open distributed networks In the meantime ourproposal supports any monotone access formulas and costsless computational overhead compared with the existingschemes

The rest of this paper is organized as follows In thenext section we shall briefly review related works in thefield of ABE In Section 3 some preliminaries includingcomplexity assumptions access structures and CP-ABPREmodel are provided Then the concrete CP-ABPRE schemeis given in Section 4 In Section 5 we analyze the correctnessand security of our scheme and compare our scheme withexisting schemes in terms of access structure security andcomputations efficiency Finally the conclusion is drawn inSection 6

2 Related Works

In 2005 Sahai andWaters [16] proposed a new type of IBE [17]called Fuzzy IBE (FIBE) which regards identities as a set ofdescriptive attributes It is often regarded as the first conceptof ABE [1 18] ABE can be categorized as either KP-ABE orCP-ABE and the latter is more flexible and more suitable forthe realistic scenes [2] In 2007 Cheung and Newport [19]used AND gates on positive and negative to express attributesin order to achieve their CP-ABE schemersquos access policy andproved the security under the DBDH assumption And thenNishide et al [20] designed a newCP-ABE schemewith ANDgates on multivalue attributes as its access policy To realizefine-grained access control strategy Bethencourt et al [21]used the Access Tree in their scheme In order to designCP-ABE schemes with flexible strategy under the DBDHassumption Goyal et al [22] and Liang et al [23] adoptedBounded Access Tree respectively Later Ibraim et al [24]used the general Access Tree to eliminate the boundaryconstraints in the literature [22 23] In 2011 Waters [25] usedLinear Secret Sharing Scheme (LSSS) access structure under119902-PBDHE assumption to construct a CP-ABE scheme

However unfortunately the security of those CP-ABEschemes that we mentioned above was proven in a weakersecurity model called the selective-policy security modelwhich derived from the selective-ID security model for con-structing an IBE scheme without the random oracle model[26] In the selective security model the adversary mustfirstly declare which policy he wishes to be challenged onbefore the public parameters are published This restrictionon the attacker is not natural which causes attacker to behavedifferently from the real environment [13] Considering

the restrictions of the selective security model researchersexpected that the ABE scheme should be designed andproven secure under the adaptive securitymodel So in orderto overcome the drawbacks of the selectively secure ABEschemes Lewko et al [13] proposed an adaptively (or fully)secure ABE scheme by using the dual system encryptiontechnique [27] which is a common method for provingan adaptively secure scheme in IBE or ABE Later Lewkoand Waters [28] provided a new methodology which cantransform the selectively secure schemes to adaptively secureones and presented a CP-ABE scheme that is proven fullysecure In 2014 Garg et al [29] constructed the first fullysecure ABE scheme that can handle access control policiesexpressible as polynomial-size circuits Afterwards someexcellent adaptively secure ABE schemes were proposed [330 31]

Recently in the field of cryptography the concept ofPRE has been proposed to make data sharing more efficientIntroduced byMambo andOkamoto [32] and first defined byBlaze et al [33] PRE can support the delegation of decryptionrights which is never considered in extending the traditionalPublic Key Encryption (PKE) In PRE a semitrusted proxyis enabled to transform a ciphertext encrypted under onersquospublic key into a new ciphertext intended for others withthe plaintext unchangedThe decryption proxy however canlearn nothing about the secret key or the plaintext Due tothese characteristics PRE has many practical applicationsFor example Xu et al [34] built an encrypted cloud emailsystem with PRE which allows a user to send an encryptedemail to multiple receivers store his encrypted emails in anemail server and review his history In addition it can also beused in secure distributed files systems cloud storage on-lineElectronic Medical Record (EMR) and so on [4 5 35ndash39]

To date PRE has been extended to adapt differentcryptographic systems The ABPRE is one of the extensionsin which a user is able to empower designated users todecrypt reencrypted ciphertext by deploying attributes In2008 Guo et al [40] proposed the first ABPRE scheme andit is also the first KP-ABPRE scheme In 2009 Liang et al[6] proposed the first CP-ABPRE scheme in which the proxyis enabled to transform a given ciphertext under a specifiedaccess policy into the one under another access policy Butunfortunately only AND gates on positive and negativeattributes are supported by their access policy In 2010 Luoet al [7] proposed a new CP-ABPRE scheme which supportsAND gates on multivalue and negative attributes Comparedwith [6] it has a new property named reencryption controlwhich means that the user can decide which ciphertext canbe reencrypted later during the encryption process LaterSeo and Kim [8] presented another CP-ABPRE schemewhich only needs a constant number of bilinear pairingoperations So the computation cost and ciphertext lengthare reduced significantly compared to previous schemes [727] In 2013 Li [9] presented a new CP-ABPRE scheme inwhich the ciphertext policy is matrix access policy basedon LSSS matrix access structure In 2014 Chung et al [10]analyzed these CP-ABPRE schemes [6ndash8 33] andmade com-parisons of them by some criteria The aforementioned CP-ABPRE schemes however are onlyCPA-secure To tackle this

International Journal of Distributed Sensor Networks 3

problem Liang et al [11] for the first time proposed a newsingle-hop unidirectional CP-ABPRE scheme supporting anymonotonic access formulas Despite being constructed in therandom oracle model it is proved to be CCA-secure In2015 Kawai [12] proposed a flexible CP-ABPRE scheme inwhich the reencryption key generation can be outsourcedin Attribute-Based Encryption and proved their scheme issecure in the selective security model

All these CP-ABPRE schemes mentioned above unfor-tunately were only proven to be selectively secure [13]which is just discussed above A CP-ABPRE system withselective security which limits an adversary to choose anattack target before playing a security game might not scalewell in practice as well This is because a realistic adversaryis able to adaptively choose his attack target when attackinga cryptosystem Therefore an adaptively secure CP-ABPREscheme is extremely desirable in most practical networkapplications In 2014 Liang et al [14] for the first timeformalized the notion of adaptive security for CP-ABPREsystems and proposed a new CP-ABPRE scheme which isproven adaptively secure in the standard model but theirscheme demands a number of paring operations that implyhuge computational overheads In 2015 Backes et al [15]presented an Inner-Product Proxy Reencryption schemeAlthough their scheme can easily be converted into anAttribute-Based Proxy Reencryption scheme the ciphertextis only associated with AND gates access structure whichdoes not conform to the flexible access policy Motivated bythese concerns in this paper we propose an efficient andadaptively secure CP-ABPRE scheme which supports anymonotone access formulas

Our contributions can be briefly outlined as follows (1)A new scheme is proposed and it overcomes the restrictionon the attacker in a selective security model in the existingschemes [6ndash9 11] and is proved to be adaptively secure (2)Our proposal supports anymonotone access formulas includ-ing what the AND gate access structure supports (3) Ourscheme costs less computational overhead compared withthe corresponding scheme [14] (4) We try to construct ourscheme in composite order groups and use three assumptionsto prove its security

3 Preliminaries

31 Composite Order Bilinear Groups Composite order bilin-ear groups were introduced by Boneh et al [41] First let 119866and 119866

119879be a cyclic additive group and a multiplication cyclic

group of order119873 where119873 = 119901111990121199013and 119901

1 119901

2 and 119901

3are

three distinct primenumbers Let 119890 119866times119866 rarr 119866119879be a bilinear

mapThen let119866

1199011

1198661199012

and1198661199013

denote the subgroups of order1199011 119901

2 and 119901

3in group 119866 respectively Because 119866 is a cyclic

group it is easy to conclude that if ℎ and 119897 are group elementschosen from different subgroups then 119890(ℎ 119897) = 1 This iscalled the orthogonality property in composite order bilineargroups

32 Complexity Assumptions We now present three assump-tions of the subgroup decision problem for 3 primes (3P-SDP)

[13] First we let 119866 and 119866119879be two cyclic groups of order

119873 where 119873 = 119901111990121199013and 119901

1 119901

2 and 119901

3are three distinct

primes And we let1198661199011

1198661199012

and1198661199013

denote the subgroups oforder 119901

1 119901

2 and 119901

3in 119866 respectively Let 119890 119866 times119866 rarr 119866

119879be

a bilinear map

Assumption 1 We randomly choose element 119892 as the gener-ator of 119866

1199011

and element 1198833as the generator of 119866

1199013

Given119863 = (119873119866 119866

119879 119890 119892 119883

3) 119879

1isin 119866

11990111199012

and 1198792isin 119866

1199011

Let 120582be the security parameter and the advantage of a polynomialtime algorithm 119860 in breaking Assumption 1 is defined as

Adv1119860(120582) =

1003816100381610038161003816Pr [119860 (119863 1198791) = 1] minus Pr [119860 (119863 119879

2) = 1]

1003816100381610038161003816 (1)

Definition 2 Assumption 1 holds if there is no polynomialtime algorithm 119860 which has a nonnegligible advantageAdv1

119860(120582)

Assumption 3 We randomly choose elements 1198921198831isin 119866

1199011

1198832 119884

2isin 119866

1199012

and 1198833 119884

3isin 119866

1199013

Given 119863 = (119873119866 119866119879 119890 119892

11988311198832 119883

3 119884

21198843) and 119879

1isin 119866 119879

2isin 119866

11990111199013

Let 120582 be the securityparameter and the advantage of a polynomial time algorithm119860 in breaking Assumption 3 is defined as

Adv2119860(120582) =

1003816100381610038161003816Pr [119860 (119863 1198791) = 1] minus Pr [119860 (119863 119879

2) = 1]

1003816100381610038161003816 (2)


119860(120582)

Assumption 5 We randomly choose elements 120572 119904 isin 119885119873 119892 isin

1198661199011

1198832 119884

2 119885

2isin 119866

1199012

and 1198833isin 119866

1199013

Given 119863 = (119873119866 119866119879

119890 119892 1198921205721198832 119883

3 119892

1199041198842 119885

3) and 119879

1= 119890(119892 119892)

120572119904 1198792isin 119866

119879 Let 120582

be the security parameter and the advantage of a polynomialtime algorithm 119860 in breaking Assumption 5 is defined as

Adv3119860(120582) =

1003816100381610038161003816Pr [119860 (119863 1198791) = 1] minus Pr [119860 (119863 119879

2) = 1]

1003816100381610038161003816 (3)


119860(120582)

33 Access Structures In this paper the role of the par-ticipants is taken by the attributes As shown in [42] anymonotone access structure can be represented by a LinearSecret Sharing Scheme

Definition 7 (Linear Secret Sharing Schemes (LSSS)) Let Πdenote a secret sharing scheme over a participant collection119875 One says that Π is called linear over 119885

119901if

(1) the shares distributed for each participant can form avector over 119885

119901

(2) for Π there always exists a share-generating matrix119872 which has 119897 rows and 119899 columns Now function120588 is defined and used to each party That is the partylabeling row 119894 can be denoted as 120588(119894) for 119894 = 1 2 119897The column vector V = (119904 119910

2 119910

3 119910

119899) is randomly

chosen in 119885119899

119901 Then 997888119872

119894sdot997888V is the share belonging to

party 120588(119894) We use LSSS matrix (119872120588) to represent anaccess policy in this paper


The linear reconstruction property can be defined asfollows Suppose thatΠ is an LSSS for access structure 119860 Let119878 isin 119860 denote the authorized set and define 119868 sube 1 2 119897 as119868 = 119894 | 120588(119894) isin 119878 Then there exist 119908

119894isin 119885

119901119894isin119868

such that if120582

119894 are valid shares of any secret 119904 we havesum

119894isin119868119908119894120582119894= 119904 [41]

But it does not hold for unauthorized sets In our scheme wewill employ LSSS matrices over 119885

119873 where 119873 is the product

of 3 different prime numbers

34 CP-ABPRE341 Algorithm Model Generally speaking a CP-ABPREscheme is composed of 6 fundamental algorithms and it hasan authority a sender a user that we call a delegator whoneeds to delegate hisher decryption ability to someone elsea proxy who helps the delegator to generate a reencryptedciphertext and some receivers as participants The 6 algo-rithms are shown as follows

119878119890119905119906119901(1120582 119880) rarr (119872119878119870 119875119870) It is performed by an authority

to establish a new CP-ABPRE system With the securityparameter 120582 and attributes 119880 as input it generates the publickey (PK) and the master secret key (MSK)

119870119890119910119866119890119899(119875119870119872119878119870 119878) rarr 119878119870119878 With PK MSK and a set of

attributes 119878 that describe the key as input this algorithm isexecuted by the authority for the purpose of generating asecret key SK

119878

119864119899119888(119875119870119882 = (119872 120588)119898) rarr 119862119879119882 Performed by a sender

with PK a message 119898 and an access policy 119882 = (119872 120588) asinput the algorithm generates a ciphertext CT

119882of 119898 such

that only a user whose attributes meet the access policy 119882

can decrypt it

119877119890119870119890119910119866119890119899(119875119870 119878119870119878119882

1015840= (119872

1015840 120588

1015840)) rarr 119877119870

119878rarr1198821015840 This

algorithm is performed by the delegator With PK SK119878 and

an access policy 1198821015840

= (1198721015840 120588

1015840) as input it generates a

reencryption key RK119878rarr119882

1015840 for the proxy

119877119890119864119899119888(119875119870 119877119870119878rarr119882

1015840 119862119879119882) rarr 119862119879

1198821015840 It is performed by the

proxy with PK RK119878rarr119882

1015840 and CT119882as input Firstly the proxy

checks whether the attribute in RK119878rarr119882

1015840 meets the accesspolicy of CT

119882 If yes it outputs a reencrypted ciphertext

CT1198821015840 and otherwise perp

119863119890119888(119875119870 119862119879119882 119878119870

119878) rarr 119898 With PK an original ciphertext

CT119882 and a secret key SK

119878as input it returns the plaintext

message119898 if 119878 satisfies the access policy119882 specified for CT119882

and otherwise perp

119863119890119888119877(119875119870 119862119879

1198821015840 119878119870

1198781015840) rarr 119898 This algorithm returns the

plaintext message119898 if 1198781015840 meets the access policy1198821015840 specifiedfor CT

1198821015840 and otherwise perp

342 Security Model The adaptive security definition for aCP-ABPRE scheme is described by a security game betweena challenger 119861 and an adversary119860 which is shown as follows

Setup 119861 runs the Setup algorithm to create a new system andthen sends 119860 the public key PK

Phase 1 119860makes the following queries

(i) Secret Key Extract Queries 119861 runs the KeyGen algorithmafter 119860 submitting sets of attribute 119878

1 119878

2 119878

1199021

and returnssecret keys SK

119878to 119860

(ii) Reencryption Key Extract Queries 119860 submits sets ofattribute 119878

1 119878

2 119878

1199021

and an access structure1198821015840= (119872

1015840 120588

1015840)

Then119861 runs theReKeyGen algorithm and gives the reencryp-tion key RK

119878rarr1198821015840 to 119860

Challenge 119860 chooses two messages 1198720and 119872

1with equal

length and an access structure 119882lowast which cannot be met byany of the queried attribute sets 119878

1 119878

2 119878

1199021

119861 randomlyflips coin 120579 isin 0 1 and encrypts 119872

120579under 119882lowast to generate

CTlowast which is then sent to 119860

Phase 2 Phase 1 is repeated Note that there is a restrictionthat no sets of attributes 119878

1199021+1 119878

1199021+2 119878

119902 can satisfy the

access structure corresponding to 119861

Guess 119860 outputs a guess result 1205791015840 for 120579In the above game the advantage of 119860 is defined as

Adv119860

= |Pr[1205791015840 = 120579] minus 12| And the above security modelcan be easily extended to simulate a game between a CCAadversary and a challenger by permitting Reencryption andDecryption queries during Phases 1 and 2

Definition 8 A Ciphertext-Policy Attribute-Based ProxyReencryption scheme is adaptively secure (or fully secure) ifthe advantage of any polynomial time adversary is negligiblein above game

343 Master Secret Security Master secret security is animportant property for unidirectional PRE defined by Ate-niese et al [43] Roughly speaking even if the dishonest proxycolludes with the receiver who can decrypt the reencryptedciphertext it is still impossible for them to get any informa-tion on delegatorrsquos secret key and the plaintext [44]

Definition 9 The master secret security of a CP-ABPREscheme can be defined based on the following master secretsecurity game

Setup The challenger 119861 runs the Setup algorithm to create anew system and then sends the adversary 119860 the public key(PK)

Queries 119860makes the following queries

(i) 119864119909119905119903119886119888119905(119878) 119861 runs the KeyGen algorithm after 119860 submit-ting attribute sets 119878 and returns secret keys SK

119878to 119860

(ii) 119877119870119864119909119905119903119886119888119905(1198781198821015840) 119860 submits attribute sets 119878 and an

access structure1198821015840= (119872

1015840 120588

1015840) to 119861 Then 119861 runs the ReKey-

Gen algorithm and returns the reencryption key RK119878rarr119882

1015840 to119860

Output 119860 outputs the secret key SK119878lowast corresponding to the

attribute sets 119878lowast


In the above game the advantage of 119860 is defined asAdv

119860= Pr[119860 succeeds] A CP-ABPRE scheme meets master

secret security if there is no polynomial time adversary119860whohas a nonnegligible advantage in winning the above game

Lemma 10 For a CP-ABPRE scheme the plaintext securityimplies the master secret security That is to say for a CP-ABPRE scheme if there is an adversary 119860 who can break itsmaster secret security defined above then there also exists anadversary 1198601015840 who can break this CP-ABPRE scheme

In Section 5 we will prove that there is no polynomialtime adversary who can break the CP-ABPRE scheme with anonnegligible advantage So Lemma 10 is obvious

4 The Proposed CP-ABPRE Scheme

In this section we shall introduce our adaptively secure CP-ABPRE scheme Before this in order to facilitate understand-ing notations used throughout the paper are summarized inNotations

Our adaptively secure CP-ABPRE scheme is constructedin composite order linear groups of order 119873 = 119901

111990121199013(119901

1

1199012 and 119901

3are 3 different prime numbers) with LSSS access

structure Let119866119901119894

denote the subgroup of order 119901119894in119866where

119894 isin 1 2 3 The subgroup 1198661199012

is only used in security proofOur scheme is shown as follows

(1) 119878119890119905119906119901(1120582 119880) Taking as input the security parameter 120582 andsystem attribute set 119880 the trusted authority chooses randomelements 120578 119886 isin 119885

119873 a generator 119892 isin 119866

1199011

an element 1198920isin

1198661199011

and a generator 1198833isin 119866

1199013

And then it computes 1198921=

119890(119892 119892)120578 and 119892

2= 119892

119886 For each attribute 119909 isin 119880 it also choosesa random element ℎ

119909isin 119885

119873and computes 119867

119909= 119892

ℎ119909 The

public key is denoted as

PK = (119873 1198920 119892

1 119892

2 119867

119909 forall119909 isin 119880) (4)

The trusted authority sets the master secret key as MSK =

(1205781198833)

(2) 119870119890119910119866119890119899(119875119870119872119878119870 119878) Taking the public key (PK) themaster secret key (MSK) and the user attribute set 119878 as inputthis algorithm first chooses a random value 119905 isin 119885

119873and

another three random elements 1198770 119877

1015840

0 119877

119909isin 119866

1199013

Then itcomputes the secret key as

SK

= (119878 119870 = 1198921205781198921198861199051198770 119871 = 119892

1199051198771015840

0 119870

119909= 119867

119905

119909119877119909 forall119909 isin 119878)

(5)

(3) 119864119899119888(119875119870119882119898) This algorithm takes as input the publickey (PK) an access policy 119882 = (119872 120588) and a message 119898where 119872 is an 119897 times 119899 matrix and the function 120588 associatesrows of 119872 to attributes This algorithm randomly chooses acolumn vector 997888V = (119904 119910

2 119910

3 119910

119899) isin 119885

119899

119873 These values will

be used to share the encryption exponent 119904 For 119894 = 1 2 119897it computes 120582

119894=997888119872

119894sdot997888V where 997888119872

119894denotes the 119894th row of119872

Then the algorithm chooses random numbers 1199031 119903

2 119903

119897isin

119885119873The ciphertext is generated as

CT = (119862 = 119898119890 (119892 119892)120578119904 119862

1015840= 119892

119904 119862

10158401015840= 119892

119904

0 119862

119894

= 119892119886997888119872119894sdot997888V119867

minus119903119894

120588(119894) 119863

119894= 119892

119903119894 forall119894 isin 1 2 119897)

(6)

(4) 119877119890119870119890119910119866119890119899(119875119870 1198781198701198821015840) To generate a reencryption key

for another access policy 1198821015840

= (1198721015840 120588

1015840) this algorithm

takes as input the public key PK the secret key SK =(119878 119870 119871 119870

119909 forall119909 isin 119878) and another access policy 119882

1015840=

(1198721015840 120588

1015840) It needs to choose a random element 120573 isin 119885

119873and

computes = 119864119899119888(PK1198821015840 119892

120573) Then the reencryption key is

set to

RK = (119878 1199031198961= 119870119892

120573

0 119903119896

2= 119871119870

1015840

119909= 119870

119909 forall119909 isin 119878) (7)

(5) 119877119890119864119899119888(119875119870 119877119870 119862119879) This algorithm takes as input thepublic key (PK) a reencryption key (RK) and a ciphertextCT = (119862 119862

1015840 119862

10158401015840 119862

119894 119863

119894 forall119894) It first checks whether the

attribute set in RKmeets the access policy of CT It computes

119862119905=

119890 (1198621015840 119903119896

1)

prod119894isin119868

(119890 (119862119894 119903119896

2) 119890 (119863

119894 1198701015840

120588(119894)))

119908119894

(8)

and outputs a reencrypted ciphertext CT1015840= (119862 119862

1015840 119862

119905) if

yes and outputs perp otherwise

(6) 119863119890119888(119875119870 119862119879 119878119870) The original ciphertext decryptionalgorithm takes the public key (PK) an original ciphertext(CT) for access policy119882 and a secret key (SK) for an attributeset 119878 as input Assume that 119878 meets119882 and 119868 sub 1 2 119897 isdefined as 119868 = 119894 | 120588(119894) isin 119878 Then let 119908

119894isin 119885

119873119894isin119868

be a setof constants such that if 120582

119894 are valid shares of any secret 119904

according to119872 then sum119894isin119868

119908119894120582119894= 119904 holds

The message119898 can be recovered as

119898 =119862prod

119894isin119868(119890 (119862

119894 119871) 119890 (119863

119894 119870

120588(119894)))

119908119894

119890 (1198621015840 119870)

=119862

119890 (prod119894isin119868119862minus119908119894

119894 119871) 119890 (1198621015840 119870prod

119894isin119868119870minus119908119894

120588(119894))

(9)

(7) 119863119890119888119877(119875119870 119862119879

1015840 119878119870

1015840) The reencrypted ciphertext decryp-

tion algorithm takes the public key (PK) a reencryptedciphertext CT1015840 for access policy1198821015840 and a secret key SK1015840 foran attribute set 1198781015840 as input If 1198781015840 satisfies 1198821015840 this algorithmcomputes as follows

(71) Decrypt 119892120573 from by the Dec algorithm

(72) Then compute the message119898 by119898 = 119862119890(11986210158401015840 119892

120573)119862

119905


5 Analyses and Proof

51 Correctness Analyses The correctness of the scheme isbased on the bilinear character of pairing 119890 119866 times 119866 rarr

119866119879 First we show the correctness of the original ciphertext

decryption as follows

119898 =119862prod

119894isin119868(119890 (119862

119894 119871) 119890 (119863

119894 119870

120588(119894)))

119908119894

119890 (1198621015840 119870)

=

119898119890 (119892119892)120578119904prod

119894isin119868(119890 (119892

119886997888119872119894sdot997888V119867

minus119903119894

120588(119894)119892

1199051198771015840

0) 119890 (119892

119903119894 119867

119905

120588(119894)119877120588(119894)))

119908119894

119890 (119892119904 119892120578119892119886119905)

=119898119890 (119892 119892)

120578119904119890 (119892 119892)

119886119905sum119894isin119868(997888119872119894sdot997888V )119908119894

119890 (119892 119892)120578119904119890 (119892 119892)

119904119886119905= 119898

(10)

Then the correctness of the decryption algorithm for thereencrypted ciphertext is shown as follows

119898 =119862119890 (119862

10158401015840 119892

120573)

119862119905

=

119862119890 (11986210158401015840 119892

120573)prod

119894isin119868(119890 (119862

119894 119903119896

2) 119890 (119863

119894 119870

1015840

120588(119894)))

119908119894

119890 (1198621015840 1199031198961)

=

119898119890 (119892 119892)120578119904119890 (119892

119904

0 119892

120573)prod

119894isin119868(119890 (119892

119886(997888119872119894sdot997888V )119867

minus119903119894

120588(119894) 119892

1199051198771015840

0) 119890 (119892

119903119894 119867

119905

120588(119894)119877120588(119894)

))

119908119894

119890 (119892119904 119892120578119892119886119905119892120573

01198770)

=119898119890 (119892 119892)

119904120578119890 (119892

119904

0 119892

120573) 119890 (119892 119892)

119886119905sum119894isin119868(997888119872119894sdot997888V )119908119894

119890 (119892 119892)119904120578119890 (119892 119892

0)119904120573119890 (119892 119892)

119904119886119905= 119898

(11)

Both the original ciphertext decryption and the reen-crypted ciphertext decryption processes in Section 4 arecorrect because the message 119898 can be recovered correctlyHence our CP-ABPRE scheme is also correct

52 Security Proof Dual system encryption [27] is consid-ered as a common andpowerful tool to transforma selectivelysecure scheme into an adaptively secure one [13 45 46] Ina dual system encryption scheme both keys and ciphertextshave two forms normal and semifunctional [13] A nor-mal key can be used to decrypt normal or semifunctionalciphertexts while a semifunctional key can only be used todecrypt normal ciphertexts Notably the semifunctional keysand ciphertexts are only used in security proof To provethe security of our CP-ABPRE scheme we firstly define thesemifunctional keys and ciphertexts as follows

Let 1198922be a generator of 119866

1199012

Semifunctional Ciphertexts We firstly use the Enc algorithmto generate normal ciphertext and choose element 119888 isin 119885

119873

randomly Then we choose random values 119911119909isin 119885

119873for each

attribute random values 120574119894isin 119885

119873for the 119894th row of matrix

119872 and a random column vector 997888119906 isin 119885119899

119873 The semifunction

ciphertext is set as

1198621015840= 119892

119904119892119888

2

119862119894= 119892

119886997888119872119894sdot997888V119867

minus119903119894

120588(119894)119892

997888119872119894sdot997888119906+120574119894119911120588(119894)

2

119863119894= 119892

119903119894119892

minus120574119894

2

forall119894 isin 1 2 119897

(12)

Semifunctional Key We use KeyGen algorithm to generatenormal secret key And then we choose random exponents119887 119889 isin 119885

119873to set the semifunctional key as follows

A semifunctional key of type 1 is

119870 = 1198921205781198921198861199051198770119892119889

2

119871 = 1198921199051198771015840

0119892119889

2

119870119909= 119867

119905

119909119877119909119892119887119911119909

2forall119909 isin 119878

(13)

A semifunctional key of type 2 (in type 1 119887 = 0) is

119870 = 1198921205781198921198861199051198770119892119889

2

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909

forall119909 isin 119878

(14)

We should note that there will be an extra factor119890(119892

2 119892

2)119888119889minussum

119894isin119868119887997888119872119894sdot997888119906119908119894 = 119890(119892

2 119892

2)119888119889minus119887119906

1 (1199061= (1 0 0 0) sdot

997888119906 ) when a semifunctional key is used to decrypt a semi-functional ciphertext But when the formula 119888119889 = 119887119906

1

holds the semifunctional key of type 1 called a nominallysemifunctional key can decrypt the semifunctional ciphertextsuccessfully

Our proof of security relies on Assumptions 1 3 and 5defined in Section 3 The security proof is obtained via ahybrid argument over a sequence of games defined bellow Let119876 be the maximum number of key queries that the adversarymakes and a series of games are defined as follows

119866119886119898119890119903119890119886119897

It denotes the real CP-ABPRE security gamedefined in Section 3 with normal keys and ciphertexts


1198661198861198981198900 It is similar to the above real game except that thechallenge ciphertext is transformed into semifunctional one

1198661198861198981198901198961 In the game the challenge ciphertext is semifunc-

tional the first 119896 minus 1 queried keys are semifunctional ones oftype 2 the 119896th key is semifunctional one of type 1 and the restof the keys are normal ones

1198661198861198981198901198962 The challenge ciphertext is semifunctional the first

119896 queried keys are semifunctional ones of type 2 and theremaining keys are normal ones

119866119886119898119890119865119894119899119886119897

All keys are semifunctional ones of type 2 andthe challenge ciphertext is semifunctional encryption of arandom message which is independent of the two messagesprovided by the adversary So the advantage of the adversaryin this game is negligible

In the latter part of this section we will prove thatthe above games are indistinguishable under the compositeassumption

Lemma 11 Assume that there is a polynomial time adversary119860 such that 119866119886119898119890

119903119890119886119897119860119889V

119860minus 1198661198861198981198900119860119889V119860 = 120576 Then we can

construct another polynomial time algorithm 119861 that can breakAssumption 1 with a nonnegligible advantage 120576

Proof We establish a polynomial time algorithm 119861 whichreceives 119892 119883

3 119879 to simulate either Gamereal or Game

0with

119860 based on setting whether 119879 isin 11986611990111199012

or 119879 isin 1198661199011

Setup 119861 chooses random exponents 119886 120578 ℎ119909

isin 119885119873(forall119909)

sends the public key PK = (119873 119892 1198920 119890(119892 119892)

120578 119892

119886 119867

119909=

119892ℎ119909 forall119909) to the adversary 119860 and at the same time securely

keeps the master secret key MSK = (120578 1198833)

Phase 1 119861 responds to whatever 119860rsquos key requests by using theKeyGen algorithm tomake normal keys since it has theMSK

Challenge 119860 provides two messages 1198720and 119872

1with equal

length and a challenge access matrix 119882lowast

= (119872lowast 120588) to 119861

For each row 119894 of matrix 119872lowast 119861 first chooses random valuesV10158402 V1015840

3 V1015840

119899isin 119885

119873and a random element 1199031015840

119894isin 119885

119873to build

the column vector 997888V 1015840

= (1 V10158402 V1015840

3 V1015840

119899) Then 119861 chooses

a random message 119872120579from 119872

0and 119872

1and computes the

challenge ciphertext 119862lowast as

119862 = 119872120579119890 (119892 119892)

119904120578= 119872

120579119890 (119892 119879)

120578

1198621015840= 119879

119862119894= 119879

119886997888119872

lowast

119894sdot997888V1015840

119879minus1199031015840

119894ℎ120588(119894)

119863119894= 119879

1199031015840

119894

(15)

where 120579 isin 0 1 is the random coin

Phase 2 Repeat Phase 1

Guess 119860 outputs its guess result 1205791015840 of 120579

If 119879 isin 1198661199011

let 119879 = 119892119904 This is a normal ciphertext

with 997888V = 119904997888V

1015840 and 119903119894= 119903

1015840

119894119904 119861 has simulated Gamereal for

119860 If 119879 isin 11986611990111199012

let 119879 = 119892119904119892119888

2 This is a semifunctional

ciphertext with 119906 = 119888119886V1015840 120574119894= minus119888119903

1015840

119894 and 119911

120588(119894)= ℎ

120588(119894)

By the Chinese Remainder Theorem (CRT) the values of119886 V1015840

2 V1015840

3 V1015840

119899 119903

1015840

119894 ℎ

120588(119894)modulo 119901

2are uncorrelated to their

values modulo 1199011 119861 has simulated Game

0for 119860

Hence if 119860 can distinguish Gamereal and Game0with a

nonnegligible advantage 120576 119861 can distinguish element on 1198661199011

and 11986611990111199012

with a nonnegligible advantage 120576

Lemma 12 Assume that there is a polynomial time adversary119860 such that119866119886119898119890

119896minus12119860119889V119860minus1198661198861198981198901198961119860119889V119860 = 120576Then another

polynomial time algorithm 119861 which can break Assumption 3with a nonnegligible advantage 120576 can be constructed

Proof 119861 receives 119892 11988311198832 119883

3 119884

21198843 119879 to simulate either

Game119896minus12

or Game1198961

with119860 based on setting whether119879 isin 119866

or 119879 isin 11986611990111199013

Setup 119861 chooses random exponents 119886 120578 ℎ119909isin 119885

119873(forall119909 isin 119880)

to generate the public key PK = (119873 119892 1198920 119890(119892 119892)

120578 119892

119886 119867

119909=

119892ℎ119909 forall119909) and sends it to119860 At the same time119861 should securely

keep the master secret key MSK = (120578 1198833)

Phase 1 This phase can be divided into three parts

(1) To form the first 119896minus1 semifunctional keys of type 2 119861responds to each119860rsquos key query by randomly choosingelements 119905 isin 119885

119873and 119877

1015840

0 119877

119909isin 119866

1199013

and sets

119870 = 119892120578119892119886119905(119884

21198843)119905

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(16)

(2) To generate the normal keys of queries greater than 119896119861 needs to run the KeyGen algorithm since it has themaster secret key (MSK)

(3) To answer the 119896th query set 119892119905 equal to the 1198661199011

partof119879Then 119861 randomly chooses elements119877

0 119877

1015840

0 119877

119909isin

1198661199013

and computes

119870 = 1198921205781198791198861198770

119871 = 1198791198771015840

0

119870119909= 119879

ℎ119909119877

119909forall119909 isin 119878

(17)

If 119879 isin 11986611990111199013

the above key is a normal one And if 119879 isin 119866it is a semifunctional one of type 1 In this case there exists119911119909= ℎ

119909 If we let factor 119892119887

2denote the 119866

1199012

part of 119879 thereis 119889 equiv 119887119886mod119901

2 Note that 119911

119909mod119901

2is uncorrelated to

ℎ119909modulo119901

1 let 119892119887

2119886 be equal to the 119866

1199012

part of 119870 let 1198921198872be

equal to the1198661199012

part of 119871 and let 1198921198871199111199092

be equal to the1198661199012

partof 119870

119909



1with equal

length and a challenge access matrix (119872lowast 120588) for 119861 119861 sets

119892119904

= 1198831and 119892

119887

2= 119883

2 Then 119861 chooses random

values 1199062 119906

3 119906

119899isin 119885

119873to define the vector 997888

1199061015840

=

(119886 1199062 119906

3 119906

119899) and randomly chooses exponent 1199031015840

119894isin 119885

119873

119861 chooses a random message 119872120579from 119872

0and 119872

1and

computes the challenge ciphertext 119862lowast as

119862 = 119872120579119890 (119892119883

11198832)120578

1198621015840= 119883

11198832

119862119894= (119883

11198832)

997888119872

lowast

119894sdot1199061015840

(11988311198832)minus1199031015840

119894ℎ120588(119894)

119863119894= (119883

11198832)1199031015840

119894

(18)

where 120579 isin 0 1 is the random coin We set 997888V = 119886minus11199049978881199061015840

and 997888119906 = 119888

9978881199061015840

so 119904 is shared in the subgroup 1198661199011

and 119888 sdot 119886 isshared in the subgroup 119866

1199012

It also sets 119903119894= 119904 sdot 119903

1015840

119894and 120574

119894=

minus119888 sdot 1199031015840

119894 The values 119911

120588(119894)= ℎ

120588(119894)match those in the 119896th key if it

is semifunctional of type 1Actually if the 119896th key can be used to decrypt the

challenge ciphertext then 119888119889 minus 1198871199061

= 119888119887119886 minus 119887119888119886 = 0

modulo 1199012holds so our key is either normal or nominally

semifunctional We must argue that this is hidden to 119860

that cannot request any keys that can be used to decryptthe challenge ciphertext Note that attributes are only usedonce in labeling the rows of the matrix When attribute119909 notin 119878 119911

119909only appeared in the 119896th key because all keys

are semifunctional ones of type 2 except for the 119896th oneBecause the 119896th key cannot be used decrypting the challengeciphertext which implies the row space 119877 formed by therows of the matrix 119872 whose attributes are in the key doesnot include the vector (1 0 0) Thus we denote a vector997888120590 that is orthogonal to 119877 and not orthogonal to vector(1 0 0)We set an equation that997888119906 = 119891

997888120590+

99788811990610158401015840

for119891 isin 119885119873

and 11990610158401015840 is in the span of the basis elements not equal to 997888

120590 We note that 11990610158401015840 is properly distributed and reveals nothingabout 119891 Since 119906

1=

997888119906 sdot (1 0 0 0) = 119891(1 0 0 0) sdot

997888120590 + (1 0 0 0) sdot

99788811990610158401015840

and (1 0 0 0) sdot997888120590 = 0 the item

997888119906 sdot (1 0 0 0) is correlated to 119891

For 120588(119894) isin 119878 the equation 997888119872

119894sdot997888119906 =

997888119872

119894sdot (119891

997888120590 +

99788811990610158401015840

) =997888119872

119894sdot99788811990610158401015840

has nothing to do with 119891 And for120588(119894) notin 119878 119891997888120590 canbe obtained only in the equation 997888

119872

lowast

119894sdot997888119906 + 120574

119894119911120588(119894)

where 120588(119894)is attribute which does not appear in the 119896th key As long aseach 120574

119894mod 119901

2is not congruent to 0 each equation brings

a new unknown factor 119911120588(119894)

that appears nowhere else andso the adversary 119860 can get nothing about 119891 More preciselyfor any value of 119906

1 there is the same number of solutions to

these equations Hence as long as each 120574119894is nonzero modulo

1199012 the ciphertext and the 119896th key are properly distributed in

the adversaryrsquos view with a probability negligibly close to 1Thus if 119879 isin 119866

11990111199013

then 119861 has simulated Game119896minus12

with 119860 If 119879 isin 119866 and 120574119894is nonzero modulo 119901

2 then 119861 has

simulated Game1198961 Hence 119861 can use the output result of119860 to

distinguish between these possibilities for 119879 In other words119861 can break Assumption 3 with advantage 120576

Hence if the adversary119860 has a nonnegligible advantage 120576to distinguish Game

119896minus12and Game

1198961 119861 can also distinguish

element on11986611990111199013

and119866with a nonnegligible advantage 120576

Lemma 13 Suppose that there is a polynomial time adversary119860 such that 119866119886119898119890

1198961119860119889V119860 minus 1198661198861198981198901198962119860119889V119860 = 120576Then another

polynomial time algorithm 119861 which breaks Assumption 3 witha nonnegligible advantage 120576 can be constructed

Proof 119861 receives 119892 11988311198832 119883

3 119884


Game1198961

or Game1198962

with the adversary 119860 depending onwhether 119879 isin 119866 or 119879 isin 119866

11990111199013

This proof is very similar tothat of Lemma 12 so here we only describe Phases 1 and 2

Phase 1 The first (119896 minus 1) semifunctional keys of type 2 andthe last (119876 minus 119896) normal keys are constructed exactly as inLemma 12 To answer the 119896th query 119861 randomly chooses anexponent ℎ isin 119885

119873and then computes

119870 = 1198921205781198791198861198770(119884

21198843)ℎ

119871 = 1198791198771015840

0

119870119909= 119879

ℎ119909119877

119909forall119909 isin 119878

(19)

The only difference from Lemma 12 here is adding a term(119884

21198843)ℎ which randomizes the 119866

1199012

part of 119870 so the 119896th keyis no longer a semifunctional one It would be failed if wetry to use it to decrypt the semifunctional ciphertext becausecondition 119888119889 minus 119887119906

1equiv 0mod 119901

2is no longer established

Phase 2 Phase 1 is repeatedHence if 119879 isin 119866

11990111199013

the 119896th key is a properly distributedsemifunctional key of type 2 and therefore 119861 simulatesGame

1198962for 119860 If 119879 isin 119866 the 119896th key is a properly

distributed semifunctional key of type 1 and therefore 119861

simulates Game1198961

for 119860 As a result if 119860 has a nonnegligibleadvantage 120576 to distinguish Game

1198962and Game

1198961 119861 also has

a nonnegligible advantage 120576 to distinguish element in 11986611990111199013

and 119866


1198762119860119889V119860 minus 119866119886119898119890119865119894119899119886119897

119860119889V119860

= 120576 Then wecan construct a polynomial time algorithm 119861 which can breakAssumption 5 with a nonnegligible advantage 120576 which can beconstructed

Proof The proof is similar to those of Lemmas 11ndash13 119861receives 119892 119892

1205721198832 119883

3 119892

1199041198842 119885

2 119879 to simulate Game

1198762or

GameFinal with 119860 based on whether 119879 = 119890(119892 119892)120578119904 or 119879 is a

random element of 119866119879

Setup 119861 chooses random values 119886 ℎ119909

isin 119885119873(forall119909 isin

119880) and sends the public key PK = (119873 119892 1198920 119890(119892 119892)

120578=

119890(119892 1198921205781198832) 119892

119886 119867

119909= 119892

ℎ119909 forall119909) to119860 Note that119861 does not know

120578


Table 1 Property comparisons

Schemes Access structure Adaptive security Complexityassumption Supported policy

Liang et alrsquos [6] AND gate betweentwo-value attributes N ADBDH

CTDH And

Luo et alrsquos [7] AND gate amongmultivalue attributes N DBDH And

Seo and Kimrsquos [8] AND gate betweentwo-value attributes N ADBDH

CTDH And

Lirsquos [9] LSSS matrix N DPBDHE Any monotonic access formulaLiang et alrsquos [11] LSSS matrix N DPBDHE Any monotonic access formulaLiang et alrsquos [14] LSSS matrix Y DPBDHE Any monotonic access formulaBackes et alrsquos [15] LSSS matrix Y DPBDHE AndOur scheme LSSS matrix Y 3P-SDP Any monotonic access formulaDBDHDecisional Bilinear Diffie-Hellman CTDHComplex Triple Diffie-Hellman ADBDHAugmentDecisional Bilinear Diffie-Hellman 3P-SDP subgroupdecision problem for 3 primes and DPBDHE Decisional 119902-Parallel Bilinear Diffie-Hellman Exponent

Phase 1 To form semifunctional keys of type 2 119861 responds toeach 119860rsquos key query by randomly choosing elements 119905 isin 119885

119873

and 1198770 119877

1015840

0 119877

119909isin 119866

1199013

and sets

119870 = 119892120578119892119886119905119885119905

21198770

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(20)

which is similar as in the previous lemmas

Challenge 119860 submits two messages 1198720and 119872

1with equal

length and a matrix (119872lowast 120588) to 119861 119861 then takes 119904 from

the assumption term 1198921199041198842 It randomly chooses values

1199062 119906

3 119906

119899isin 119885

119873to define a vector 1199061015840 = (119886 119906

2 119906

3 119906

119899)

and randomly chooses an exponent 1199031015840119894isin 119885

119873 119861 chooses a

random message 119872120579from 119872

0and 119872

1and generates the


119862 = 119872120579119879

1198621015840= 119892

1199041198842

119862119894= (119892

1199041198842)

997888119872

lowast

119894

9978881199061015840

(1198921199041198842)minus1199031015840

119894ℎ120588(119894)

119863119894= (119892

1199041198842)1199031015840

119894

(21)

where 120579 isin 0 1 is the random coin We note that there existsV = 119886

minus1119904119906

1015840 and 119906 = 1198881199061015840 so 119904 is being shared in the subgroup

1198661199011

and 119888119886 is being shared in the subgroup 1198661199012

At the sametime set 119903

119894= 119904119903

1015840

119894and 120574

119894= minus119888119903

1015840

119894


Guess A outputs its guess result 1205791015840 of 120579If 119879 = 119890(119892 119892)

120578119904 then this is a properly distributedsemifunctional ciphertext with message 119872

120579 Otherwise this

is a semifunctional ciphertext of a random message and willnot give anything about 120579 to the attacker

Hence if 119860 can distinguish Game1198762

and GameFinal witha nonnegligible advantage 120576 119861 can distinguish the element119890(119892 119892)

120578119904 and a random element in 119866119879with a nonnegligible

advantage 120576

Theorem 15 If Assumptions 1 3 and 5 hold our CP-ABPREscheme is adaptively secure

Proof If Assumptions 1 3 and 5 hold we have proved that thereal CP-ABPRE security game Gamereal is indistinguishablefrom GameFinal by previous Lemmas 11ndash14 And because thechallenger in GameFinal chooses a random message 119872

120579to

encrypt the adversary could not get any information on 120579 Inother words the advantage of adversary in GameFinal can benegligible so the advantage of the adversary in Gamereal canbe also negligible Hence our CP-ABPRE scheme is secure

53 Analyses and Discussions531 Security Analysis The reencryption control whichallows the encryptor to decide whether the ciphertext canbe reencrypted was first put forward by Luo et al in [7] Inour CP-ABPRE scheme we can see that the element 11986210158401015840

=

119892119904

0is of no use in the original ciphertext decryption phase

and it is only used in the reencrypted ciphertext decryptionphase If the encryptor does not provide the factor 119892

119904

0 it

is impossible for the decryption of reencrypted ciphertextSo in our scheme the encryptor can control whether theciphertext can be reencrypted (in fact he can decide whetherthe reencrypted ciphertext can be decrypted) In additionour scheme overcomes the restriction on the attacker in aselective security model in the existing schemes [6ndash9 11] andis proven adaptively secure in the standard model withoutjeopardizing the expressiveness of access policy

532 Performance Analyses In this part we will make somecomparisons of different CP-ABPRE schemes and the resultsare summarized in Tables 1ndash3 A comparison of access expres-sion and some properties is given in Table 1 In addition we


Table 2 Performance comparisons (I)

Schemes PK MK SK CiphertextLiang et alrsquos [6] (6119899 + 2)119871

119866+ 119871

119866119879(3119899 + 1)119871

119885119902(2119899 + 1)119871

119866(119899 + 2)119871

119866+ 119871

119866119879

Luo et alrsquos [7] (1198731015840+ 2119899 + 4)119871

119866+ 119871

119866119879(119873

1015840+ 2119899 + 1)119871

119885119902(4119899 + 1)119871

119866(119899 + 2)119871

119866+ 119871

119866119879

Seo and Kimrsquos [8] (3119899 + 2)119871119866+ 119871

119866119879+ 3119899119871

119885119902(3119899 + 3)119871

119885119902(119899 + 1)119871

119866+ 119871

119885119902(119899 + 2)119871

119866+ 119871

119866119879

Lirsquos [9] (119899 + 2)119871119866+ 119871

119866119879119871119866

(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119871119866+ 119871

119866119879

Liang et alrsquos [11] 3119871119866+ 119871

119866119879+ 6Hash 119871

119866(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 3)119871119866+ 119871

012119896

Liang et alrsquos [14] (119899 + 6)119871119866+ 119871

1198661198792119871

119866(1003816100381610038161003816119860119880

1003816100381610038161003816 + 3)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 5)119871119866+ 119871

119866119879

Backes et alrsquos [15] (119899 + 2)119871119866+ 119871

119866119879119871119866+ (1 + 119899)119871

119885119902(119899 + 1)119871

1198663119871

119866+ 119871

119866119879+ 119899119871

119885119902

Our scheme (119899 + 2)119871119866+ 119871

119866119879119871119866+ 119871

119885119902(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119871119866+ 119871

119866119879

Table 3 Performance comparisons (II)

Schemes Encryption Decryption Reencryption Reencrypted decryptionLiang et alrsquos [6] (119899 + 2)119866 + 2119866

119879(119899 + 2)119875 + 2119866

119879(119899 + 1)119875 + 119866

119879(119899 + 3)119875 + 4119866

119879

Luo et alrsquos [7] (119899 + 2)119866 + 2119866119879

2119899119875 + 3119866119879

(2119899 + 1)119875 + (119899 + 1)119866119879

(2119899 + 1)119875 + 5119866119879

Seo and Kimrsquos [8] (119899 + 2)119866 + 2119866119879

2119875 + (3119899 + 2)119866 + 2119866119879

2119875 + 3119899119866 + 119866119879

3119875 + 3119899119866 + 4119866119879

Lirsquos [9] (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 2119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + 3119866119879

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 1)119875 + 41003816100381610038161003816119860119862

1003816100381610038161003816 119866 + 31003816100381610038161003816119860119862

1003816100381610038161003816 119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + (31003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119866119879

Liang et alrsquos [11] (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + 31003816100381610038161003816119860119880

1003816100381610038161003816 119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + (31003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + 31003816100381610038161003816119860119880

1003816100381610038161003816 119866119879


1003816100381610038161003816 + 4)119866 + 2119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 3)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 4)119866119879

Backes et alrsquos [15] (119899 + 3)119866 + 2119866119879

2119875 + 119899119866 119899119875 + (119899 minus 1)119866 119899119875 + 2119866 + 119866119879

Our scheme (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 2119866119879

2119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 2119866119879

2119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 2119866119879

3119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 4119866119879

shall compare the performance and efficiency of our proposalwith the existing ones in Tables 2 and 3 We use |119860

119880| |119860

119862|

and 119899 to denote the attributes held by user 119880 the attributesrequired by the ciphertext and the number of attributes insystems respectively We use 119866 to denote the operation ingroup 119866 119866

119879for the operation in group 119866

119879 and 119875 for the

bilinear pairing operationWeuse symbol119871lowastto denote the bit

length of element in lowast At last we use1198731015840= sum

119899

119894=1119899119894to denote

the total number of possible values of attributes where 119899119894is

the number of possible values for attribute 119894From Tables 1ndash3 we can draw the following conclusions

Liang et al [6] Luo et al [7] Seo and Kim [8] andBackes et al [15] respectively proposed their schemes basedon the CP-ABE in which the ciphertext is associated withAND gates access structure However the access policyin these four schemes is not flexible enough it can onlysupport AND operation on attributes The ciphertext policyrealized in Lirsquos [9] Liang et alrsquos [11 14] and our scheme isLSSS matrix access structure which supports any monotonicaccess formula including what the AND gate access structuresupports Different fromLirsquos [9] and Liang et alrsquos [11] schemesour scheme is adaptively secure And what is more ourscheme needs only a constant number of paring operationsin Reencryption and Decryption phase when compared withLiang et alrsquos scheme [14] That is our scheme greatly reducesthe computational overhead

From the above analysis we can conclude that ourscheme ismore efficient and secure than previous CP-ABPREschemes

6 ConclusionsCP-ABPRE employs the PRE technology in the ABE crypto-graphic setting and could be applicable to many real world

applications such as email forwarding The existing CP-ABPRE systems however were proven secure only in theselective security model which causes attacker to behavedifferently from real environment So an efficient and adap-tively secure Attribute-Based Proxy Reencryption scheme isproposed in this paper By using the dual system encryptionthe proposed scheme can be proven to be adaptively securerather than selectively secure which is much less practi-cal Meantime our scheme supports any monotone accessformulas including what the AND gate access structuresupports And compared with the existing schemes ourscheme needs only a constant number of paring operations inReencryption and Decryption phase which greatly reducesthe computational overhead

Notations

119901119894 Large prime number (119894 = 1 2 3)

119873 Order of composite order linear groups119866 Additive group of order 119901119866119901119894

The subgroup of order 119901119894in 119866 (119894 = 1 2 3)

120582 Security parameter119880 System attribute set119885119873 The set of positive integers which are less than119873

119892 Generator of 1198661199011

1198833 Generator of 119866

1199013

119890 Bilinear mapping that is 119890 119866 times 119866 rarr 119866119879

PK The private keyMSK The master secret key119878 User attribute setSK The secret key119882 An access policy119872 An 119897 times 119899matrix


120588 The rows of119872 to attributes119898 Message to sign119904 The encryption exponentRK The reencryption key

Competing Interests

The authors declare that there are no competing interestsregarding the publication of this paper

Acknowledgments

This work was supported by Natural Science Foundationof China under Grant no 61103178 Natural Science BasicResearch Plan in Shaanxi Province of China under Grantsnos 2015JM6294 and 2016JM6002 and the FundamentalResearch Funds for the Central Universities under Grant no3102015JSJ0003

References

[1] D G Feng and C Chen ldquoResearch on attribute-based cryp-tographyrdquo Journal of Cryptologic Research vol 1 no 1 pp 1ndash122014

[2] V Goyal O Pandey A Sahai and B Waters ldquoAttribute-basedencryption for fine-grained access control of encrypted datardquoin Proceedings of the 13th ACM Conference on Computer andCommunications Security (CCS rsquo06) pp 89ndash98 Alexandria VaUSA October 2006

[3] Q Y Li and F L Zhang ldquoA fully secure attribute based broadcastencryption schemerdquo International Journal of Network Securityvol 17 no 3 pp 263ndash271 2015

[4] K T Liang LM FangD SWong andW Susilo ldquoA ciphertext-policy attribute-based proxy re-encryption scheme for datasharing in public cloudsrdquo Concurrency and Computation Prac-tice and Experience vol 27 no 8 pp 2004ndash2027 2014

[5] C-C Chang C-Y Sun and T-F Cheng ldquoA dependablestorage service system in cloud environmentrdquo Security andCommunication Networks vol 8 no 4 pp 574ndash588 2015

[6] X Liang Z Cao H Lin and J Shao ldquoAttribute based proxyre-encryption with delegating capabilitiesrdquo in Proceedings of the4th International Symposium on ACM Symposium on Informa-tion Computer and Communications Security (ASIACCS rsquo09)pp 276ndash286 ACM March 2009

[7] S Luo J Hu and Z Chen ldquoCiphertext policy attribute-basedproxy re-encryptionrdquo in Information and CommunicationsSecurity M Soriano S Qing and J Lopez Eds vol 6476 ofLecture Notes in Computer Science pp 401ndash415 Springer BerlinGermany 2010

[8] H Seo and H Kim ldquoAttribute-based proxy re-encryption witha constant number of pairing operationsrdquo International Journalof Information and Communication Engineering vol 10 no 1pp 53ndash60 2012

[9] K Y Li ldquoMatrix access structure policyused in attribute-basedproxy re-encryptionrdquo httparxivorgabs13026428

[10] P-S Chung C-W Liu andM-S Hwang ldquoA study of attribute-based proxy re-encryption scheme in cloud environmentsrdquoInternational Journal of Network Security vol 16 no 1 pp 1ndash132014

[11] K T Liang L M Fang D S Wong and W Susilo ldquoAciphertext-policy attribute-based proxy re-encryption withchosen-ciphertext securityrdquo Tech Rep 2013236 IACR Cryp-tology ePrint Archive 2013

[12] Y Kawai ldquoOutsourcing the re-encryption key generationflexible ciphertext-policy attribute-based proxy re-encryptionrdquoin Information Security Practice and Experience vol 9065 ofLecture Notes in Computer Science pp 301ndash315 Springer BerlinGermany 2015

[13] A Lewko T Okamoto A Sahai K Takashima and B WatersldquoFully secure functional encryption attribute-based encryptionand (hierarchical) inner product encryptionrdquo in Advances inCryptologymdashEUROCRYPT 2010 H Gilbert Ed vol 6110 ofLecture Notes in Computer Science pp 62ndash91 Springer BerlinGermany 2010

[14] K Liang M H Au W Susilo D S Wong G Yang and Y YuldquoAn adaptively CCA-secure ciphertext-policy attribute-basedproxy re-encryption for cloud data sharingrdquo in InformationSecurity Practice and Experience 10th International ConferenceISPEC 2014 Fuzhou China May 5ndash8 2014 Proceedings vol8434 of Lecture Notes in Computer Science pp 448ndash461Springer Berlin Germany 2014

[15] M Backes M Gagne and S A Krishnan Thyagarajan ldquoFullysecure inner-product proxy re-encryption with constant sizeciphertextrdquo in Proceedings of the 3rd International Workshop onSecurity in Cloud Computing (SCC rsquo15) pp 31ndash40 SingaporeApril 2015

[16] A Sahai and B Waters ldquoFuzzy identity-based encryptionrdquoin Advances in CryptologymdashEUROCRYPT 2005 24th AnnualInternational Conference on the Theory and Applications ofCryptographic Techniques Aarhus Denmark May 22ndash26 2005Proceedings vol 3494 of Lecture Notes in Computer Science pp457ndash473 Springer Berlin Germany 2005

[17] A Shamir ldquoIdentity-based cryptosystems and signatureschemesrdquo in Proceedings of the Advances in Cryptology(CRYPTO rsquo84) pp 47ndash53 Springer Berlin Germany 1985

[18] L J Pang J Yang and Z T Jiang ldquoA survey of research progressand development tendency of attribute-based encryptionrdquo TheScientific World Journal vol 2014 Article ID 193426 13 pages2014

[19] L Cheung and C Newport ldquoProvably secure ciphertext policyABErdquo in Proceedings of the 14th ACM Conference on Computerand Communications Security (CCS rsquo07) pp 456ndash465 Novem-ber 2007

[20] T Nishide K Yoneyama andKOhta ldquoAttribute-based encryp-tion with partially hidden encryptor-specified access struc-turesrdquo in Applied Cryptography and Network Security (ACNS2008) pp 111ndash129 Springer Berlin Germany 2008

[21] J Bethencourt A Sahai and B Waters ldquoCiphertext-policyattribute-based encryptionrdquo in Proceedings of the IEEE Sym-posium on Security and Privacy (SP rsquo07) pp 321ndash334 IEEEComputer Society Berkeley Calif USA May 2007

[22] V Goyal A Jain O Pandey and A Sahai ldquoBounded ciphertextpolicy attribute-based encryptionrdquo in Proceedings of the Inter-national Colloquium Automata Languages and Programming(ICALP rsquo08) pp 579ndash591 Springer Berlin Germany 2008

[23] X H Liang Z F Cao H Lin and D S Xing ldquoProvablysecure and efficient bounded ciphertext policy attribute basedencryptionrdquo in Proceedings of the 4th International Symposiumon Information Computer and Communications Security (ICCSrsquo09) pp 343ndash352 Sydney Australia March 2009


[24] L Ibraim Q Tang P Hartel and W Jonker ldquoEfficient andprovable secure ciphertext-policy attribute-based encryptionschemesrdquo in International Conference on Information SecurityPractice and Experience (ISPEC rsquo09) pp 1ndash12 Springer 2009

[25] B Waters ldquoCiphertext-policy attribute-based encryption anexpressive efficient and provably secure realizationrdquo in PublicKey Cryptography (PKC 2011) pp 53ndash70 Springer BerlinGermany 2011

[26] R Canetti S Halevi and J Katz ldquoA forward-secure public-key encryption schemerdquo in Proceedings of the InternationalConference on the Theory and Applications of CryptographicTechniques (EUROCRYPT rsquo03) Warsaw Poland May 2003Springer 2003

[27] B Waters ldquoDual system encryption realizing fully secureIBE and HIBE under simple assumptionsrdquo in Advances inCryptologymdashCRYPTO 2009 S Halevi Ed vol 5677 of LectureNotes in Computer Science pp 619ndash636 Springer BerlinGermany 2009

[28] A Lewko and B Waters ldquoNew proof methods for attribute-based encryption achieving full security through selectivetechniquesrdquo in Advances in CryptologymdashCRYPTO 2012 32ndAnnual Cryptology Conference Santa Barbara CAUSA August19ndash23 2012 Proceedings vol 7417 of Lecture Notes in ComputerScience pp 180ndash198 Springer Berlin Germany 2012

[29] S Garg C Gentry S Halevi and M Zhandry ldquoFully secureattribute based encryption from multilinear mapsrdquo CryptologyePrint Archive Report 2014622 2014

[30] Z B Ying H Li J F Ma J W Zhang and J T Cui ldquoAdap-tively secure ciphertext-policy attribute-based encryption withdynamic policy updatingrdquo Science China Information Sciencesno 4 pp 1ndash16 2016

[31] T Kitagawa H Kojima N Attrapadung andH Imai ldquoEfficientand fully secure forward secure ciphertext-policy attribute-based encryptionrdquo in Information Security Y Desmedt Ed vol7807 of Lecture Notes in Computer Science pp 87ndash99 SpringerBerlin Germany 2015

[32] M Mambo and E Okamoto ldquoProxy cryptosystems delegationof the power to decrypt ciphertextsrdquo IEICE Transactions onFundamentals of Electronics Communications and ComputerSciences vol 80 no 1 pp 54ndash63 1997

[33] M Blaze G Bleumer and M Strauss ldquoDivertible protocolsand atomic proxy cryptographyrdquo in Advances in CryptologymdashEUROCRYPT rsquo98 International Conference on the Theory andApplication of Cryptographic Techniques Espoo FinlandMay 31ndashJune 4 1998 Proceedings vol 1403 of Lecture Notes in ComputerScience pp 127ndash144 Springer Berlin Germany 1998

[34] P Xu T F Jiao Q H Wu W Wang and H Jin ldquoConditionalidentity-based broadcast proxy re-encryption and its applica-tion to cloud emailrdquo IEEE Transactions on Computers vol 65no 1 pp 66ndash79 2016

[35] X Zhao and H Li ldquoAchieving dynamic privileges in securedata sharing on cloud storagerdquo Security and CommunicationNetworks vol 7 no 11 pp 2211ndash2224 2014

[36] L Barolli X F Chen and F Xhafa ldquoAdvances on cloud servicesand cloud computingrdquo Concurrency and Computation Practiceand Experience vol 27 no 8 pp 1985ndash1987 2015

[37] J Shao Z Cao and P Liu ldquoSCCR a generic approach tosimultaneously achieve CCA security and collusion-resistancein proxy re-encryptionrdquo Security andCommunicationNetworksvol 4 no 2 pp 122ndash135 2011

[38] Y Yang H Zhu H Lu J Weng Y Zhang and K-K RChoo ldquoCloud based data sharing with fine-grained proxy re-encryptionrdquo Pervasive and Mobile Computing vol 28 pp 122ndash134 2016

[39] J Shao R Lu X Lin and K Liang ldquoSecure bidirectional proxyre-encryption for cryptographic cloud storagerdquo Pervasive andMobile Computing vol 28 pp 113ndash121 2016

[40] S Guo Y Zeng J Wei and Q Xu ldquoAttribute-based re-encryption scheme in the standard modelrdquo Wuhan UniversityJournal of Natural Sciences vol 13 no 5 pp 621ndash625 2008

[41] D Boneh E-J Goh and K Nissim ldquoEvaluating 2-DNF for-mulas on ciphertextsrdquo inTheory of Cryptography J Kilian Edvol 3378 of Lecture Notes in Computer Science pp 325ndash341Springer Berlin Germany 2005

[42] A Beimel Secure schemes for secret sharing and key distribution[PhD thesis] Israel Institute of Technology Technion HaifaIsrael 1996

[43] G Ateniese K Fu M Green and S Hohenberger ldquoImprovedproxy re-encryption schemes with applications to secure dis-tributed storagerdquoACMTransactions on Information and SystemSecurity vol 9 no 1 pp 1ndash30 2006

[44] S Luo Q Shen and Z Chen ldquoFully secure unidirectionalidentity-based proxy re-encryptionrdquo in Information Securityand CryptologymdashICISC 2011 14th International ConferenceSeoul Korea November 30ndashDecember 2 2011 Revised SelectedPapers vol 7259 of Lecture Notes in Computer Science pp 109ndash126 Springer Berlin Germany 2011

[45] A Lewko and B Waters ldquoNew techniques for dual systemencryption and fully secure HIBE with short ciphertextsrdquo inProceedings of the 7th Theory of Cryptography Conference (TCCrsquo10) Zurich Switzerland February 2010 pp 455ndash479 SpringerBerlin Germany 2010

[46] N Doshi and D C Jinwala ldquoFully secure ciphertext policyattribute-based encryption with constant length ciphertext andfaster decryptionrdquo Security and Communication Networks vol7 no 11 pp 1988ndash2002 2014

International Journal of

AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

RoboticsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Active and Passive Electronic Components

Control Scienceand Engineering

Journal of



RotatingMachinery


Hindawi Publishing Corporation httpwwwhindawicom

Journal ofEngineeringVolume 2014

Submit your manuscripts athttpwwwhindawicom

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics


Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

SensorsJournal of


Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation



DistributedSensor Networks



However most of existing ABPRE schemes [6ndash12] wereproven secure only in the selective security model [13] inwhich an adversarymust firstly choose an attack target beforethe public parameters are published This restriction on anattacker was not natural which causes attackers to behavedifferently from the way in a real environment And mostof existing schemes [11ndash15] demanded a number of paringoperations which indeed costsmuch in the communicationsTherefore motivated by these concerns an efficient andadaptively secure CP-ABPRE scheme is proposed in ourpaper Our scheme overcomes the restriction on an attackerin a selective security model and could be better appliedto the open distributed networks In the meantime ourproposal supports any monotone access formulas and costsless computational overhead compared with the existingschemes

The rest of this paper is organized as follows In thenext section we shall briefly review related works in thefield of ABE In Section 3 some preliminaries includingcomplexity assumptions access structures and CP-ABPREmodel are provided Then the concrete CP-ABPRE schemeis given in Section 4 In Section 5 we analyze the correctnessand security of our scheme and compare our scheme withexisting schemes in terms of access structure security andcomputations efficiency Finally the conclusion is drawn inSection 6

2 Related Works

In 2005 Sahai andWaters [16] proposed a new type of IBE [17]called Fuzzy IBE (FIBE) which regards identities as a set ofdescriptive attributes It is often regarded as the first conceptof ABE [1 18] ABE can be categorized as either KP-ABE orCP-ABE and the latter is more flexible and more suitable forthe realistic scenes [2] In 2007 Cheung and Newport [19]used AND gates on positive and negative to express attributesin order to achieve their CP-ABE schemersquos access policy andproved the security under the DBDH assumption And thenNishide et al [20] designed a newCP-ABE schemewith ANDgates on multivalue attributes as its access policy To realizefine-grained access control strategy Bethencourt et al [21]used the Access Tree in their scheme In order to designCP-ABE schemes with flexible strategy under the DBDHassumption Goyal et al [22] and Liang et al [23] adoptedBounded Access Tree respectively Later Ibraim et al [24]used the general Access Tree to eliminate the boundaryconstraints in the literature [22 23] In 2011 Waters [25] usedLinear Secret Sharing Scheme (LSSS) access structure under119902-PBDHE assumption to construct a CP-ABE scheme

However unfortunately the security of those CP-ABEschemes that we mentioned above was proven in a weakersecurity model called the selective-policy security modelwhich derived from the selective-ID security model for con-structing an IBE scheme without the random oracle model[26] In the selective security model the adversary mustfirstly declare which policy he wishes to be challenged onbefore the public parameters are published This restrictionon the attacker is not natural which causes attacker to behavedifferently from the real environment [13] Considering

the restrictions of the selective security model researchersexpected that the ABE scheme should be designed andproven secure under the adaptive securitymodel So in orderto overcome the drawbacks of the selectively secure ABEschemes Lewko et al [13] proposed an adaptively (or fully)secure ABE scheme by using the dual system encryptiontechnique [27] which is a common method for provingan adaptively secure scheme in IBE or ABE Later Lewkoand Waters [28] provided a new methodology which cantransform the selectively secure schemes to adaptively secureones and presented a CP-ABE scheme that is proven fullysecure In 2014 Garg et al [29] constructed the first fullysecure ABE scheme that can handle access control policiesexpressible as polynomial-size circuits Afterwards someexcellent adaptively secure ABE schemes were proposed [330 31]

Recently in the field of cryptography the concept ofPRE has been proposed to make data sharing more efficientIntroduced byMambo andOkamoto [32] and first defined byBlaze et al [33] PRE can support the delegation of decryptionrights which is never considered in extending the traditionalPublic Key Encryption (PKE) In PRE a semitrusted proxyis enabled to transform a ciphertext encrypted under onersquospublic key into a new ciphertext intended for others withthe plaintext unchangedThe decryption proxy however canlearn nothing about the secret key or the plaintext Due tothese characteristics PRE has many practical applicationsFor example Xu et al [34] built an encrypted cloud emailsystem with PRE which allows a user to send an encryptedemail to multiple receivers store his encrypted emails in anemail server and review his history In addition it can also beused in secure distributed files systems cloud storage on-lineElectronic Medical Record (EMR) and so on [4 5 35ndash39]

To date PRE has been extended to adapt differentcryptographic systems The ABPRE is one of the extensionsin which a user is able to empower designated users todecrypt reencrypted ciphertext by deploying attributes In2008 Guo et al [40] proposed the first ABPRE scheme andit is also the first KP-ABPRE scheme In 2009 Liang et al[6] proposed the first CP-ABPRE scheme in which the proxyis enabled to transform a given ciphertext under a specifiedaccess policy into the one under another access policy Butunfortunately only AND gates on positive and negativeattributes are supported by their access policy In 2010 Luoet al [7] proposed a new CP-ABPRE scheme which supportsAND gates on multivalue and negative attributes Comparedwith [6] it has a new property named reencryption controlwhich means that the user can decide which ciphertext canbe reencrypted later during the encryption process LaterSeo and Kim [8] presented another CP-ABPRE schemewhich only needs a constant number of bilinear pairingoperations So the computation cost and ciphertext lengthare reduced significantly compared to previous schemes [727] In 2013 Li [9] presented a new CP-ABPRE scheme inwhich the ciphertext policy is matrix access policy basedon LSSS matrix access structure In 2014 Chung et al [10]analyzed these CP-ABPRE schemes [6ndash8 33] andmade com-parisons of them by some criteria The aforementioned CP-ABPRE schemes however are onlyCPA-secure To tackle this





3 Preliminaries




1 119901

2 and 119901

3are


mapThen let119866

1199011

1198661199012

and1198661199013


2 and 119901





119873 where 119873 = 119901111990121199013and 119901

1 119901

2 and 119901

3are three distinct


1198661199012

and1198661199013


1 119901

2 and 119901


119879be

a bilinear map


1199011


1199013

Given119863 = (119873119866 119866

119879 119890 119892 119883

3) 119879

1isin 119866

11990111199012

and 1198792isin 119866

1199011


Adv1119860(120582) =

1003816100381610038161003816Pr [119860 (119863 1198791) = 1] minus Pr [119860 (119863 119879

2) = 1]

1003816100381610038161003816 (1)


119860(120582)


1199011

1198832 119884

2isin 119866

1199012

and 1198833 119884

3isin 119866

1199013

Given 119863 = (119873119866 119866119879 119890 119892

11988311198832 119883

3 119884

21198843) and 119879

1isin 119866 119879

2isin 119866

11990111199013


Adv2119860(120582) =

1003816100381610038161003816Pr [119860 (119863 1198791) = 1] minus Pr [119860 (119863 119879

2) = 1]

1003816100381610038161003816 (2)


119860(120582)


1198661199011

1198832 119884

2 119885

2isin 119866

1199012

and 1198833isin 119866

1199013

Given 119863 = (119873119866 119866119879

119890 119892 1198921205721198832 119883

3 119892

1199041198842 119885

3) and 119879

1= 119890(119892 119892)

120572119904 1198792isin 119866

119879 Let 120582


Adv3119860(120582) =

1003816100381610038161003816Pr [119860 (119863 1198791) = 1] minus Pr [119860 (119863 119879

2) = 1]

1003816100381610038161003816 (3)


119860(120582)



119901if


119901


2 119910

3 119910

119899) is randomly

chosen in 119885119899

119901 Then 997888119872





119894isin 119885

119901119894isin119868

such that if120582


119894isin119868119908119894120582119894= 119904 [41]









119878



119882of 119898 such


can decrypt it

119877119890119870119890119910119866119890119899(119875119870 119878119870119878119882

1015840= (119872

1015840 120588

1015840)) rarr 119877119870

119878rarr1198821015840 This



= (1198721015840 120588




119877119890119864119899119888(119875119870 119877119870119878rarr119882

1015840 119862119879119882) rarr 119862119879








119863119890119888(119875119870 119862119879119882 119878119870





and otherwise perp

119863119890119888119877(119875119870 119862119879

1198821015840 119878119870








1 119878

2 119878

1199021


119878to 119860


1 119878

2 119878

1199021


1015840 120588

1015840)


119878rarr1198821015840 to 119860


1with equal


1 119878

2 119878

1199021





1199021+1 119878

1199021+2 119878




Adv119860








119878to 119860



1015840 120588



1015840 to119860












111990121199013(119901

1

1199012 and 119901


structure Let119866119901119894





119873 a generator 119892 isin 119866

1199011


1198661199011


1199013


119890(119892 119892)120578 and 119892

2= 119892


119909isin 119885


119909= 119892

ℎ119909 The


PK = (119873 1198920 119892

1 119892

2 119867

119909 forall119909 isin 119880) (4)


(1205781198833)


119873and


1015840

0 119877

119909isin 119866

1199013


SK

= (119878 119870 = 1198921205781198921198861199051198770 119871 = 119892

1199051198771015840

0 119870

119909= 119867

119905

119909119877119909 forall119909 isin 119878)

(5)


2 119910

3 119910

119899) isin 119885

119899



119894=997888119872

119894sdot997888V where 997888119872



2 119903

119897isin


CT = (119862 = 119898119890 (119892 119892)120578119904 119862

1015840= 119892

119904 119862

10158401015840= 119892

119904

0 119862

119894

= 119892119886997888119872119894sdot997888V119867

minus119903119894

120588(119894) 119863

119894= 119892

119903119894 forall119894 isin 1 2 119897)

(6)



= (1198721015840 120588




1015840=

(1198721015840 120588


119873and

computes = 119864119899119888(PK1198821015840 119892


set to

RK = (119878 1199031198961= 119870119892

120573

0 119903119896

2= 119871119870

1015840

119909= 119870

119909 forall119909 isin 119878) (7)


1015840 119862

10158401015840 119862

119894 119863



119862119905=

119890 (1198621015840 119903119896

1)


(119890 (119862119894 119903119896

2) 119890 (119863

119894 1198701015840

120588(119894)))

119908119894

(8)


1015840 119862

119905) if



119894isin 119885

119873119894isin119868




119908119894120582119894= 119904 holds


119898 =119862prod

119894isin119868(119890 (119862

119894 119871) 119890 (119863

119894 119870

120588(119894)))

119908119894

119890 (1198621015840 119870)

=119862

119890 (prod119894isin119868119862minus119908119894

119894 119871) 119890 (1198621015840 119870prod

119894isin119868119870minus119908119894

120588(119894))

(9)

(7) 119863119890119888119877(119875119870 119862119879

1015840 119878119870





120573)119862

119905






119898 =119862prod

119894isin119868(119890 (119862

119894 119871) 119890 (119863

119894 119870

120588(119894)))

119908119894

119890 (1198621015840 119870)

=

119898119890 (119892119892)120578119904prod

119894isin119868(119890 (119892

119886997888119872119894sdot997888V119867

minus119903119894

120588(119894)119892

1199051198771015840

0) 119890 (119892

119903119894 119867

119905

120588(119894)119877120588(119894)))

119908119894

119890 (119892119904 119892120578119892119886119905)

=119898119890 (119892 119892)

120578119904119890 (119892 119892)

119886119905sum119894isin119868(997888119872119894sdot997888V )119908119894

119890 (119892 119892)120578119904119890 (119892 119892)

119904119886119905= 119898

(10)


119898 =119862119890 (119862

10158401015840 119892

120573)

119862119905

=

119862119890 (11986210158401015840 119892

120573)prod

119894isin119868(119890 (119862

119894 119903119896

2) 119890 (119863

119894 119870

1015840

120588(119894)))

119908119894

119890 (1198621015840 1199031198961)

=

119898119890 (119892 119892)120578119904119890 (119892

119904

0 119892

120573)prod

119894isin119868(119890 (119892

119886(997888119872119894sdot997888V )119867

minus119903119894

120588(119894) 119892

1199051198771015840

0) 119890 (119892

119903119894 119867

119905

120588(119894)119877120588(119894)

))

119908119894

119890 (119892119904 119892120578119892119886119905119892120573

01198770)

=119898119890 (119892 119892)

119904120578119890 (119892

119904

0 119892

120573) 119890 (119892 119892)

119886119905sum119894isin119868(997888119872119894sdot997888V )119908119894

119890 (119892 119892)119904120578119890 (119892 119892

0)119904120573119890 (119892 119892)

119904119886119905= 119898

(11)




1199012


119873


119873for each






1198621015840= 119892

119904119892119888

2

119862119894= 119892

119886997888119872119894sdot997888V119867

minus119903119894

120588(119894)119892

997888119872119894sdot997888119906+120574119894119911120588(119894)

2

119863119894= 119892

119903119894119892

minus120574119894

2

forall119894 isin 1 2 119897

(12)




119870 = 1198921205781198921198861199051198770119892119889

2

119871 = 1198921199051198771015840

0119892119889

2

119870119909= 119867

119905

119909119877119909119892119887119911119909


(13)


119870 = 1198921205781198921198861199051198770119892119889

2

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(14)


2 119892

2)119888119889minussum

119894isin119868119887997888119872119894sdot997888119906119908119894 = 119890(119892

2 119892

2)119888119889minus119887119906

1 (1199061= (1 0 0 0) sdot


1



119866119886119898119890119903119890119886119897








119866119886119898119890119865119894119899119886119897




119903119890119886119897119860119889V





0with


or 119879 isin 1198661199011


isin 119885119873(forall119909)


120578 119892

119886 119867

119909=





1with equal


= (119872lowast 120588) to 119861


3 V1015840

119899isin 119885


119894isin 119885

119873to build


= (1 V10158402 V1015840

3 V1015840



0and 119872

1and computes the


119862 = 119872120579119890 (119892 119892)

119904120578= 119872

120579119890 (119892 119879)

120578

1198621015840= 119879

119862119894= 119879

119886997888119872

lowast

119894sdot997888V1015840

119879minus1199031015840

119894ℎ120588(119894)

119863119894= 119879

1199031015840

119894

(15)




If 119879 isin 1198661199011


with 997888V = 119904997888V

1015840 and 119903119894= 119903

1015840


119860 If 119879 isin 11986611990111199012

let 119879 = 119892119904119892119888



1015840

119894 and 119911

120588(119894)= ℎ

120588(119894)


2 V1015840

3 V1015840

119899 119903

1015840

119894 ℎ

120588(119894)modulo 119901



0for 119860



and 11986611990111199012





Proof 119861 receives 119892 11988311198832 119883

3 119884


Game119896minus12

or Game1198961


or 119879 isin 11986611990111199013


119873(forall119909 isin 119880)


120578 119892

119886 119867

119909=





119873and 119877

1015840

0 119877

119909isin 119866

1199013

and sets

119870 = 119892120578119892119886119905(119884

21198843)119905

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(16)




0 119877

1015840

0 119877

119909isin

1198661199013

and computes

119870 = 1198921205781198791198861198770

119871 = 1198791198771015840

0

119870119909= 119879

ℎ119909119877

119909forall119909 isin 119878

(17)

If 119879 isin 11986611990111199013


119909 If we let factor 119892119887

2denote the 119866

1199012


2 Note that 119911

119909mod119901

2is uncorrelated to

ℎ119909modulo119901

1 let 119892119887


1199012

part of 119870 let 1198921198872be


part of 119871 and let 1198921198871199111199092


partof 119870

119909



1with equal


119892119904

= 1198831and 119892

119887

2= 119883


values 1199062 119906

3 119906

119899isin 119885


1199061015840

=

(119886 1199062 119906

3 119906


119894isin 119885

119873


0and 119872

1and


119862 = 119872120579119890 (119892119883

11198832)120578

1198621015840= 119883

11198832

119862119894= (119883

11198832)

997888119872

lowast

119894sdot1199061015840

(11988311198832)minus1199031015840

119894ℎ120588(119894)

119863119894= (119883

11198832)1199031015840

119894

(18)


and 997888119906 = 119888

9978881199061015840



1199012

It also sets 119903119894= 119904 sdot 119903

1015840

119894and 120574

119894=

minus119888 sdot 1199031015840

119894 The values 119911

120588(119894)= ℎ




= 119888119887119886 minus 119887119888119886 = 0






997888120590+

99788811990610158401015840

for119891 isin 119885119873



1=

997888119906 sdot (1 0 0 0) = 119891(1 0 0 0) sdot

997888120590 + (1 0 0 0) sdot

99788811990610158401015840

and (1 0 0 0) sdot997888120590 = 0 the item



119894sdot997888119906 =

997888119872

119894sdot (119891

997888120590 +

99788811990610158401015840

) =997888119872

119894sdot99788811990610158401015840


119872

lowast

119894sdot997888119906 + 120574

119894119911120588(119894)


119894mod 119901








11990111199013



2 then 119861 has






element on11986611990111199013





Proof 119861 receives 119892 11988311198832 119883

3 119884


Game1198961

or Game1198962


11990111199013




119870 = 1198921205781198791198861198770(119884

21198843)ℎ

119871 = 1198791198771015840

0

119870119909= 119879

ℎ119909119877

119909forall119909 isin 119878

(19)



1199012


1equiv 0mod 119901



11990111199013






1198962and Game

1198961 119861 also has


and 119866


1198762119860119889V119860 minus 119866119886119898119890119865119894119899119886119897

119860119889V119860



1205721198832 119883

3 119892

1199041198842 119885


1198762or






120578=

119890(119892 1198921205781198832) 119892

119886 119867

119909= 119892


120578





CTDH And



CTDH And



119873

and 1198770 119877

1015840

0 119877

119909isin 119866

1199013

and sets

119870 = 119892120578119892119886119905119885119905

21198770

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(20)



1with equal



1199062 119906

3 119906

119899isin 119885


2 119906

3 119906

119899)


119873 119861 chooses a


0and 119872

1and generates the


119862 = 119872120579119879

1198621015840= 119892

1199041198842

119862119894= (119892

1199041198842)

997888119872

lowast

119894

9978881199061015840

(1198921199041198842)minus1199031015840

119894ℎ120588(119894)

119863119894= (119892

1199041198842)1199031015840

119894

(21)


minus1119904119906


1198661199011



119894= 119904119903

1015840

119894and 120574

119894= minus119888119903

1015840

119894









advantage 120576



120579to



=

119892119904



119904

0 it






119866+ 119871

119866119879(3119899 + 1)119871

119885119902(2119899 + 1)119871

119866(119899 + 2)119871

119866+ 119871

119866119879

Luo et alrsquos [7] (1198731015840+ 2119899 + 4)119871

119866+ 119871

119866119879(119873

1015840+ 2119899 + 1)119871

119885119902(4119899 + 1)119871

119866(119899 + 2)119871

119866+ 119871

119866119879


119866119879+ 3119899119871

119885119902(3119899 + 3)119871

119885119902(119899 + 1)119871

119866+ 119871

119885119902(119899 + 2)119871

119866+ 119871

119866119879

Lirsquos [9] (119899 + 2)119871119866+ 119871

119866119879119871119866

(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119871119866+ 119871

119866119879


119866119879+ 6Hash 119871

119866(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 3)119871119866+ 119871

012119896


1198661198792119871

119866(1003816100381610038161003816119860119880

1003816100381610038161003816 + 3)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 5)119871119866+ 119871

119866119879


119866119879119871119866+ (1 + 119899)119871

119885119902(119899 + 1)119871

1198663119871

119866+ 119871

119866119879+ 119899119871

119885119902

Our scheme (119899 + 2)119871119866+ 119871

119866119879119871119866+ 119871

119885119902(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119871119866+ 119871

119866119879



119879(119899 + 2)119875 + 2119866

119879(119899 + 1)119875 + 119866

119879(119899 + 3)119875 + 4119866

119879

Luo et alrsquos [7] (119899 + 2)119866 + 2119866119879

2119899119875 + 3119866119879

(2119899 + 1)119875 + (119899 + 1)119866119879

(2119899 + 1)119875 + 5119866119879


2119875 + (3119899 + 2)119866 + 2119866119879

2119875 + 3119899119866 + 119866119879

3119875 + 3119899119866 + 4119866119879

Lirsquos [9] (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 2119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + 3119866119879

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 1)119875 + 41003816100381610038161003816119860119862

1003816100381610038161003816 119866 + 31003816100381610038161003816119860119862

1003816100381610038161003816 119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + (31003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119866119879


1003816100381610038161003816 + 2)119866 + 119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + 31003816100381610038161003816119860119880

1003816100381610038161003816 119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + (31003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + 31003816100381610038161003816119860119880

1003816100381610038161003816 119866119879


1003816100381610038161003816 + 4)119866 + 2119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 3)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 4)119866119879


2119875 + 119899119866 119899119875 + (119899 minus 1)119866 119899119875 + 2119866 + 119866119879

Our scheme (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 2119866119879

2119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 2119866119879

2119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 2119866119879

3119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 4119866119879


119880| |119860

119862|



119879 and 119875 for the



119899

119894=1119899119894to denote







Notations





119892 Generator of 1198661199011


1199013





Competing Interests


Acknowledgments


References


















































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation













3 Preliminaries




1 119901

2 and 119901

3are


mapThen let119866

1199011

1198661199012

and1198661199013


2 and 119901





119873 where 119873 = 119901111990121199013and 119901

1 119901

2 and 119901

3are three distinct


1198661199012

and1198661199013


1 119901

2 and 119901


119879be

a bilinear map


1199011


1199013

Given119863 = (119873119866 119866

119879 119890 119892 119883

3) 119879

1isin 119866

11990111199012

and 1198792isin 119866

1199011


Adv1119860(120582) =

1003816100381610038161003816Pr [119860 (119863 1198791) = 1] minus Pr [119860 (119863 119879

2) = 1]

1003816100381610038161003816 (1)


119860(120582)


1199011

1198832 119884

2isin 119866

1199012

and 1198833 119884

3isin 119866

1199013

Given 119863 = (119873119866 119866119879 119890 119892

11988311198832 119883

3 119884

21198843) and 119879

1isin 119866 119879

2isin 119866

11990111199013


Adv2119860(120582) =

1003816100381610038161003816Pr [119860 (119863 1198791) = 1] minus Pr [119860 (119863 119879

2) = 1]

1003816100381610038161003816 (2)


119860(120582)


1198661199011

1198832 119884

2 119885

2isin 119866

1199012

and 1198833isin 119866

1199013

Given 119863 = (119873119866 119866119879

119890 119892 1198921205721198832 119883

3 119892

1199041198842 119885

3) and 119879

1= 119890(119892 119892)

120572119904 1198792isin 119866

119879 Let 120582


Adv3119860(120582) =

1003816100381610038161003816Pr [119860 (119863 1198791) = 1] minus Pr [119860 (119863 119879

2) = 1]

1003816100381610038161003816 (3)


119860(120582)



119901if


119901


2 119910

3 119910

119899) is randomly

chosen in 119885119899

119901 Then 997888119872





119894isin 119885

119901119894isin119868

such that if120582


119894isin119868119908119894120582119894= 119904 [41]









119878



119882of 119898 such


can decrypt it

119877119890119870119890119910119866119890119899(119875119870 119878119870119878119882

1015840= (119872

1015840 120588

1015840)) rarr 119877119870

119878rarr1198821015840 This



= (1198721015840 120588




119877119890119864119899119888(119875119870 119877119870119878rarr119882

1015840 119862119879119882) rarr 119862119879








119863119890119888(119875119870 119862119879119882 119878119870





and otherwise perp

119863119890119888119877(119875119870 119862119879

1198821015840 119878119870








1 119878

2 119878

1199021


119878to 119860


1 119878

2 119878

1199021


1015840 120588

1015840)


119878rarr1198821015840 to 119860


1with equal


1 119878

2 119878

1199021





1199021+1 119878

1199021+2 119878




Adv119860








119878to 119860



1015840 120588



1015840 to119860












111990121199013(119901

1

1199012 and 119901


structure Let119866119901119894





119873 a generator 119892 isin 119866

1199011


1198661199011


1199013


119890(119892 119892)120578 and 119892

2= 119892


119909isin 119885


119909= 119892

ℎ119909 The


PK = (119873 1198920 119892

1 119892

2 119867

119909 forall119909 isin 119880) (4)


(1205781198833)


119873and


1015840

0 119877

119909isin 119866

1199013


SK

= (119878 119870 = 1198921205781198921198861199051198770 119871 = 119892

1199051198771015840

0 119870

119909= 119867

119905

119909119877119909 forall119909 isin 119878)

(5)


2 119910

3 119910

119899) isin 119885

119899



119894=997888119872

119894sdot997888V where 997888119872



2 119903

119897isin


CT = (119862 = 119898119890 (119892 119892)120578119904 119862

1015840= 119892

119904 119862

10158401015840= 119892

119904

0 119862

119894

= 119892119886997888119872119894sdot997888V119867

minus119903119894

120588(119894) 119863

119894= 119892

119903119894 forall119894 isin 1 2 119897)

(6)



= (1198721015840 120588




1015840=

(1198721015840 120588


119873and

computes = 119864119899119888(PK1198821015840 119892


set to

RK = (119878 1199031198961= 119870119892

120573

0 119903119896

2= 119871119870

1015840

119909= 119870

119909 forall119909 isin 119878) (7)


1015840 119862

10158401015840 119862

119894 119863



119862119905=

119890 (1198621015840 119903119896

1)


(119890 (119862119894 119903119896

2) 119890 (119863

119894 1198701015840

120588(119894)))

119908119894

(8)


1015840 119862

119905) if



119894isin 119885

119873119894isin119868




119908119894120582119894= 119904 holds


119898 =119862prod

119894isin119868(119890 (119862

119894 119871) 119890 (119863

119894 119870

120588(119894)))

119908119894

119890 (1198621015840 119870)

=119862

119890 (prod119894isin119868119862minus119908119894

119894 119871) 119890 (1198621015840 119870prod

119894isin119868119870minus119908119894

120588(119894))

(9)

(7) 119863119890119888119877(119875119870 119862119879

1015840 119878119870





120573)119862

119905






119898 =119862prod

119894isin119868(119890 (119862

119894 119871) 119890 (119863

119894 119870

120588(119894)))

119908119894

119890 (1198621015840 119870)

=

119898119890 (119892119892)120578119904prod

119894isin119868(119890 (119892

119886997888119872119894sdot997888V119867

minus119903119894

120588(119894)119892

1199051198771015840

0) 119890 (119892

119903119894 119867

119905

120588(119894)119877120588(119894)))

119908119894

119890 (119892119904 119892120578119892119886119905)

=119898119890 (119892 119892)

120578119904119890 (119892 119892)

119886119905sum119894isin119868(997888119872119894sdot997888V )119908119894

119890 (119892 119892)120578119904119890 (119892 119892)

119904119886119905= 119898

(10)


119898 =119862119890 (119862

10158401015840 119892

120573)

119862119905

=

119862119890 (11986210158401015840 119892

120573)prod

119894isin119868(119890 (119862

119894 119903119896

2) 119890 (119863

119894 119870

1015840

120588(119894)))

119908119894

119890 (1198621015840 1199031198961)

=

119898119890 (119892 119892)120578119904119890 (119892

119904

0 119892

120573)prod

119894isin119868(119890 (119892

119886(997888119872119894sdot997888V )119867

minus119903119894

120588(119894) 119892

1199051198771015840

0) 119890 (119892

119903119894 119867

119905

120588(119894)119877120588(119894)

))

119908119894

119890 (119892119904 119892120578119892119886119905119892120573

01198770)

=119898119890 (119892 119892)

119904120578119890 (119892

119904

0 119892

120573) 119890 (119892 119892)

119886119905sum119894isin119868(997888119872119894sdot997888V )119908119894

119890 (119892 119892)119904120578119890 (119892 119892

0)119904120573119890 (119892 119892)

119904119886119905= 119898

(11)




1199012


119873


119873for each






1198621015840= 119892

119904119892119888

2

119862119894= 119892

119886997888119872119894sdot997888V119867

minus119903119894

120588(119894)119892

997888119872119894sdot997888119906+120574119894119911120588(119894)

2

119863119894= 119892

119903119894119892

minus120574119894

2

forall119894 isin 1 2 119897

(12)




119870 = 1198921205781198921198861199051198770119892119889

2

119871 = 1198921199051198771015840

0119892119889

2

119870119909= 119867

119905

119909119877119909119892119887119911119909


(13)


119870 = 1198921205781198921198861199051198770119892119889

2

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(14)


2 119892

2)119888119889minussum

119894isin119868119887997888119872119894sdot997888119906119908119894 = 119890(119892

2 119892

2)119888119889minus119887119906

1 (1199061= (1 0 0 0) sdot


1



119866119886119898119890119903119890119886119897








119866119886119898119890119865119894119899119886119897




119903119890119886119897119860119889V





0with


or 119879 isin 1198661199011


isin 119885119873(forall119909)


120578 119892

119886 119867

119909=





1with equal


= (119872lowast 120588) to 119861


3 V1015840

119899isin 119885


119894isin 119885

119873to build


= (1 V10158402 V1015840

3 V1015840



0and 119872

1and computes the


119862 = 119872120579119890 (119892 119892)

119904120578= 119872

120579119890 (119892 119879)

120578

1198621015840= 119879

119862119894= 119879

119886997888119872

lowast

119894sdot997888V1015840

119879minus1199031015840

119894ℎ120588(119894)

119863119894= 119879

1199031015840

119894

(15)




If 119879 isin 1198661199011


with 997888V = 119904997888V

1015840 and 119903119894= 119903

1015840


119860 If 119879 isin 11986611990111199012

let 119879 = 119892119904119892119888



1015840

119894 and 119911

120588(119894)= ℎ

120588(119894)


2 V1015840

3 V1015840

119899 119903

1015840

119894 ℎ

120588(119894)modulo 119901



0for 119860



and 11986611990111199012





Proof 119861 receives 119892 11988311198832 119883

3 119884


Game119896minus12

or Game1198961


or 119879 isin 11986611990111199013


119873(forall119909 isin 119880)


120578 119892

119886 119867

119909=





119873and 119877

1015840

0 119877

119909isin 119866

1199013

and sets

119870 = 119892120578119892119886119905(119884

21198843)119905

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(16)




0 119877

1015840

0 119877

119909isin

1198661199013

and computes

119870 = 1198921205781198791198861198770

119871 = 1198791198771015840

0

119870119909= 119879

ℎ119909119877

119909forall119909 isin 119878

(17)

If 119879 isin 11986611990111199013


119909 If we let factor 119892119887

2denote the 119866

1199012


2 Note that 119911

119909mod119901

2is uncorrelated to

ℎ119909modulo119901

1 let 119892119887


1199012

part of 119870 let 1198921198872be


part of 119871 and let 1198921198871199111199092


partof 119870

119909



1with equal


119892119904

= 1198831and 119892

119887

2= 119883


values 1199062 119906

3 119906

119899isin 119885


1199061015840

=

(119886 1199062 119906

3 119906


119894isin 119885

119873


0and 119872

1and


119862 = 119872120579119890 (119892119883

11198832)120578

1198621015840= 119883

11198832

119862119894= (119883

11198832)

997888119872

lowast

119894sdot1199061015840

(11988311198832)minus1199031015840

119894ℎ120588(119894)

119863119894= (119883

11198832)1199031015840

119894

(18)


and 997888119906 = 119888

9978881199061015840



1199012

It also sets 119903119894= 119904 sdot 119903

1015840

119894and 120574

119894=

minus119888 sdot 1199031015840

119894 The values 119911

120588(119894)= ℎ




= 119888119887119886 minus 119887119888119886 = 0






997888120590+

99788811990610158401015840

for119891 isin 119885119873



1=

997888119906 sdot (1 0 0 0) = 119891(1 0 0 0) sdot

997888120590 + (1 0 0 0) sdot

99788811990610158401015840

and (1 0 0 0) sdot997888120590 = 0 the item



119894sdot997888119906 =

997888119872

119894sdot (119891

997888120590 +

99788811990610158401015840

) =997888119872

119894sdot99788811990610158401015840


119872

lowast

119894sdot997888119906 + 120574

119894119911120588(119894)


119894mod 119901








11990111199013



2 then 119861 has






element on11986611990111199013





Proof 119861 receives 119892 11988311198832 119883

3 119884


Game1198961

or Game1198962


11990111199013




119870 = 1198921205781198791198861198770(119884

21198843)ℎ

119871 = 1198791198771015840

0

119870119909= 119879

ℎ119909119877

119909forall119909 isin 119878

(19)



1199012


1equiv 0mod 119901



11990111199013






1198962and Game

1198961 119861 also has


and 119866


1198762119860119889V119860 minus 119866119886119898119890119865119894119899119886119897

119860119889V119860



1205721198832 119883

3 119892

1199041198842 119885


1198762or






120578=

119890(119892 1198921205781198832) 119892

119886 119867

119909= 119892


120578





CTDH And



CTDH And



119873

and 1198770 119877

1015840

0 119877

119909isin 119866

1199013

and sets

119870 = 119892120578119892119886119905119885119905

21198770

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(20)



1with equal



1199062 119906

3 119906

119899isin 119885


2 119906

3 119906

119899)


119873 119861 chooses a


0and 119872

1and generates the


119862 = 119872120579119879

1198621015840= 119892

1199041198842

119862119894= (119892

1199041198842)

997888119872

lowast

119894

9978881199061015840

(1198921199041198842)minus1199031015840

119894ℎ120588(119894)

119863119894= (119892

1199041198842)1199031015840

119894

(21)


minus1119904119906


1198661199011



119894= 119904119903

1015840

119894and 120574

119894= minus119888119903

1015840

119894









advantage 120576



120579to



=

119892119904



119904

0 it






119866+ 119871

119866119879(3119899 + 1)119871

119885119902(2119899 + 1)119871

119866(119899 + 2)119871

119866+ 119871

119866119879

Luo et alrsquos [7] (1198731015840+ 2119899 + 4)119871

119866+ 119871

119866119879(119873

1015840+ 2119899 + 1)119871

119885119902(4119899 + 1)119871

119866(119899 + 2)119871

119866+ 119871

119866119879


119866119879+ 3119899119871

119885119902(3119899 + 3)119871

119885119902(119899 + 1)119871

119866+ 119871

119885119902(119899 + 2)119871

119866+ 119871

119866119879

Lirsquos [9] (119899 + 2)119871119866+ 119871

119866119879119871119866

(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119871119866+ 119871

119866119879


119866119879+ 6Hash 119871

119866(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 3)119871119866+ 119871

012119896


1198661198792119871

119866(1003816100381610038161003816119860119880

1003816100381610038161003816 + 3)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 5)119871119866+ 119871

119866119879


119866119879119871119866+ (1 + 119899)119871

119885119902(119899 + 1)119871

1198663119871

119866+ 119871

119866119879+ 119899119871

119885119902

Our scheme (119899 + 2)119871119866+ 119871

119866119879119871119866+ 119871

119885119902(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119871119866+ 119871

119866119879



119879(119899 + 2)119875 + 2119866

119879(119899 + 1)119875 + 119866

119879(119899 + 3)119875 + 4119866

119879

Luo et alrsquos [7] (119899 + 2)119866 + 2119866119879

2119899119875 + 3119866119879

(2119899 + 1)119875 + (119899 + 1)119866119879

(2119899 + 1)119875 + 5119866119879


2119875 + (3119899 + 2)119866 + 2119866119879

2119875 + 3119899119866 + 119866119879

3119875 + 3119899119866 + 4119866119879

Lirsquos [9] (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 2119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + 3119866119879

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 1)119875 + 41003816100381610038161003816119860119862

1003816100381610038161003816 119866 + 31003816100381610038161003816119860119862

1003816100381610038161003816 119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + (31003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119866119879


1003816100381610038161003816 + 2)119866 + 119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + 31003816100381610038161003816119860119880

1003816100381610038161003816 119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + (31003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + 31003816100381610038161003816119860119880

1003816100381610038161003816 119866119879


1003816100381610038161003816 + 4)119866 + 2119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 3)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 4)119866119879


2119875 + 119899119866 119899119875 + (119899 minus 1)119866 119899119875 + 2119866 + 119866119879

Our scheme (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 2119866119879

2119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 2119866119879

2119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 2119866119879

3119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 4119866119879


119880| |119860

119862|



119879 and 119875 for the



119899

119894=1119899119894to denote







Notations





119892 Generator of 1198661199011


1199013





Competing Interests


Acknowledgments


References


















































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











119894isin 119885

119901119894isin119868

such that if120582


119894isin119868119908119894120582119894= 119904 [41]









119878



119882of 119898 such


can decrypt it

119877119890119870119890119910119866119890119899(119875119870 119878119870119878119882

1015840= (119872

1015840 120588

1015840)) rarr 119877119870

119878rarr1198821015840 This



= (1198721015840 120588




119877119890119864119899119888(119875119870 119877119870119878rarr119882

1015840 119862119879119882) rarr 119862119879








119863119890119888(119875119870 119862119879119882 119878119870





and otherwise perp

119863119890119888119877(119875119870 119862119879

1198821015840 119878119870








1 119878

2 119878

1199021


119878to 119860


1 119878

2 119878

1199021


1015840 120588

1015840)


119878rarr1198821015840 to 119860


1with equal


1 119878

2 119878

1199021





1199021+1 119878

1199021+2 119878




Adv119860








119878to 119860



1015840 120588



1015840 to119860












111990121199013(119901

1

1199012 and 119901


structure Let119866119901119894





119873 a generator 119892 isin 119866

1199011


1198661199011


1199013


119890(119892 119892)120578 and 119892

2= 119892


119909isin 119885


119909= 119892

ℎ119909 The


PK = (119873 1198920 119892

1 119892

2 119867

119909 forall119909 isin 119880) (4)


(1205781198833)


119873and


1015840

0 119877

119909isin 119866

1199013


SK

= (119878 119870 = 1198921205781198921198861199051198770 119871 = 119892

1199051198771015840

0 119870

119909= 119867

119905

119909119877119909 forall119909 isin 119878)

(5)


2 119910

3 119910

119899) isin 119885

119899



119894=997888119872

119894sdot997888V where 997888119872



2 119903

119897isin


CT = (119862 = 119898119890 (119892 119892)120578119904 119862

1015840= 119892

119904 119862

10158401015840= 119892

119904

0 119862

119894

= 119892119886997888119872119894sdot997888V119867

minus119903119894

120588(119894) 119863

119894= 119892

119903119894 forall119894 isin 1 2 119897)

(6)



= (1198721015840 120588




1015840=

(1198721015840 120588


119873and

computes = 119864119899119888(PK1198821015840 119892


set to

RK = (119878 1199031198961= 119870119892

120573

0 119903119896

2= 119871119870

1015840

119909= 119870

119909 forall119909 isin 119878) (7)


1015840 119862

10158401015840 119862

119894 119863



119862119905=

119890 (1198621015840 119903119896

1)


(119890 (119862119894 119903119896

2) 119890 (119863

119894 1198701015840

120588(119894)))

119908119894

(8)


1015840 119862

119905) if



119894isin 119885

119873119894isin119868




119908119894120582119894= 119904 holds


119898 =119862prod

119894isin119868(119890 (119862

119894 119871) 119890 (119863

119894 119870

120588(119894)))

119908119894

119890 (1198621015840 119870)

=119862

119890 (prod119894isin119868119862minus119908119894

119894 119871) 119890 (1198621015840 119870prod

119894isin119868119870minus119908119894

120588(119894))

(9)

(7) 119863119890119888119877(119875119870 119862119879

1015840 119878119870





120573)119862

119905






119898 =119862prod

119894isin119868(119890 (119862

119894 119871) 119890 (119863

119894 119870

120588(119894)))

119908119894

119890 (1198621015840 119870)

=

119898119890 (119892119892)120578119904prod

119894isin119868(119890 (119892

119886997888119872119894sdot997888V119867

minus119903119894

120588(119894)119892

1199051198771015840

0) 119890 (119892

119903119894 119867

119905

120588(119894)119877120588(119894)))

119908119894

119890 (119892119904 119892120578119892119886119905)

=119898119890 (119892 119892)

120578119904119890 (119892 119892)

119886119905sum119894isin119868(997888119872119894sdot997888V )119908119894

119890 (119892 119892)120578119904119890 (119892 119892)

119904119886119905= 119898

(10)


119898 =119862119890 (119862

10158401015840 119892

120573)

119862119905

=

119862119890 (11986210158401015840 119892

120573)prod

119894isin119868(119890 (119862

119894 119903119896

2) 119890 (119863

119894 119870

1015840

120588(119894)))

119908119894

119890 (1198621015840 1199031198961)

=

119898119890 (119892 119892)120578119904119890 (119892

119904

0 119892

120573)prod

119894isin119868(119890 (119892

119886(997888119872119894sdot997888V )119867

minus119903119894

120588(119894) 119892

1199051198771015840

0) 119890 (119892

119903119894 119867

119905

120588(119894)119877120588(119894)

))

119908119894

119890 (119892119904 119892120578119892119886119905119892120573

01198770)

=119898119890 (119892 119892)

119904120578119890 (119892

119904

0 119892

120573) 119890 (119892 119892)

119886119905sum119894isin119868(997888119872119894sdot997888V )119908119894

119890 (119892 119892)119904120578119890 (119892 119892

0)119904120573119890 (119892 119892)

119904119886119905= 119898

(11)




1199012


119873


119873for each






1198621015840= 119892

119904119892119888

2

119862119894= 119892

119886997888119872119894sdot997888V119867

minus119903119894

120588(119894)119892

997888119872119894sdot997888119906+120574119894119911120588(119894)

2

119863119894= 119892

119903119894119892

minus120574119894

2

forall119894 isin 1 2 119897

(12)




119870 = 1198921205781198921198861199051198770119892119889

2

119871 = 1198921199051198771015840

0119892119889

2

119870119909= 119867

119905

119909119877119909119892119887119911119909


(13)


119870 = 1198921205781198921198861199051198770119892119889

2

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(14)


2 119892

2)119888119889minussum

119894isin119868119887997888119872119894sdot997888119906119908119894 = 119890(119892

2 119892

2)119888119889minus119887119906

1 (1199061= (1 0 0 0) sdot


1



119866119886119898119890119903119890119886119897








119866119886119898119890119865119894119899119886119897




119903119890119886119897119860119889V





0with


or 119879 isin 1198661199011


isin 119885119873(forall119909)


120578 119892

119886 119867

119909=





1with equal


= (119872lowast 120588) to 119861


3 V1015840

119899isin 119885


119894isin 119885

119873to build


= (1 V10158402 V1015840

3 V1015840



0and 119872

1and computes the


119862 = 119872120579119890 (119892 119892)

119904120578= 119872

120579119890 (119892 119879)

120578

1198621015840= 119879

119862119894= 119879

119886997888119872

lowast

119894sdot997888V1015840

119879minus1199031015840

119894ℎ120588(119894)

119863119894= 119879

1199031015840

119894

(15)




If 119879 isin 1198661199011


with 997888V = 119904997888V

1015840 and 119903119894= 119903

1015840


119860 If 119879 isin 11986611990111199012

let 119879 = 119892119904119892119888



1015840

119894 and 119911

120588(119894)= ℎ

120588(119894)


2 V1015840

3 V1015840

119899 119903

1015840

119894 ℎ

120588(119894)modulo 119901



0for 119860



and 11986611990111199012





Proof 119861 receives 119892 11988311198832 119883

3 119884


Game119896minus12

or Game1198961


or 119879 isin 11986611990111199013


119873(forall119909 isin 119880)


120578 119892

119886 119867

119909=





119873and 119877

1015840

0 119877

119909isin 119866

1199013

and sets

119870 = 119892120578119892119886119905(119884

21198843)119905

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(16)




0 119877

1015840

0 119877

119909isin

1198661199013

and computes

119870 = 1198921205781198791198861198770

119871 = 1198791198771015840

0

119870119909= 119879

ℎ119909119877

119909forall119909 isin 119878

(17)

If 119879 isin 11986611990111199013


119909 If we let factor 119892119887

2denote the 119866

1199012


2 Note that 119911

119909mod119901

2is uncorrelated to

ℎ119909modulo119901

1 let 119892119887


1199012

part of 119870 let 1198921198872be


part of 119871 and let 1198921198871199111199092


partof 119870

119909



1with equal


119892119904

= 1198831and 119892

119887

2= 119883


values 1199062 119906

3 119906

119899isin 119885


1199061015840

=

(119886 1199062 119906

3 119906


119894isin 119885

119873


0and 119872

1and


119862 = 119872120579119890 (119892119883

11198832)120578

1198621015840= 119883

11198832

119862119894= (119883

11198832)

997888119872

lowast

119894sdot1199061015840

(11988311198832)minus1199031015840

119894ℎ120588(119894)

119863119894= (119883

11198832)1199031015840

119894

(18)


and 997888119906 = 119888

9978881199061015840



1199012

It also sets 119903119894= 119904 sdot 119903

1015840

119894and 120574

119894=

minus119888 sdot 1199031015840

119894 The values 119911

120588(119894)= ℎ




= 119888119887119886 minus 119887119888119886 = 0






997888120590+

99788811990610158401015840

for119891 isin 119885119873



1=

997888119906 sdot (1 0 0 0) = 119891(1 0 0 0) sdot

997888120590 + (1 0 0 0) sdot

99788811990610158401015840

and (1 0 0 0) sdot997888120590 = 0 the item



119894sdot997888119906 =

997888119872

119894sdot (119891

997888120590 +

99788811990610158401015840

) =997888119872

119894sdot99788811990610158401015840


119872

lowast

119894sdot997888119906 + 120574

119894119911120588(119894)


119894mod 119901








11990111199013



2 then 119861 has






element on11986611990111199013





Proof 119861 receives 119892 11988311198832 119883

3 119884


Game1198961

or Game1198962


11990111199013




119870 = 1198921205781198791198861198770(119884

21198843)ℎ

119871 = 1198791198771015840

0

119870119909= 119879

ℎ119909119877

119909forall119909 isin 119878

(19)



1199012


1equiv 0mod 119901



11990111199013






1198962and Game

1198961 119861 also has


and 119866


1198762119860119889V119860 minus 119866119886119898119890119865119894119899119886119897

119860119889V119860



1205721198832 119883

3 119892

1199041198842 119885


1198762or






120578=

119890(119892 1198921205781198832) 119892

119886 119867

119909= 119892


120578





CTDH And



CTDH And



119873

and 1198770 119877

1015840

0 119877

119909isin 119866

1199013

and sets

119870 = 119892120578119892119886119905119885119905

21198770

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(20)



1with equal



1199062 119906

3 119906

119899isin 119885


2 119906

3 119906

119899)


119873 119861 chooses a


0and 119872

1and generates the


119862 = 119872120579119879

1198621015840= 119892

1199041198842

119862119894= (119892

1199041198842)

997888119872

lowast

119894

9978881199061015840

(1198921199041198842)minus1199031015840

119894ℎ120588(119894)

119863119894= (119892

1199041198842)1199031015840

119894

(21)


minus1119904119906


1198661199011



119894= 119904119903

1015840

119894and 120574

119894= minus119888119903

1015840

119894









advantage 120576



120579to



=

119892119904



119904

0 it






119866+ 119871

119866119879(3119899 + 1)119871

119885119902(2119899 + 1)119871

119866(119899 + 2)119871

119866+ 119871

119866119879

Luo et alrsquos [7] (1198731015840+ 2119899 + 4)119871

119866+ 119871

119866119879(119873

1015840+ 2119899 + 1)119871

119885119902(4119899 + 1)119871

119866(119899 + 2)119871

119866+ 119871

119866119879


119866119879+ 3119899119871

119885119902(3119899 + 3)119871

119885119902(119899 + 1)119871

119866+ 119871

119885119902(119899 + 2)119871

119866+ 119871

119866119879

Lirsquos [9] (119899 + 2)119871119866+ 119871

119866119879119871119866

(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119871119866+ 119871

119866119879


119866119879+ 6Hash 119871

119866(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 3)119871119866+ 119871

012119896


1198661198792119871

119866(1003816100381610038161003816119860119880

1003816100381610038161003816 + 3)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 5)119871119866+ 119871

119866119879


119866119879119871119866+ (1 + 119899)119871

119885119902(119899 + 1)119871

1198663119871

119866+ 119871

119866119879+ 119899119871

119885119902

Our scheme (119899 + 2)119871119866+ 119871

119866119879119871119866+ 119871

119885119902(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119871119866+ 119871

119866119879



119879(119899 + 2)119875 + 2119866

119879(119899 + 1)119875 + 119866

119879(119899 + 3)119875 + 4119866

119879

Luo et alrsquos [7] (119899 + 2)119866 + 2119866119879

2119899119875 + 3119866119879

(2119899 + 1)119875 + (119899 + 1)119866119879

(2119899 + 1)119875 + 5119866119879


2119875 + (3119899 + 2)119866 + 2119866119879

2119875 + 3119899119866 + 119866119879

3119875 + 3119899119866 + 4119866119879

Lirsquos [9] (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 2119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + 3119866119879

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 1)119875 + 41003816100381610038161003816119860119862

1003816100381610038161003816 119866 + 31003816100381610038161003816119860119862

1003816100381610038161003816 119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + (31003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119866119879


1003816100381610038161003816 + 2)119866 + 119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + 31003816100381610038161003816119860119880

1003816100381610038161003816 119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + (31003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + 31003816100381610038161003816119860119880

1003816100381610038161003816 119866119879


1003816100381610038161003816 + 4)119866 + 2119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 3)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 4)119866119879


2119875 + 119899119866 119899119875 + (119899 minus 1)119866 119899119875 + 2119866 + 119866119879

Our scheme (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 2119866119879

2119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 2119866119879

2119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 2119866119879

3119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 4119866119879


119880| |119860

119862|



119879 and 119875 for the



119899

119894=1119899119894to denote







Notations





119892 Generator of 1198661199011


1199013





Competing Interests


Acknowledgments


References


















































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation


















111990121199013(119901

1

1199012 and 119901


structure Let119866119901119894





119873 a generator 119892 isin 119866

1199011


1198661199011


1199013


119890(119892 119892)120578 and 119892

2= 119892


119909isin 119885


119909= 119892

ℎ119909 The


PK = (119873 1198920 119892

1 119892

2 119867

119909 forall119909 isin 119880) (4)


(1205781198833)


119873and


1015840

0 119877

119909isin 119866

1199013


SK

= (119878 119870 = 1198921205781198921198861199051198770 119871 = 119892

1199051198771015840

0 119870

119909= 119867

119905

119909119877119909 forall119909 isin 119878)

(5)


2 119910

3 119910

119899) isin 119885

119899



119894=997888119872

119894sdot997888V where 997888119872



2 119903

119897isin


CT = (119862 = 119898119890 (119892 119892)120578119904 119862

1015840= 119892

119904 119862

10158401015840= 119892

119904

0 119862

119894

= 119892119886997888119872119894sdot997888V119867

minus119903119894

120588(119894) 119863

119894= 119892

119903119894 forall119894 isin 1 2 119897)

(6)



= (1198721015840 120588




1015840=

(1198721015840 120588


119873and

computes = 119864119899119888(PK1198821015840 119892


set to

RK = (119878 1199031198961= 119870119892

120573

0 119903119896

2= 119871119870

1015840

119909= 119870

119909 forall119909 isin 119878) (7)


1015840 119862

10158401015840 119862

119894 119863



119862119905=

119890 (1198621015840 119903119896

1)


(119890 (119862119894 119903119896

2) 119890 (119863

119894 1198701015840

120588(119894)))

119908119894

(8)


1015840 119862

119905) if



119894isin 119885

119873119894isin119868




119908119894120582119894= 119904 holds


119898 =119862prod

119894isin119868(119890 (119862

119894 119871) 119890 (119863

119894 119870

120588(119894)))

119908119894

119890 (1198621015840 119870)

=119862

119890 (prod119894isin119868119862minus119908119894

119894 119871) 119890 (1198621015840 119870prod

119894isin119868119870minus119908119894

120588(119894))

(9)

(7) 119863119890119888119877(119875119870 119862119879

1015840 119878119870





120573)119862

119905






119898 =119862prod

119894isin119868(119890 (119862

119894 119871) 119890 (119863

119894 119870

120588(119894)))

119908119894

119890 (1198621015840 119870)

=

119898119890 (119892119892)120578119904prod

119894isin119868(119890 (119892

119886997888119872119894sdot997888V119867

minus119903119894

120588(119894)119892

1199051198771015840

0) 119890 (119892

119903119894 119867

119905

120588(119894)119877120588(119894)))

119908119894

119890 (119892119904 119892120578119892119886119905)

=119898119890 (119892 119892)

120578119904119890 (119892 119892)

119886119905sum119894isin119868(997888119872119894sdot997888V )119908119894

119890 (119892 119892)120578119904119890 (119892 119892)

119904119886119905= 119898

(10)


119898 =119862119890 (119862

10158401015840 119892

120573)

119862119905

=

119862119890 (11986210158401015840 119892

120573)prod

119894isin119868(119890 (119862

119894 119903119896

2) 119890 (119863

119894 119870

1015840

120588(119894)))

119908119894

119890 (1198621015840 1199031198961)

=

119898119890 (119892 119892)120578119904119890 (119892

119904

0 119892

120573)prod

119894isin119868(119890 (119892

119886(997888119872119894sdot997888V )119867

minus119903119894

120588(119894) 119892

1199051198771015840

0) 119890 (119892

119903119894 119867

119905

120588(119894)119877120588(119894)

))

119908119894

119890 (119892119904 119892120578119892119886119905119892120573

01198770)

=119898119890 (119892 119892)

119904120578119890 (119892

119904

0 119892

120573) 119890 (119892 119892)

119886119905sum119894isin119868(997888119872119894sdot997888V )119908119894

119890 (119892 119892)119904120578119890 (119892 119892

0)119904120573119890 (119892 119892)

119904119886119905= 119898

(11)




1199012


119873


119873for each






1198621015840= 119892

119904119892119888

2

119862119894= 119892

119886997888119872119894sdot997888V119867

minus119903119894

120588(119894)119892

997888119872119894sdot997888119906+120574119894119911120588(119894)

2

119863119894= 119892

119903119894119892

minus120574119894

2

forall119894 isin 1 2 119897

(12)




119870 = 1198921205781198921198861199051198770119892119889

2

119871 = 1198921199051198771015840

0119892119889

2

119870119909= 119867

119905

119909119877119909119892119887119911119909


(13)


119870 = 1198921205781198921198861199051198770119892119889

2

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(14)


2 119892

2)119888119889minussum

119894isin119868119887997888119872119894sdot997888119906119908119894 = 119890(119892

2 119892

2)119888119889minus119887119906

1 (1199061= (1 0 0 0) sdot


1



119866119886119898119890119903119890119886119897








119866119886119898119890119865119894119899119886119897




119903119890119886119897119860119889V





0with


or 119879 isin 1198661199011


isin 119885119873(forall119909)


120578 119892

119886 119867

119909=





1with equal


= (119872lowast 120588) to 119861


3 V1015840

119899isin 119885


119894isin 119885

119873to build


= (1 V10158402 V1015840

3 V1015840



0and 119872

1and computes the


119862 = 119872120579119890 (119892 119892)

119904120578= 119872

120579119890 (119892 119879)

120578

1198621015840= 119879

119862119894= 119879

119886997888119872

lowast

119894sdot997888V1015840

119879minus1199031015840

119894ℎ120588(119894)

119863119894= 119879

1199031015840

119894

(15)




If 119879 isin 1198661199011


with 997888V = 119904997888V

1015840 and 119903119894= 119903

1015840


119860 If 119879 isin 11986611990111199012

let 119879 = 119892119904119892119888



1015840

119894 and 119911

120588(119894)= ℎ

120588(119894)


2 V1015840

3 V1015840

119899 119903

1015840

119894 ℎ

120588(119894)modulo 119901



0for 119860



and 11986611990111199012





Proof 119861 receives 119892 11988311198832 119883

3 119884


Game119896minus12

or Game1198961


or 119879 isin 11986611990111199013


119873(forall119909 isin 119880)


120578 119892

119886 119867

119909=





119873and 119877

1015840

0 119877

119909isin 119866

1199013

and sets

119870 = 119892120578119892119886119905(119884

21198843)119905

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(16)




0 119877

1015840

0 119877

119909isin

1198661199013

and computes

119870 = 1198921205781198791198861198770

119871 = 1198791198771015840

0

119870119909= 119879

ℎ119909119877

119909forall119909 isin 119878

(17)

If 119879 isin 11986611990111199013


119909 If we let factor 119892119887

2denote the 119866

1199012


2 Note that 119911

119909mod119901

2is uncorrelated to

ℎ119909modulo119901

1 let 119892119887


1199012

part of 119870 let 1198921198872be


part of 119871 and let 1198921198871199111199092


partof 119870

119909



1with equal


119892119904

= 1198831and 119892

119887

2= 119883


values 1199062 119906

3 119906

119899isin 119885


1199061015840

=

(119886 1199062 119906

3 119906


119894isin 119885

119873


0and 119872

1and


119862 = 119872120579119890 (119892119883

11198832)120578

1198621015840= 119883

11198832

119862119894= (119883

11198832)

997888119872

lowast

119894sdot1199061015840

(11988311198832)minus1199031015840

119894ℎ120588(119894)

119863119894= (119883

11198832)1199031015840

119894

(18)


and 997888119906 = 119888

9978881199061015840



1199012

It also sets 119903119894= 119904 sdot 119903

1015840

119894and 120574

119894=

minus119888 sdot 1199031015840

119894 The values 119911

120588(119894)= ℎ




= 119888119887119886 minus 119887119888119886 = 0






997888120590+

99788811990610158401015840

for119891 isin 119885119873



1=

997888119906 sdot (1 0 0 0) = 119891(1 0 0 0) sdot

997888120590 + (1 0 0 0) sdot

99788811990610158401015840

and (1 0 0 0) sdot997888120590 = 0 the item



119894sdot997888119906 =

997888119872

119894sdot (119891

997888120590 +

99788811990610158401015840

) =997888119872

119894sdot99788811990610158401015840


119872

lowast

119894sdot997888119906 + 120574

119894119911120588(119894)


119894mod 119901








11990111199013



2 then 119861 has






element on11986611990111199013





Proof 119861 receives 119892 11988311198832 119883

3 119884


Game1198961

or Game1198962


11990111199013




119870 = 1198921205781198791198861198770(119884

21198843)ℎ

119871 = 1198791198771015840

0

119870119909= 119879

ℎ119909119877

119909forall119909 isin 119878

(19)



1199012


1equiv 0mod 119901



11990111199013






1198962and Game

1198961 119861 also has


and 119866


1198762119860119889V119860 minus 119866119886119898119890119865119894119899119886119897

119860119889V119860



1205721198832 119883

3 119892

1199041198842 119885


1198762or






120578=

119890(119892 1198921205781198832) 119892

119886 119867

119909= 119892


120578





CTDH And



CTDH And



119873

and 1198770 119877

1015840

0 119877

119909isin 119866

1199013

and sets

119870 = 119892120578119892119886119905119885119905

21198770

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(20)



1with equal



1199062 119906

3 119906

119899isin 119885


2 119906

3 119906

119899)


119873 119861 chooses a


0and 119872

1and generates the


119862 = 119872120579119879

1198621015840= 119892

1199041198842

119862119894= (119892

1199041198842)

997888119872

lowast

119894

9978881199061015840

(1198921199041198842)minus1199031015840

119894ℎ120588(119894)

119863119894= (119892

1199041198842)1199031015840

119894

(21)


minus1119904119906


1198661199011



119894= 119904119903

1015840

119894and 120574

119894= minus119888119903

1015840

119894









advantage 120576



120579to



=

119892119904



119904

0 it






119866+ 119871

119866119879(3119899 + 1)119871

119885119902(2119899 + 1)119871

119866(119899 + 2)119871

119866+ 119871

119866119879

Luo et alrsquos [7] (1198731015840+ 2119899 + 4)119871

119866+ 119871

119866119879(119873

1015840+ 2119899 + 1)119871

119885119902(4119899 + 1)119871

119866(119899 + 2)119871

119866+ 119871

119866119879


119866119879+ 3119899119871

119885119902(3119899 + 3)119871

119885119902(119899 + 1)119871

119866+ 119871

119885119902(119899 + 2)119871

119866+ 119871

119866119879

Lirsquos [9] (119899 + 2)119871119866+ 119871

119866119879119871119866

(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119871119866+ 119871

119866119879


119866119879+ 6Hash 119871

119866(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 3)119871119866+ 119871

012119896


1198661198792119871

119866(1003816100381610038161003816119860119880

1003816100381610038161003816 + 3)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 5)119871119866+ 119871

119866119879


119866119879119871119866+ (1 + 119899)119871

119885119902(119899 + 1)119871

1198663119871

119866+ 119871

119866119879+ 119899119871

119885119902

Our scheme (119899 + 2)119871119866+ 119871

119866119879119871119866+ 119871

119885119902(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119871119866+ 119871

119866119879



119879(119899 + 2)119875 + 2119866

119879(119899 + 1)119875 + 119866

119879(119899 + 3)119875 + 4119866

119879

Luo et alrsquos [7] (119899 + 2)119866 + 2119866119879

2119899119875 + 3119866119879

(2119899 + 1)119875 + (119899 + 1)119866119879

(2119899 + 1)119875 + 5119866119879


2119875 + (3119899 + 2)119866 + 2119866119879

2119875 + 3119899119866 + 119866119879

3119875 + 3119899119866 + 4119866119879

Lirsquos [9] (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 2119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + 3119866119879

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 1)119875 + 41003816100381610038161003816119860119862

1003816100381610038161003816 119866 + 31003816100381610038161003816119860119862

1003816100381610038161003816 119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + (31003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119866119879


1003816100381610038161003816 + 2)119866 + 119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + 31003816100381610038161003816119860119880

1003816100381610038161003816 119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + (31003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + 31003816100381610038161003816119860119880

1003816100381610038161003816 119866119879


1003816100381610038161003816 + 4)119866 + 2119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 3)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 4)119866119879


2119875 + 119899119866 119899119875 + (119899 minus 1)119866 119899119875 + 2119866 + 119866119879

Our scheme (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 2119866119879

2119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 2119866119879

2119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 2119866119879

3119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 4119866119879


119880| |119860

119862|



119879 and 119875 for the



119899

119894=1119899119894to denote







Notations





119892 Generator of 1198661199011


1199013





Competing Interests


Acknowledgments


References


















































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation














119898 =119862prod

119894isin119868(119890 (119862

119894 119871) 119890 (119863

119894 119870

120588(119894)))

119908119894

119890 (1198621015840 119870)

=

119898119890 (119892119892)120578119904prod

119894isin119868(119890 (119892

119886997888119872119894sdot997888V119867

minus119903119894

120588(119894)119892

1199051198771015840

0) 119890 (119892

119903119894 119867

119905

120588(119894)119877120588(119894)))

119908119894

119890 (119892119904 119892120578119892119886119905)

=119898119890 (119892 119892)

120578119904119890 (119892 119892)

119886119905sum119894isin119868(997888119872119894sdot997888V )119908119894

119890 (119892 119892)120578119904119890 (119892 119892)

119904119886119905= 119898

(10)


119898 =119862119890 (119862

10158401015840 119892

120573)

119862119905

=

119862119890 (11986210158401015840 119892

120573)prod

119894isin119868(119890 (119862

119894 119903119896

2) 119890 (119863

119894 119870

1015840

120588(119894)))

119908119894

119890 (1198621015840 1199031198961)

=

119898119890 (119892 119892)120578119904119890 (119892

119904

0 119892

120573)prod

119894isin119868(119890 (119892

119886(997888119872119894sdot997888V )119867

minus119903119894

120588(119894) 119892

1199051198771015840

0) 119890 (119892

119903119894 119867

119905

120588(119894)119877120588(119894)

))

119908119894

119890 (119892119904 119892120578119892119886119905119892120573

01198770)

=119898119890 (119892 119892)

119904120578119890 (119892

119904

0 119892

120573) 119890 (119892 119892)

119886119905sum119894isin119868(997888119872119894sdot997888V )119908119894

119890 (119892 119892)119904120578119890 (119892 119892

0)119904120573119890 (119892 119892)

119904119886119905= 119898

(11)




1199012


119873


119873for each






1198621015840= 119892

119904119892119888

2

119862119894= 119892

119886997888119872119894sdot997888V119867

minus119903119894

120588(119894)119892

997888119872119894sdot997888119906+120574119894119911120588(119894)

2

119863119894= 119892

119903119894119892

minus120574119894

2

forall119894 isin 1 2 119897

(12)




119870 = 1198921205781198921198861199051198770119892119889

2

119871 = 1198921199051198771015840

0119892119889

2

119870119909= 119867

119905

119909119877119909119892119887119911119909


(13)


119870 = 1198921205781198921198861199051198770119892119889

2

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(14)


2 119892

2)119888119889minussum

119894isin119868119887997888119872119894sdot997888119906119908119894 = 119890(119892

2 119892

2)119888119889minus119887119906

1 (1199061= (1 0 0 0) sdot


1



119866119886119898119890119903119890119886119897








119866119886119898119890119865119894119899119886119897




119903119890119886119897119860119889V





0with


or 119879 isin 1198661199011


isin 119885119873(forall119909)


120578 119892

119886 119867

119909=





1with equal


= (119872lowast 120588) to 119861


3 V1015840

119899isin 119885


119894isin 119885

119873to build


= (1 V10158402 V1015840

3 V1015840



0and 119872

1and computes the


119862 = 119872120579119890 (119892 119892)

119904120578= 119872

120579119890 (119892 119879)

120578

1198621015840= 119879

119862119894= 119879

119886997888119872

lowast

119894sdot997888V1015840

119879minus1199031015840

119894ℎ120588(119894)

119863119894= 119879

1199031015840

119894

(15)




If 119879 isin 1198661199011


with 997888V = 119904997888V

1015840 and 119903119894= 119903

1015840


119860 If 119879 isin 11986611990111199012

let 119879 = 119892119904119892119888



1015840

119894 and 119911

120588(119894)= ℎ

120588(119894)


2 V1015840

3 V1015840

119899 119903

1015840

119894 ℎ

120588(119894)modulo 119901



0for 119860



and 11986611990111199012





Proof 119861 receives 119892 11988311198832 119883

3 119884


Game119896minus12

or Game1198961


or 119879 isin 11986611990111199013


119873(forall119909 isin 119880)


120578 119892

119886 119867

119909=





119873and 119877

1015840

0 119877

119909isin 119866

1199013

and sets

119870 = 119892120578119892119886119905(119884

21198843)119905

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(16)




0 119877

1015840

0 119877

119909isin

1198661199013

and computes

119870 = 1198921205781198791198861198770

119871 = 1198791198771015840

0

119870119909= 119879

ℎ119909119877

119909forall119909 isin 119878

(17)

If 119879 isin 11986611990111199013


119909 If we let factor 119892119887

2denote the 119866

1199012


2 Note that 119911

119909mod119901

2is uncorrelated to

ℎ119909modulo119901

1 let 119892119887


1199012

part of 119870 let 1198921198872be


part of 119871 and let 1198921198871199111199092


partof 119870

119909



1with equal


119892119904

= 1198831and 119892

119887

2= 119883


values 1199062 119906

3 119906

119899isin 119885


1199061015840

=

(119886 1199062 119906

3 119906


119894isin 119885

119873


0and 119872

1and


119862 = 119872120579119890 (119892119883

11198832)120578

1198621015840= 119883

11198832

119862119894= (119883

11198832)

997888119872

lowast

119894sdot1199061015840

(11988311198832)minus1199031015840

119894ℎ120588(119894)

119863119894= (119883

11198832)1199031015840

119894

(18)


and 997888119906 = 119888

9978881199061015840



1199012

It also sets 119903119894= 119904 sdot 119903

1015840

119894and 120574

119894=

minus119888 sdot 1199031015840

119894 The values 119911

120588(119894)= ℎ




= 119888119887119886 minus 119887119888119886 = 0






997888120590+

99788811990610158401015840

for119891 isin 119885119873



1=

997888119906 sdot (1 0 0 0) = 119891(1 0 0 0) sdot

997888120590 + (1 0 0 0) sdot

99788811990610158401015840

and (1 0 0 0) sdot997888120590 = 0 the item



119894sdot997888119906 =

997888119872

119894sdot (119891

997888120590 +

99788811990610158401015840

) =997888119872

119894sdot99788811990610158401015840


119872

lowast

119894sdot997888119906 + 120574

119894119911120588(119894)


119894mod 119901








11990111199013



2 then 119861 has






element on11986611990111199013





Proof 119861 receives 119892 11988311198832 119883

3 119884


Game1198961

or Game1198962


11990111199013




119870 = 1198921205781198791198861198770(119884

21198843)ℎ

119871 = 1198791198771015840

0

119870119909= 119879

ℎ119909119877

119909forall119909 isin 119878

(19)



1199012


1equiv 0mod 119901



11990111199013






1198962and Game

1198961 119861 also has


and 119866


1198762119860119889V119860 minus 119866119886119898119890119865119894119899119886119897

119860119889V119860



1205721198832 119883

3 119892

1199041198842 119885


1198762or






120578=

119890(119892 1198921205781198832) 119892

119886 119867

119909= 119892


120578





CTDH And



CTDH And



119873

and 1198770 119877

1015840

0 119877

119909isin 119866

1199013

and sets

119870 = 119892120578119892119886119905119885119905

21198770

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(20)



1with equal



1199062 119906

3 119906

119899isin 119885


2 119906

3 119906

119899)


119873 119861 chooses a


0and 119872

1and generates the


119862 = 119872120579119879

1198621015840= 119892

1199041198842

119862119894= (119892

1199041198842)

997888119872

lowast

119894

9978881199061015840

(1198921199041198842)minus1199031015840

119894ℎ120588(119894)

119863119894= (119892

1199041198842)1199031015840

119894

(21)


minus1119904119906


1198661199011



119894= 119904119903

1015840

119894and 120574

119894= minus119888119903

1015840

119894









advantage 120576



120579to



=

119892119904



119904

0 it






119866+ 119871

119866119879(3119899 + 1)119871

119885119902(2119899 + 1)119871

119866(119899 + 2)119871

119866+ 119871

119866119879

Luo et alrsquos [7] (1198731015840+ 2119899 + 4)119871

119866+ 119871

119866119879(119873

1015840+ 2119899 + 1)119871

119885119902(4119899 + 1)119871

119866(119899 + 2)119871

119866+ 119871

119866119879


119866119879+ 3119899119871

119885119902(3119899 + 3)119871

119885119902(119899 + 1)119871

119866+ 119871

119885119902(119899 + 2)119871

119866+ 119871

119866119879

Lirsquos [9] (119899 + 2)119871119866+ 119871

119866119879119871119866

(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119871119866+ 119871

119866119879


119866119879+ 6Hash 119871

119866(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 3)119871119866+ 119871

012119896


1198661198792119871

119866(1003816100381610038161003816119860119880

1003816100381610038161003816 + 3)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 5)119871119866+ 119871

119866119879


119866119879119871119866+ (1 + 119899)119871

119885119902(119899 + 1)119871

1198663119871

119866+ 119871

119866119879+ 119899119871

119885119902

Our scheme (119899 + 2)119871119866+ 119871

119866119879119871119866+ 119871

119885119902(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119871119866+ 119871

119866119879



119879(119899 + 2)119875 + 2119866

119879(119899 + 1)119875 + 119866

119879(119899 + 3)119875 + 4119866

119879

Luo et alrsquos [7] (119899 + 2)119866 + 2119866119879

2119899119875 + 3119866119879

(2119899 + 1)119875 + (119899 + 1)119866119879

(2119899 + 1)119875 + 5119866119879


2119875 + (3119899 + 2)119866 + 2119866119879

2119875 + 3119899119866 + 119866119879

3119875 + 3119899119866 + 4119866119879

Lirsquos [9] (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 2119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + 3119866119879

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 1)119875 + 41003816100381610038161003816119860119862

1003816100381610038161003816 119866 + 31003816100381610038161003816119860119862

1003816100381610038161003816 119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + (31003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119866119879


1003816100381610038161003816 + 2)119866 + 119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + 31003816100381610038161003816119860119880

1003816100381610038161003816 119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + (31003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + 31003816100381610038161003816119860119880

1003816100381610038161003816 119866119879


1003816100381610038161003816 + 4)119866 + 2119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 3)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 4)119866119879


2119875 + 119899119866 119899119875 + (119899 minus 1)119866 119899119875 + 2119866 + 119866119879

Our scheme (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 2119866119879

2119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 2119866119879

2119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 2119866119879

3119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 4119866119879


119880| |119860

119862|



119879 and 119875 for the



119899

119894=1119899119894to denote







Notations





119892 Generator of 1198661199011


1199013





Competing Interests


Acknowledgments


References


















































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation















119866119886119898119890119865119894119899119886119897




119903119890119886119897119860119889V





0with


or 119879 isin 1198661199011


isin 119885119873(forall119909)


120578 119892

119886 119867

119909=





1with equal


= (119872lowast 120588) to 119861


3 V1015840

119899isin 119885


119894isin 119885

119873to build


= (1 V10158402 V1015840

3 V1015840



0and 119872

1and computes the


119862 = 119872120579119890 (119892 119892)

119904120578= 119872

120579119890 (119892 119879)

120578

1198621015840= 119879

119862119894= 119879

119886997888119872

lowast

119894sdot997888V1015840

119879minus1199031015840

119894ℎ120588(119894)

119863119894= 119879

1199031015840

119894

(15)




If 119879 isin 1198661199011


with 997888V = 119904997888V

1015840 and 119903119894= 119903

1015840


119860 If 119879 isin 11986611990111199012

let 119879 = 119892119904119892119888



1015840

119894 and 119911

120588(119894)= ℎ

120588(119894)


2 V1015840

3 V1015840

119899 119903

1015840

119894 ℎ

120588(119894)modulo 119901



0for 119860



and 11986611990111199012





Proof 119861 receives 119892 11988311198832 119883

3 119884


Game119896minus12

or Game1198961


or 119879 isin 11986611990111199013


119873(forall119909 isin 119880)


120578 119892

119886 119867

119909=





119873and 119877

1015840

0 119877

119909isin 119866

1199013

and sets

119870 = 119892120578119892119886119905(119884

21198843)119905

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(16)




0 119877

1015840

0 119877

119909isin

1198661199013

and computes

119870 = 1198921205781198791198861198770

119871 = 1198791198771015840

0

119870119909= 119879

ℎ119909119877

119909forall119909 isin 119878

(17)

If 119879 isin 11986611990111199013


119909 If we let factor 119892119887

2denote the 119866

1199012


2 Note that 119911

119909mod119901

2is uncorrelated to

ℎ119909modulo119901

1 let 119892119887


1199012

part of 119870 let 1198921198872be


part of 119871 and let 1198921198871199111199092


partof 119870

119909



1with equal


119892119904

= 1198831and 119892

119887

2= 119883


values 1199062 119906

3 119906

119899isin 119885


1199061015840

=

(119886 1199062 119906

3 119906


119894isin 119885

119873


0and 119872

1and


119862 = 119872120579119890 (119892119883

11198832)120578

1198621015840= 119883

11198832

119862119894= (119883

11198832)

997888119872

lowast

119894sdot1199061015840

(11988311198832)minus1199031015840

119894ℎ120588(119894)

119863119894= (119883

11198832)1199031015840

119894

(18)


and 997888119906 = 119888

9978881199061015840



1199012

It also sets 119903119894= 119904 sdot 119903

1015840

119894and 120574

119894=

minus119888 sdot 1199031015840

119894 The values 119911

120588(119894)= ℎ




= 119888119887119886 minus 119887119888119886 = 0






997888120590+

99788811990610158401015840

for119891 isin 119885119873



1=

997888119906 sdot (1 0 0 0) = 119891(1 0 0 0) sdot

997888120590 + (1 0 0 0) sdot

99788811990610158401015840

and (1 0 0 0) sdot997888120590 = 0 the item



119894sdot997888119906 =

997888119872

119894sdot (119891

997888120590 +

99788811990610158401015840

) =997888119872

119894sdot99788811990610158401015840


119872

lowast

119894sdot997888119906 + 120574

119894119911120588(119894)


119894mod 119901








11990111199013



2 then 119861 has






element on11986611990111199013





Proof 119861 receives 119892 11988311198832 119883

3 119884


Game1198961

or Game1198962


11990111199013




119870 = 1198921205781198791198861198770(119884

21198843)ℎ

119871 = 1198791198771015840

0

119870119909= 119879

ℎ119909119877

119909forall119909 isin 119878

(19)



1199012


1equiv 0mod 119901



11990111199013






1198962and Game

1198961 119861 also has


and 119866


1198762119860119889V119860 minus 119866119886119898119890119865119894119899119886119897

119860119889V119860



1205721198832 119883

3 119892

1199041198842 119885


1198762or






120578=

119890(119892 1198921205781198832) 119892

119886 119867

119909= 119892


120578





CTDH And



CTDH And



119873

and 1198770 119877

1015840

0 119877

119909isin 119866

1199013

and sets

119870 = 119892120578119892119886119905119885119905

21198770

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(20)



1with equal



1199062 119906

3 119906

119899isin 119885


2 119906

3 119906

119899)


119873 119861 chooses a


0and 119872

1and generates the


119862 = 119872120579119879

1198621015840= 119892

1199041198842

119862119894= (119892

1199041198842)

997888119872

lowast

119894

9978881199061015840

(1198921199041198842)minus1199031015840

119894ℎ120588(119894)

119863119894= (119892

1199041198842)1199031015840

119894

(21)


minus1119904119906


1198661199011



119894= 119904119903

1015840

119894and 120574

119894= minus119888119903

1015840

119894









advantage 120576



120579to



=

119892119904



119904

0 it






119866+ 119871

119866119879(3119899 + 1)119871

119885119902(2119899 + 1)119871

119866(119899 + 2)119871

119866+ 119871

119866119879

Luo et alrsquos [7] (1198731015840+ 2119899 + 4)119871

119866+ 119871

119866119879(119873

1015840+ 2119899 + 1)119871

119885119902(4119899 + 1)119871

119866(119899 + 2)119871

119866+ 119871

119866119879


119866119879+ 3119899119871

119885119902(3119899 + 3)119871

119885119902(119899 + 1)119871

119866+ 119871

119885119902(119899 + 2)119871

119866+ 119871

119866119879

Lirsquos [9] (119899 + 2)119871119866+ 119871

119866119879119871119866

(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119871119866+ 119871

119866119879


119866119879+ 6Hash 119871

119866(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 3)119871119866+ 119871

012119896


1198661198792119871

119866(1003816100381610038161003816119860119880

1003816100381610038161003816 + 3)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 5)119871119866+ 119871

119866119879


119866119879119871119866+ (1 + 119899)119871

119885119902(119899 + 1)119871

1198663119871

119866+ 119871

119866119879+ 119899119871

119885119902

Our scheme (119899 + 2)119871119866+ 119871

119866119879119871119866+ 119871

119885119902(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119871119866+ 119871

119866119879



119879(119899 + 2)119875 + 2119866

119879(119899 + 1)119875 + 119866

119879(119899 + 3)119875 + 4119866

119879

Luo et alrsquos [7] (119899 + 2)119866 + 2119866119879

2119899119875 + 3119866119879

(2119899 + 1)119875 + (119899 + 1)119866119879

(2119899 + 1)119875 + 5119866119879


2119875 + (3119899 + 2)119866 + 2119866119879

2119875 + 3119899119866 + 119866119879

3119875 + 3119899119866 + 4119866119879

Lirsquos [9] (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 2119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + 3119866119879

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 1)119875 + 41003816100381610038161003816119860119862

1003816100381610038161003816 119866 + 31003816100381610038161003816119860119862

1003816100381610038161003816 119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + (31003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119866119879


1003816100381610038161003816 + 2)119866 + 119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + 31003816100381610038161003816119860119880

1003816100381610038161003816 119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + (31003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + 31003816100381610038161003816119860119880

1003816100381610038161003816 119866119879


1003816100381610038161003816 + 4)119866 + 2119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 3)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 4)119866119879


2119875 + 119899119866 119899119875 + (119899 minus 1)119866 119899119875 + 2119866 + 119866119879

Our scheme (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 2119866119879

2119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 2119866119879

2119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 2119866119879

3119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 4119866119879


119880| |119860

119862|



119879 and 119875 for the



119899

119894=1119899119894to denote







Notations





119892 Generator of 1198661199011


1199013





Competing Interests


Acknowledgments


References


















































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











1with equal


119892119904

= 1198831and 119892

119887

2= 119883


values 1199062 119906

3 119906

119899isin 119885


1199061015840

=

(119886 1199062 119906

3 119906


119894isin 119885

119873


0and 119872

1and


119862 = 119872120579119890 (119892119883

11198832)120578

1198621015840= 119883

11198832

119862119894= (119883

11198832)

997888119872

lowast

119894sdot1199061015840

(11988311198832)minus1199031015840

119894ℎ120588(119894)

119863119894= (119883

11198832)1199031015840

119894

(18)


and 997888119906 = 119888

9978881199061015840



1199012

It also sets 119903119894= 119904 sdot 119903

1015840

119894and 120574

119894=

minus119888 sdot 1199031015840

119894 The values 119911

120588(119894)= ℎ




= 119888119887119886 minus 119887119888119886 = 0






997888120590+

99788811990610158401015840

for119891 isin 119885119873



1=

997888119906 sdot (1 0 0 0) = 119891(1 0 0 0) sdot

997888120590 + (1 0 0 0) sdot

99788811990610158401015840

and (1 0 0 0) sdot997888120590 = 0 the item



119894sdot997888119906 =

997888119872

119894sdot (119891

997888120590 +

99788811990610158401015840

) =997888119872

119894sdot99788811990610158401015840


119872

lowast

119894sdot997888119906 + 120574

119894119911120588(119894)


119894mod 119901








11990111199013



2 then 119861 has






element on11986611990111199013





Proof 119861 receives 119892 11988311198832 119883

3 119884


Game1198961

or Game1198962


11990111199013




119870 = 1198921205781198791198861198770(119884

21198843)ℎ

119871 = 1198791198771015840

0

119870119909= 119879

ℎ119909119877

119909forall119909 isin 119878

(19)



1199012


1equiv 0mod 119901



11990111199013






1198962and Game

1198961 119861 also has


and 119866


1198762119860119889V119860 minus 119866119886119898119890119865119894119899119886119897

119860119889V119860



1205721198832 119883

3 119892

1199041198842 119885


1198762or






120578=

119890(119892 1198921205781198832) 119892

119886 119867

119909= 119892


120578





CTDH And



CTDH And



119873

and 1198770 119877

1015840

0 119877

119909isin 119866

1199013

and sets

119870 = 119892120578119892119886119905119885119905

21198770

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(20)



1with equal



1199062 119906

3 119906

119899isin 119885


2 119906

3 119906

119899)


119873 119861 chooses a


0and 119872

1and generates the


119862 = 119872120579119879

1198621015840= 119892

1199041198842

119862119894= (119892

1199041198842)

997888119872

lowast

119894

9978881199061015840

(1198921199041198842)minus1199031015840

119894ℎ120588(119894)

119863119894= (119892

1199041198842)1199031015840

119894

(21)


minus1119904119906


1198661199011



119894= 119904119903

1015840

119894and 120574

119894= minus119888119903

1015840

119894









advantage 120576



120579to



=

119892119904



119904

0 it






119866+ 119871

119866119879(3119899 + 1)119871

119885119902(2119899 + 1)119871

119866(119899 + 2)119871

119866+ 119871

119866119879

Luo et alrsquos [7] (1198731015840+ 2119899 + 4)119871

119866+ 119871

119866119879(119873

1015840+ 2119899 + 1)119871

119885119902(4119899 + 1)119871

119866(119899 + 2)119871

119866+ 119871

119866119879


119866119879+ 3119899119871

119885119902(3119899 + 3)119871

119885119902(119899 + 1)119871

119866+ 119871

119885119902(119899 + 2)119871

119866+ 119871

119866119879

Lirsquos [9] (119899 + 2)119871119866+ 119871

119866119879119871119866

(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119871119866+ 119871

119866119879


119866119879+ 6Hash 119871

119866(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 3)119871119866+ 119871

012119896


1198661198792119871

119866(1003816100381610038161003816119860119880

1003816100381610038161003816 + 3)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 5)119871119866+ 119871

119866119879


119866119879119871119866+ (1 + 119899)119871

119885119902(119899 + 1)119871

1198663119871

119866+ 119871

119866119879+ 119899119871

119885119902

Our scheme (119899 + 2)119871119866+ 119871

119866119879119871119866+ 119871

119885119902(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119871119866+ 119871

119866119879



119879(119899 + 2)119875 + 2119866

119879(119899 + 1)119875 + 119866

119879(119899 + 3)119875 + 4119866

119879

Luo et alrsquos [7] (119899 + 2)119866 + 2119866119879

2119899119875 + 3119866119879

(2119899 + 1)119875 + (119899 + 1)119866119879

(2119899 + 1)119875 + 5119866119879


2119875 + (3119899 + 2)119866 + 2119866119879

2119875 + 3119899119866 + 119866119879

3119875 + 3119899119866 + 4119866119879

Lirsquos [9] (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 2119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + 3119866119879

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 1)119875 + 41003816100381610038161003816119860119862

1003816100381610038161003816 119866 + 31003816100381610038161003816119860119862

1003816100381610038161003816 119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + (31003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119866119879


1003816100381610038161003816 + 2)119866 + 119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + 31003816100381610038161003816119860119880

1003816100381610038161003816 119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + (31003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + 31003816100381610038161003816119860119880

1003816100381610038161003816 119866119879


1003816100381610038161003816 + 4)119866 + 2119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 3)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 4)119866119879


2119875 + 119899119866 119899119875 + (119899 minus 1)119866 119899119875 + 2119866 + 119866119879

Our scheme (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 2119866119879

2119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 2119866119879

2119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 2119866119879

3119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 4119866119879


119880| |119860

119862|



119879 and 119875 for the



119899

119894=1119899119894to denote







Notations





119892 Generator of 1198661199011


1199013





Competing Interests


Acknowledgments


References


















































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation













CTDH And



CTDH And



119873

and 1198770 119877

1015840

0 119877

119909isin 119866

1199013

and sets

119870 = 119892120578119892119886119905119885119905

21198770

119871 = 1198921199051198771015840

0

119870119909= 119867

119905

119909119877119909


(20)



1with equal



1199062 119906

3 119906

119899isin 119885


2 119906

3 119906

119899)


119873 119861 chooses a


0and 119872

1and generates the


119862 = 119872120579119879

1198621015840= 119892

1199041198842

119862119894= (119892

1199041198842)

997888119872

lowast

119894

9978881199061015840

(1198921199041198842)minus1199031015840

119894ℎ120588(119894)

119863119894= (119892

1199041198842)1199031015840

119894

(21)


minus1119904119906


1198661199011



119894= 119904119903

1015840

119894and 120574

119894= minus119888119903

1015840

119894









advantage 120576



120579to



=

119892119904



119904

0 it






119866+ 119871

119866119879(3119899 + 1)119871

119885119902(2119899 + 1)119871

119866(119899 + 2)119871

119866+ 119871

119866119879

Luo et alrsquos [7] (1198731015840+ 2119899 + 4)119871

119866+ 119871

119866119879(119873

1015840+ 2119899 + 1)119871

119885119902(4119899 + 1)119871

119866(119899 + 2)119871

119866+ 119871

119866119879


119866119879+ 3119899119871

119885119902(3119899 + 3)119871

119885119902(119899 + 1)119871

119866+ 119871

119885119902(119899 + 2)119871

119866+ 119871

119866119879

Lirsquos [9] (119899 + 2)119871119866+ 119871

119866119879119871119866

(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119871119866+ 119871

119866119879


119866119879+ 6Hash 119871

119866(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 3)119871119866+ 119871

012119896


1198661198792119871

119866(1003816100381610038161003816119860119880

1003816100381610038161003816 + 3)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 5)119871119866+ 119871

119866119879


119866119879119871119866+ (1 + 119899)119871

119885119902(119899 + 1)119871

1198663119871

119866+ 119871

119866119879+ 119899119871

119885119902

Our scheme (119899 + 2)119871119866+ 119871

119866119879119871119866+ 119871

119885119902(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119871119866+ 119871

119866119879



119879(119899 + 2)119875 + 2119866

119879(119899 + 1)119875 + 119866

119879(119899 + 3)119875 + 4119866

119879

Luo et alrsquos [7] (119899 + 2)119866 + 2119866119879

2119899119875 + 3119866119879

(2119899 + 1)119875 + (119899 + 1)119866119879

(2119899 + 1)119875 + 5119866119879


2119875 + (3119899 + 2)119866 + 2119866119879

2119875 + 3119899119866 + 119866119879

3119875 + 3119899119866 + 4119866119879

Lirsquos [9] (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 2119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + 3119866119879

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 1)119875 + 41003816100381610038161003816119860119862

1003816100381610038161003816 119866 + 31003816100381610038161003816119860119862

1003816100381610038161003816 119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + (31003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119866119879


1003816100381610038161003816 + 2)119866 + 119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + 31003816100381610038161003816119860119880

1003816100381610038161003816 119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + (31003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + 31003816100381610038161003816119860119880

1003816100381610038161003816 119866119879


1003816100381610038161003816 + 4)119866 + 2119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 3)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 4)119866119879


2119875 + 119899119866 119899119875 + (119899 minus 1)119866 119899119875 + 2119866 + 119866119879

Our scheme (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 2119866119879

2119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 2119866119879

2119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 2119866119879

3119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 4119866119879


119880| |119860

119862|



119879 and 119875 for the



119899

119894=1119899119894to denote







Notations





119892 Generator of 1198661199011


1199013





Competing Interests


Acknowledgments


References


















































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation












119866+ 119871

119866119879(3119899 + 1)119871

119885119902(2119899 + 1)119871

119866(119899 + 2)119871

119866+ 119871

119866119879

Luo et alrsquos [7] (1198731015840+ 2119899 + 4)119871

119866+ 119871

119866119879(119873

1015840+ 2119899 + 1)119871

119885119902(4119899 + 1)119871

119866(119899 + 2)119871

119866+ 119871

119866119879


119866119879+ 3119899119871

119885119902(3119899 + 3)119871

119885119902(119899 + 1)119871

119866+ 119871

119885119902(119899 + 2)119871

119866+ 119871

119866119879

Lirsquos [9] (119899 + 2)119871119866+ 119871

119866119879119871119866

(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119871119866+ 119871

119866119879


119866119879+ 6Hash 119871

119866(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 3)119871119866+ 119871

012119896


1198661198792119871

119866(1003816100381610038161003816119860119880

1003816100381610038161003816 + 3)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 5)119871119866+ 119871

119866119879


119866119879119871119866+ (1 + 119899)119871

119885119902(119899 + 1)119871

1198663119871

119866+ 119871

119866119879+ 119899119871

119885119902

Our scheme (119899 + 2)119871119866+ 119871

119866119879119871119866+ 119871

119885119902(1003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119871119866

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119871119866+ 119871

119866119879



119879(119899 + 2)119875 + 2119866

119879(119899 + 1)119875 + 119866

119879(119899 + 3)119875 + 4119866

119879

Luo et alrsquos [7] (119899 + 2)119866 + 2119866119879

2119899119875 + 3119866119879

(2119899 + 1)119875 + (119899 + 1)119866119879

(2119899 + 1)119875 + 5119866119879


2119875 + (3119899 + 2)119866 + 2119866119879

2119875 + 3119899119866 + 119866119879

3119875 + 3119899119866 + 4119866119879

Lirsquos [9] (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 2119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + 3119866119879

(21003816100381610038161003816119860119862

1003816100381610038161003816 + 1)119875 + 41003816100381610038161003816119860119862

1003816100381610038161003816 119866 + 31003816100381610038161003816119860119862

1003816100381610038161003816 119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + (31003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119866119879


1003816100381610038161003816 + 2)119866 + 119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + 31003816100381610038161003816119860119880

1003816100381610038161003816 119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + (31003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + 31003816100381610038161003816119860119880

1003816100381610038161003816 119866119879


1003816100381610038161003816 + 4)119866 + 2119866119879(21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 1)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 2)119866119879

(21003816100381610038161003816119860119880

1003816100381610038161003816 + 3)119875 + (21003816100381610038161003816119860119880

1003816100381610038161003816 + 4)119866119879


2119875 + 119899119866 119899119875 + (119899 minus 1)119866 119899119875 + 2119866 + 119866119879

Our scheme (41003816100381610038161003816119860119862

1003816100381610038161003816 + 2)119866 + 2119866119879

2119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 2119866119879

2119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 2119866119879

3119875 + (41003816100381610038161003816119860119880

1003816100381610038161003816 minus 1)119866 + 4119866119879


119880| |119860

119862|



119879 and 119875 for the



119899

119894=1119899119894to denote







Notations





119892 Generator of 1198661199011


1199013





Competing Interests


Acknowledgments


References


















































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











Competing Interests


Acknowledgments


References


















































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation



































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation









Documents

Research Article Efficient and Adaptively Secure Attribute ...downloads.hindawi.com/journals/ijdsn/2016/5235714.pdfin which a user is able to empower designated users to decrypt reencrypted