Review Article A Survey of Research Progress and ...downloads.hindawi.com/journals/tswj/2014/193426.pdf · 2014 Dual-policy ABE 2009 User/attribute revocation 2007 2013 Accountability

Review ArticleA Survey of Research Progress and Development Tendency ofAttribute-Based Encryption

Liaojun Pang123 Jie Yang1 and Zhengtao Jiang4

1 State Key Laboratory of Integrated Services Networks Xidian University Xirsquoan 710071 China2 School of Life Science and Technology Xidian University Xirsquoan 710071 China3Department of Computer Science Wayne State University Detroit MI 48202 USA4Department of Computer Science Communication University of China Beijing 100024 China

Correspondence should be addressed to Liaojun Pang ljpangmailxidianeducn

Received 22 January 2014 Accepted 11 June 2014 Published 2 July 2014

Academic Editor Gloria Bordogna

Copyright copy 2014 Liaojun Pang et al This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

With the development of cryptography the attribute-based encryption (ABE) draws widespread attention of the researchers inrecent yearsThe ABE scheme which belongs to the public key encryption mechanism takes attributes as public key and associatesthem with the ciphertext or the userrsquos secret key It is an efficient way to solve open problems in access control scenarios forexample how to provide data confidentiality and expressive access control at the same time In this paper we survey the basic ABEscheme and its two variants the key-policy ABE (KP-ABE) scheme and the ciphertext-policy ABE (CP-ABE) scheme We also payattention to other researches relating to the ABE schemes including multiauthority userattribute revocation accountability andproxy reencryption with an extensive comparison of their functionality and performance Finally possible future works and someconclusions are pointed out

1 Introduction

With the development of the Internet and the distributedcomputing technology there is a growing demand for datasharing and processing in an open distributed computingenvironment The data provider needs to provide expressiveaccess control and data confidentiality when communicatingwith customers What is more it is urgent for large-scaledistributed applications to support one-to-many communi-cationmode to reduce the enormous costs of data encryption

The traditional encryption mechanism based on publickey infrastructure (PKI) [1] can achieve data confidentialityhowever it has disadvantages On one hand in order toencrypt data the data provider needs firstly to obtain thepublic keys of authorized users and then sends the encrypteddata separately to the corresponding user which increasesthe processing overhead and the bandwidth demand [2] Onthe other hand although broadcast encryption [3] can solvethe efficiency problem mentioned above the data providermust obtain the userrsquos list before encryption In additionif the data provider wants the recipient to be the one with

certain identity not the one who is specified the publickey encryption will not work anymore Therefore moreapplicable encryption mechanisms are required

Identity-based encryption (IBE) [4] mechanism allows asender to encrypt a message to an identity without accessinghis public key certificate which simplifies the certificatemanagement procedure and reduces certificate transmissionoverhead The ability to carry out public key encryptionwithout certificates makes IBE suitable for many practi-cal applications For example Alice can send a messageencrypted by Bobrsquos email address (eg Bobhotmailcom) toBob without the support of PKI

One common feature of all previous IBE schemes is thatthey regard identities as a string of characters However in2005 Sahai and Waters [5] proposed a new type of IBEscheme called fuzzy IBE (FIBE) which regards identities asa set of descriptive attributes FIBE can be regarded as thefirst concept of ABE in which the data owner can encrypt amessage to all users that have a certain set of attributes In thesame year Nali et al [6] proposed a threshold ABE schemeAlthough this scheme can prevent the collusion attacks

Hindawi Publishing Corporatione Scientific World JournalVolume 2014 Article ID 193426 13 pageshttpdxdoiorg1011552014193426

2 The Scientific World Journal

it introduces new disadvantage that the threshold semanticsare limited in designing more general systems which needexpressive access control

In ABE scheme attribute plays a very important roleAttributes have been exploited to generate a public key forencryption data and have been used as an access policy tocontrol usersrsquo access Based on the access policy subsequentresearches can be roughly categorized [7] as either key-policyor ciphertext-policyThe first KP-ABE scheme that allows anymonotone access structures was proposed by Goyal et al [7]and the first CP-ABE scheme was presented by Bethencourtet al [8] After that several KP-ABE [9ndash11] and CP-ABEschemes [12ndash20] were proposed Goyal et al [12] presenteda bounded CP-ABE scheme in the standard model but thefirst fully expressive CP-ABE scheme in the standard modelwas proposed byWaters [13] Subsequently Attrapadung andImai [21] proposed a Dual-Policy ABE scheme which allowskey-policy and ciphertext-policy to act on encrypted datasimultaneously

Moreover Muller et al [22 23] proposed a distributedABE scheme with a constant number of bilinear pairingoperations during decryption Yu et al [24] proposed a fine-grained data access control encryption scheme Tang andJi [25] proposed a verifiable ABE scheme and Wang et al[26 27] proposed a hierarchical ABE (HABE) scheme in2010 and 2011 respectively In these schemes Wang et alused the disjunctive normal form policy to generate the keyshierarchically assuming that all attributes in one conjunctiveclause are administered by the same domain authority Morestudies on HABE are in literatures [28ndash30]

In each ABE scheme mentioned above the user must goto a trusted party to prove his identity before obtaining asecret key which allows him to decrypt messages Chase [31]gave an efficient multiauthority ABE scheme in which theuserrsquos secret key is no longer authorized by a single centerauthority but authorized separately by different cooperativeand independent authorities In addition to this there are alsosome multiauthority ABE schemes [31ndash37]

According to the existing schemes a summary [38] ofthe criterial functionalities in an ideal ABE scheme is listedas follows (1) Data confidentiality unauthorized participantscannot know the information about the encrypted data(2) Fine-grained access control in order to achieve flexibleaccess control even for users in the same group theiraccess rights are not the same (3) Scalability the numberof authorized users cannot affect the performance of thescheme That is to say the scheme can deal with the case thatthe number of the authorized users increases dynamically(4) Userattribute revocation if a user quits the systemthe scheme can revoke his access right Similarly attributerevocation is inevitable (5) Accountability in all previousschemes the dishonest users can just directly give away partof their original or transformed keys such that nobody cantell who has distributed these keysThe above problem whichis called key abuse should be prevented by accountability(6) Collusion resistance the dishonest users cannot combinetheir attributes to decrypt the encrypted data

In order to realize an ideal ABE scheme some researcheswhich are aimed at addressing the issue of userattribute

Concept proposed2005minus2006

Development2007ndash2013

Future work2014

Dual-policy ABE 2009

Userattribute revocation2007ndash2013

Accountability 2009ndash2012

PRE 2008ndash2013

ABE schemes2006ndash2012

FIBE 2005

KP-ABE CP-ABE 2006

KP-ABE 2006ndash2011

Multiauthority ABE2007ndash2012

CP-ABE 2007ndash2012

Figure 1 Development of ABE

revocation [8 9 39ndash48] and accountability [49ndash53] in ABEschemes have been published on journals or academic confer-ences What is more with its own advantages the attribute-based cryptosystem has the ability and possibility to beapplied to other areas Particularly lots of studies which focuson the applications of ABE in proxy reencryption [54ndash59]have been proposed

In conclusion the existing research results about ABEcan be generally divided into the design of ABE schemes themultiauthority ABE schemes and the userattribute revoca-tion accountability and applications of ABE schemes whichcan be shown in Figure 1 According to this classification therest of this paper can be organized as follows We introducethe basic ABE scheme in Section 2 The KP-ABE CP-ABEand Dual-policy ABE are examined in Section 3 Thenmultiauthority ABE is surveyed in Section 4 Userattributerevocation and accountability in ABE are shown in Sections5 and 6 respectively One application of ABE the attribute-based proxy reencryption is surveyed in Section 7 What ismore in Section 8 we point out the problems worth furtherstudying Finally we make some conclusions in Section 9

2 Formal Model of the Basic ABE

In 2005 Sahai andWaters [5] proposed the FIBE which viewsidentities as a set of descriptive attributes With its basic anddescriptive algorithms to say the least this scheme is usuallyregarded as the basic ABE scheme In this section firstlywe deal with the complexity assumptions used in the basicABE schemeThen we give the formal algorithm and securitymodel of it

The Scientific World Journal 3

21 Complexity Assumptions The complexity assumptionsare stated below

Definition 1 (decisional bilinear Diffie-Hellman (BDH)assumption) Suppose a challenger chooses 119886 119887 119888 119911 isin 119885119901

at random The decisional BDH assumption is that nopolynomial-time adversary is able to distinguish the tuple(119860 = 119892

119886 119861 = 119892119887 119862 = 119892

119888 119885 = 119890(119892 119892)119886119887119888) from the tuple

(119860 = 119892119886 119861 = 119892

119887 119862 = 119892119888 119885 = 119890(119892 119892)

119911) with a negligibleadvantage

Definition 2 (decisional modified Bilinear Diffie-Hellman(MBDH) assumption) Suppose a challenger chooses119886 119887 119888 119911 isin 119885119901 at random The decisional MBDH assumptionis that no polynomial-time adversary is able to distinguishthe tuple (119860 = 119892

119886 119861 = 119892119887 119862 = 119892

119888 119885 = 119890(119892 119892)119886119887119888) from

(119860 = 119892119886 119861 = 119892

119887 119862 = 119892119888 119885 = 119890(119892 119892)


22 Formal Definition of Algorithm Model Sahai and Waters[5] gave the formal definition of the FIBE Generally speak-ing an ABE scheme usually consists of the following fourfundamental algorithms namely Setup Key GenerationEncryption and Decryption and it has a sender an authorityand some receivers as participants

The four algorithms in the basic ABE scheme are shownas follows

Setup This is a randomized algorithm performed by anauthority in order to create a new ABE scheme It takes noinput other than the implicit security parameter 119896 andoutputsa set of public parameters PK and a master key MK

Key GenerationThe authority executes this algorithm for thepurpose of generating a secret key It takes as input a set ofattributes 120596 the master key MK and the public parametersPK and outputs a decryption key SK

Encryption This randomized algorithm is run by a senderwho wants to encrypt a message 119898 with a set of attributes1205961015840 and the public parameters PK It outputs the ciphertext

CT

Decryption This algorithm takes as input the ciphertext119864 that has been encrypted under the set 1205961015840 of attributesthe decryption key SK associated with 120596 and the publicparameters PK It outputs the message 119872 if |120596 cap 120596

1015840| ge 119889

and here 119889 is a threshold parameterIn the basic ABE scheme the userrsquos secret key and the

ciphertext are labeled with sets of descriptive attributes Aparticular key can decrypt a particular ciphertext only if thereare at least 119889 attributes overlapped between the attributes ofthe ciphertext and the userrsquos keyThe decryption condition ina KP-ABE or CP-ABE scheme is that the attributes set satisfiesthe access structure specified in the secret key or ciphertext

23 Security Model We now discuss the security of the basicABE scheme A selective-set model is defined for provingthe security of the scheme under chosen plaintext attack [5]

The fuzzy selective-ID game is very similar to the standardselective-IDmodel for identity-based encryption [4] with theexception that the adversary is only allowed to query forsecret keys for identities which have 119889 minus 1 or less attributesoverlapped with the target identify

The selective-ID game played between a challenger andan adversary is shown below

Fuzzy Selective-ID Model of the Basic ABE

Init The adversary declares the identity 120572 upon which hewishes to be challenged

Setup The challenger runs the Setup algorithm and tells theadversary the public parameters

Phase 1 The adversary is allowed to issue queries for secretkeys of multiple identities 120574119895 where |120574119895 cap 120572| lt 119889 for all 119895

Challenge The adversary submits two messages 1198720 and 1198721with equal length The challenger flips a random coin tochoose a value 119887 and encrypts 119872119887 with 120572 The ciphertext ispassed to the adversary

Phase 2 Phase 1 is repeated

GuessThe adversary outputs a guess 1198871015840 of 119887The advantage of an adversary 119860 in this game is defined

as

Adv119860 =1003816100381610038161003816100381610038161003816

pr [1198871015840 = 119887] minus

1

2

1003816100381610038161003816100381610038161003816

(1)

Definition 3 A scheme is secure in the fuzzy selective-IDsecurity model if all polynomial-time adversaries have atmost a negligible advantage in the above game

Sahai and Waters [5] proved the CPA security of thebasic ABE scheme in the selective-ID model by reducingit to the hardness of the decisional MBDH assumptionThey also pointed out that the scheme can be extended tothe chosen-ciphertext model by applying the technique ofthe simulation-sound noninteractive zero knowledge (NIZK)proofs to achieve the CCA security [60] It is well known thatthe CPA security is themost basic security requirement of thepublic key encryption mechanism and that the CCA securityis a stronger one However most of the existing ABE schemescan only be proved CPA secure and it still remains as anopen problem to design a CCA secure ABE scheme To somedegree the security proofs in the existing ABE schemes havethe same thoughtwith the idea that anABE scheme is a secureone if no probabilistic polynomial time adversary 119860 can winthe corresponding game with a nonnegligible advantage agenerally accepted fact that will be shown in the next section

3 ABE Schemes

With stronger and richer expression capability the FIBE [5]scheme which was introduced in Section 2 is considered asthe extension of the traditional IBE scheme [4] In an FIBEscheme ciphertexts are labeled with a set of attributes 120596


and a userrsquos secret key is associated with both a thresholdparameter 119889 and another set of attributes 1205961015840 To enable auser to decrypt a ciphertext it is inevitable that there areat least 119889 attributes overlapped between the ciphertext andhis secret key The only access structure supported in theFIBE scheme is ldquothresholdrdquo which is fixed at the setup phaseby the authority However there is an increasing need offlexible access control policies supporting the operationslike ldquoandrdquo ldquoorrdquo ldquothresholdrdquo ldquononrdquo and so forth in manypractical applications That is to say the FIBE scheme islimited in many general application scenarios Thereforemore and richer types of ABE schemes were proposedThese schemes in accordance with the different protectionstrategy deployment ways can be divided into two maincategories [7] KP-ABE schemes and CP-ABE schemes Alsothere is a hybrid type called the dual-policy ABE scheme acombination of the above two types A brief introduction tothese schemes will be given in this section

31 KP-ABE In 2006 Goyal et al [7] introduced the ideaof a more general key-policy attribute-based cryptosystemfor fine-grained sharing of encrypted data and proved itssecurity in the attribute-based selective-set model under thedecisional bilinear Diffie-Hellman (DBDH) assumptionThisscheme is called the KP-ABE scheme since each secret keyis associated with a tree access structure which specifiesthe type of ciphertexts which can be decrypted by thissecret key where ciphertexts are simply labeled with a setof descriptive attributes If and only if the attributes setsatisfies the access structure specified in the secret key theuser can decrypt the ciphertext Their scheme gives us apowerful tool for encryption with fine-grained access controlfor applications such as sharing audit log information Italso supports delegation of secret keys Unfortunately witha drawback that the access policy is built into the secret keythe data owner in a KP-ABE scheme cannot decide the onewho can decrypt the ciphertext and he can only choose a setof attributes to control the access of ciphertexts Besides theaccess structure is amonotonic access structurewhich cannotexpress the negative attribute to exclude the participants withwhom the data owner does not want to share data

Subsequently Ostrovsky et al [9] proposed a schemewitha nonmonotonic access structure where the secret keys arelabeled with a set of attributes including positive and negativeattributes Comparatively the ABE scheme with nonmono-tonic access structure can express a more complicated accesspolicy Unfortunately this mechanism doubles the size of theciphertext and secret key and adds encryptiondecryptionoverheads at the same time Ostrovsky et alrsquos initial construc-tion is recently improved by Lewko et al [10] who used anew technique to achieve user revocation anddesign themostefficient nonmonotonic KP-ABE scheme

In the above KP-ABE schemes the ciphertext size growslinearly with the number of ciphertext attributes and the onlyknown exception only supports restricted forms of thresholdaccess policies Attrapadung et al [11] proposed the firstKP-ABE scheme with nonmonotonic access structures andconstant ciphertext size The disadvantage is that the secretkey has quadratic size in the number of attributes

32 CP-ABE Goyal et al [7] suggested the possibility of aCP-ABE scheme but they did not offer any constructions Ina CP-ABE scheme a userrsquos secret key will be associated withan arbitrary number of attributes expressed as strings whileciphertext is associated with an access structure A user willonly be able to decrypt a ciphertext if his attributes satisfy theaccess structure of the ciphertext

In 2007 using amonotonic access tree as access structureBethencourt et al [8] proposed the first CP-ABE construc-tionTheir scheme can support flexible access control policieslike the KP-ABE [7] scheme but the security proof is in thegeneric group model

Cheung andNewport [14] provided a provably secureCP-ABE scheme which is proved to be secure under the standardmodel and their scheme supports AND gate on positive andnegative attributes as its access policy They use a do not careelement to indicate the attribute which does not appear in theAND gate Intuitively the public key elements 119879119894 119879119899+119894 and1198792119899+119894 correspond to the three types of occurrences of 119894 posi-tive negative and do not careThis scheme is proved to be theCPA secure under the DBDH assumption for the first timeAnd it improves the security proof in Bethencourt et alrsquos[8] Unfortunately two drawbacks remain Firstly it is notsufficiently expressive because it supports only policies withlogical conjunction Secondly the size of the ciphertext andthe secret key increases linearly with the total number ofattributes in this scheme These two shortcomings make thisscheme less efficient than Bethencourt et alrsquos [8]

Based on Cheung and Newportrsquos scheme [14] Nishideet al [15] and Emura et al [16] improved the efficiencyand achieved hidden policies respectively Nishide et al [15]proposed a scheme with AND gates onmulti-value attributesas its access policy Emura et al [16] used the same accesspolicy and propose an improved scheme And this schemealso achieves a constant length of ciphertext and constantnumber of bilinear pairing operations

In order to design CP-ABE scheme with flexible strategyunder the DBDH assumption Goyal et al [12] and Lianget al [17] adopted bounded tree structure Goyal et al[12] presented a bounded CP-ABE (BCP-ABE) scheme inthe standard model and generalized the transformationalapproach to show how to transform a KP-ABE scheme intoa CP-ABE one by using what they called ldquouniversal accesstreerdquo The BCP-ABE scheme supports any access formulasof polynomial bounded size (including the ldquoandrdquo ldquoorrdquo andldquothresholdrdquo operations) with a shortcoming that the senderis restricted to use only an access tree whose depth 119889

1015840le 119889

(here 119889 indicates the depth of the access trees defined in thesetup phase) Liang et al [17] improved the BCP-ABE scheme[12] by improving the efficiency of the encryptiondecryptionalgorithm and shortening the length of public key secret keyand ciphertext

Later Ibraimi et al [18] used the general access treestructure to eliminate the boundary constraints in [12 17]and presented a new technique to realize the CP-ABE schemewithout Shamirrsquos threshold secret sharing In their schemethe sender defines the privacy policy by using an access treewhich is 119899-ary tree represented by and and or nodes Notethat realizing a scheme without threshold secret sharing is


Table 1 Comparison of security proof and policy complexity in different CP-ABE schemes

Scheme Access structure Assumption Model Supported policyCheung and Newport [14] AND gate between two-value attributes DBDH Selective And nonNishide et alrsquos [15] AND gate among multivalue attributes DBDH D-linear Selective AndEmura et alrsquos [16] AND gate among multivalue attributes DBDH Selective AndBethencourt et alrsquos [8] Tree without bound Generic group Adaptive And or thresholdIbraimi et alrsquos [18] Tree without bound DBDH Selective And or thresholdGoyal et alrsquos [12] Bounded tree DBDH Selective Bounded and or thresholdLiang et alrsquos [17] Bounded tree DBDH Selective Bounded and or thresholdWatersrsquo [13] LSSS matrix DPBDHE Selective And or thresholdLewko et alrsquos [19] LSSS matrix 3P-SDP Adaptive And or threshold

important for resource-constrained devices since calculatingpolynomial interpolations to construct the secret is com-putationally expensive Finally compared with Cheung andNewportrsquos [14] it requires less computation overheads duringthe Encryption Key Generation and Decryption phases

In 2011 Waters [13] proposed a new methodology forrealizing CP-ABE under concrete and noninteractive cryp-tographic assumptions in the standard model He expressedaccess control by a linear secret sharing scheme (LSSS)matrix 119872 over the attributes in the system (previouslyused structures can be expressed succinctly in terms of anLSSS) In this most efficient scheme the ciphertext sizeand the encryptiondecryption overheads increase linearlywith the complexity of the access formula As a result hisscheme achieves the same performance and functionality asBethencourt et alrsquos [8]

Finally Lewko et al [19] recently leveraged the encodingtechnique from Watersrsquos scheme [13] to propose an ABEscheme that achieves adaptive (nonselective) security Theirscheme is based on composite order groups which results insome loss of practical efficiency when compared withWatersrsquo

In recent years almost all the schemes available to thebest of our knowledge are constructed frombilinear pairingsJ Zhang and Z F Zhang [20] presented a CP-ABE schemewhich supports AND gates without bilinear pairings Theirscheme is built based on 119902-ary lattices and has a very strongsecurity proof based onworst-case hardnessThough it seemsto be not much efficient it gives light to the possibilityof constructing attribute-based schemes under other hardproblem assumptions (ie lattice problems) instead of thebilinear pairing-related assumptions

33 Dual-Policy ABE In 2009 Attrapadung and Imai[21] presented a new ABE scheme called the Dual-PolicyABE Basically it is a conjunctively combined schemeof Goyal et alrsquos KP-ABE scheme [7] and Watersrsquo CP-ABEscheme [13] It allows simultaneously two access controlmechanisms over encrypted data One involves policies overobjective attributes ascribed to data and the other involvespolicies over subjective attributes ascribed to user credentialsThese two access control mechanisms can only allow eitherfunctionality above one at a time What is more the securityproof is based ondecisional bilinearDiffie-Hellman exponent(DBDHE) assumption

34 Comparison From what has been mentioned above itis obvious that the basic ABE scheme and KP-ABE and CP-ABE schemes are different in complexity hypothesis strategicflexibility and applications A conclusion can be made asfollows

The basic ABE scheme which only supports ldquothresholdrdquopolicy is suitable for simply policy-required applications Atthe same time KP-ABE and CP-ABE schemes which supportcomplex strategies are appropriate for the applications offine-grained data sharing In addition in KP-ABE schemesthe access policy is built into the userrsquos secret key so thedata owner cannot choose the person who can decrypt thedata Compared with KP-ABE schemes CP-ABE schemes aremore suitable for the realistic scenes Generally speakingKP-ABE schemes apply to query applications such as payTV system audit log targeted broadcast and databaseaccess On the contrary CP-ABE schemes are used for accesscontrol applications such as social networking site accessand electronic medical system

The security model of the basic ABE scheme has beenshown in Section 2 Both the basic ABE scheme and KP-ABEschemes [7 9] use the DBDH assumption And the situationin CP-ABE schemes is more complex It is known that themore complex a strategy is the more complex a CP-ABEscheme will be and themore difficult it is to prove its securityTo achieve the CPA security under the standard complexityassumption the main research on the CP-ABE is focusedon designing the access structure According to differentaccess structures the research can be divided into three kindsAND gate Tree and LSSS matrix Now a comparison ofAccess structure Complexity assumption Security model andSupported policy in different CP-ABE schemes is made inTable 1

The comparisons of the size of keys and ciphertext andthe encryptiondecryption computation overhead in differentCP-ABE schemes are given in Tables 2 and 3 respectivelyWe can draw a conclusion from these tables Emura et alrsquos[16] scheme is the shortest in ciphertext and SK Bethencourtet alrsquos [8] in PK and Watersrsquo [13] in MK What is more inBethencourt et alrsquos [8] PK and MK have nothing to do withsystem attributes As for computation overhead Emura et alrsquos[16] processes the lowest encryptiondecryption overheadand Ibraimi et alrsquos [18] scheme has a lower one than Watersrsquo[13]


Table 2 Comparison of size of keys and ciphertext in different CP-ABE schemes

Scheme PK MK SK CiphertextCheung and Newport [14] (3119899 + 1)1198711198661

+ 1198711198662(3119899 + 1)119871119885119902 (2119899 + 1)1198711198661

(119899 + 1)1198711198661+ 1198711198662

Nishide et alrsquos [15] (21198731015840+ 1)1198711198661

+ 1198711198662(21198731015840+ 1)119871119885119902 (3119899 + 1)1198711198661

(21198731015840+ 1)1198711198661

+ 1198711198662

Emura et alrsquos [16] (1198731015840+ 2)1198711198661

+ 1198711198662(1198731015840+ 1)119871119885119902 21198711198661

21198711198661+ 1198711198662

Bethencourt et alrsquos [8] 31198711198661+ 1198711198662

119871119885119902 + 1198711198661(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662

Ibraimi et alrsquos [18] (119899 + 1)1198711198661+ 1198711198662

(119899 + 1)119871119885119902 (1003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

(1003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662

Watersrsquo [13] (119899 + 2)1198711198661+ 1198711198662

1198711198661(1003816100381610038161003816119860119880

1003816100381610038161003816+ 2)1198711198661

(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662

Lewko et alrsquos [19] (119899 + 2)1198711198661+ 1198711198662

119871119885119902 + 1198711198661(1003816100381610038161003816119860119880

1003816100381610038161003816+ 2)1198711198661

(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662

Table 3 Comparison of computational overhead in different CP-ABE schemes

Scheme Encryption DecryptionCheung andNewport [14] (119899 + 1)1198661 + 21198662 (119899 + 1)119862119890 + (119899 + 1)1198662

Nishide et alrsquos[15] (2119873

1015840+ 1)1198661 + 21198662 (3119899 + 1)119862119890 + (3119899 + 1)1198662

Emura et alrsquos[16] (119899 + 1)1198661 + 21198662 2119862119890 + 21198662

Bethencourt etalrsquos [8] (2

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 2

1003816100381610038161003816119860119880

1003816100381610038161003816119862119890 + (2 |119878| + 2)1198662

Ibraimi et alrsquos[18] (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 (

100381610038161003816100381612059610158401003816100381610038161003816+ 1)119862119890 + (

100381610038161003816100381612059610158401003816100381610038161003816+ 1)1198662

Watersrsquo [13] (41003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 2

1003816100381610038161003816119860119880

1003816100381610038161003816119862119890 + 3

1003816100381610038161003816119860119880

10038161003816100381610038161198662

Lewko et alrsquos[19] (4

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 2

1003816100381610038161003816119860119880

1003816100381610038161003816119862119890 + 3

1003816100381610038161003816119860119880

10038161003816100381610038161198662

119860119888 attributes of ciphertext 119862 119860119906 attribute of user 119906|lowast| Number of element inlowast119862119890 119890 operation where 119890 denotes bilinear paring119866119894 Group or operation in group 119894 = 1 or 2 119892 is a random generator of 119866119878 Least interior nodes satisfying an access structure (include root node)119871lowast Bit length of element in lowast n number of attributes in systems1198731015840= sum119899

119894=1 119899119894 Total number of possible value of attributes where 119899119894 is thenumber of possible values for attribute 119894

4 Multiauthority ABE

Sahai and Waters [5] introduced a single-authority ABEscheme however they left the following open question isit possible to construct an ABE scheme in which multipleauthorities operate simultaneously each distributing secretsubkeys for a different set of attributes during the KeyGeneration phase Subsequently this question was answeredby Chase [31] who proposed the first multiauthority ABEscheme

In a single-authority ABE scheme the authority candecrypt all ciphertexts which is not proper from the pointof security Therefore multiauthority ABE schemes [31ndash37]were proposedThese schemes can be divided into two typesOne needs a central authority (CA for short) which is usedto guarantee the proper decryption and can also decrypt allciphertexts such as schemes [31 33 36] while the other doesnot need a CA such as schemes [32 34 35 37] In thissectionwe survey these existingmultiauthorityABE schemesin detail

41 Multiauthority ABE with a CA Chasersquos [31] proposedthe first multiauthority ABE scheme where there are onecentral authority and 119873 attribute authorities The CA issuesidentity-related keys to users and the attribute authoritiesmanage attributes and issue attribute-related keys A userrsquoskeys from different attribute authorities are linked togetherby the userrsquos global identifier (GID) In Chasersquos schemean sender specifies for each attribute authority 119895

1le119895le119873

a set of attributes and a trapdoor value 119889119895 He can thenencrypt a message such that a user can only decrypt if hehas at least 119889119895 of the given attributes from each attributeauthority 119895 Although this scheme increases the computationand communication cost and needs to maintain such a fullytrusted authority Chase made an important step from thesingle-authority ABE to the multiauthority ABE

To solve the problem that the CA must be fully trustedin Chasersquos [31] scheme Bozovic et al [33] constructed athreshold multiauthority ABE scheme which offers the samesecurity guarantees provided by Chase In addition it cantolerate an ldquohonest-but-curiousrdquo CA which has a definitionthat it honestly follows the protocol while it is curious todecrypt arbitrary ciphertexts thus violating the intent of theencrypting party

Recently based on Lewko et alrsquos CP-ABE scheme [19]Liu et al [36] proposed an adaptive secure multiauthor-ity CP-ABE scheme which has multiple central authoritiesand attribute authorities in the standard model The cen-tral authorities issue identity-related keys to users and theattribute authorities issue attribute-related keys to users Priorto obtaining attribute keys from the attribute authoritiesthe user must obtain his secret keys from multiple centralauthorities In terms of efficiency this scheme is the samewithLewko et alrsquos [19]

42 Multiauthority ABE without a CA The utilization ofa CA brings new security vulnerability and increases thecomputation and communication cost So in 2010 Lin et al[32] adopted the distributed key generation (DKG) protocol[60] and the joint zero secret sharing (JZSS) [61] protocol toconstruct the secure threshold multiauthority fuzzy identity-based encryption (threshold MA-FIBE) scheme without acentral authority for the first time To initialize the idea themultiple authoritiesmust cooperatively execute theDKGpro-tocol and the JZSS protocol twice and 119896 times respectivelywhere 119896 is the degree of the polynomial selected by each


Table 4 Comparison of central authority security model and type and length of ciphertext

Scheme Central authority Security model Prevent decryption byindividual authorities KPCP-ABE Length of ciphertext

Chasersquos [31] Y Selective-set N KP-ABE (1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662

Liu et alrsquos [36] Multiple Full-security Y CP-ABE (21003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662

Lin et alrsquos [32] N Selective-set Y FIBE 1003816100381610038161003816119860119862

10038161003816100381610038161198711198661

+ 1198711198662

Chase and Chow [34] N Selective-set Y KP-ABE (1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662

Lekwo and Waters [35] N Full-security Partially CP-ABE 21003816100381610038161003816119860119862

10038161003816100381610038161198711198661

+ (1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198711198662

Han et alrsquos [37] N Selective-set Y KP-ABE (1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)1198711198661

+ 1198711198662

Table 5 Comparison of computing cost

Schemes Authority setup KeyGen Encryption DecryptionChasersquos [31] (|119880| + 1)119864 (

1003816100381610038161003816119860119880

1003816100381610038161003816+ 1)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119875

Liu et alrsquos [36] (|119880| + 119873)119864 (4119889 +1003816100381610038161003816119860119880

1003816100381610038161003816)119864 +

1003816100381610038161003816119868119880

1003816100381610038161003816119864 (3

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119864 + 2

1003816100381610038161003816119860119862

1003816100381610038161003816119875

Chase and Chow [34] (|119880| + 2119873)119864 (|119880| +1003816100381610038161003816119868119880

1003816100381610038161003816

2)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119875

Lekwo and Waters [35] 2119873119864 21003816100381610038161003816119860119880

1003816100381610038161003816119864 (5

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119864 3

1003816100381610038161003816119860119862

1003816100381610038161003816(119864 + 119875)

Han et alrsquos [37] (|119880| + 2119873)119864 (1003816100381610038161003816119860119880

1003816100381610038161003816+ 3

1003816100381610038161003816119868119880

1003816100381610038161003816)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 3)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+1003816100381610038161003816119868119862

1003816100381610038161003816+ 1)119875

authority Each authoritymustmaintain 119896+2 secret keysThisscheme is 119896-resilient namely the scheme is secure if and onlyif the number of the colluding users is no more than 119896 and 119896must be fixed in the setup algorithm

Chase and Chow [34] proposed a multiauthority KP-ABE scheme which removes the central authority by usinga distributed PRF (pseudorandom functions) techniqueNotably they also addressed the privacy of the user Inprevious multiauthority ABE schemes [31 32] the user mustsubmit his GID to each authority to obtain the correspondingsecret keyThis will increase the risk of user traced by a groupof corrupted authorities In order to avoid this risk Chaseand Chow [34] provided an anonymous key issuing protocolfor the GID where a 2-party secure computation techniqueis employed This scheme is (119873 minus 2)-tolerant namely thescheme is secure if and only if the number of the corruptedauthorities is no more than119873 minus 2 where119873 is the number ofthe authorities Chase and Chow also left an open problemon how to construct a privacy preserving multiauthorityABE scheme without the need of cooperation among theauthorities

Han et al [37] answered the question left by Chaseand Chow [34] affirmatively by proposing a decentralizedKP-ABE scheme with the privacy-preserving key extractionprotocol In their schememultiple authorities canwork inde-pendently without any cooperation and a central authorityThe GID is used to tie all the userrsquos secret keys together whilethe corrupted authorities cannot pool the userrsquos attributes bytracing itThe scheme is any number tolerant for the users and(119873 minus 1)-tolerant for the authorities where 119873 is the numberof the authorities

In 2011 Lekwo and Waters [35] proposed a new mul-tiauthority scheme Although their scheme may becomeinefficient for large attribute universe [13] it is the firstadaptively secure multiauthority CP-ABE scheme proved inthe random oraclemodelThis scheme improves the previousmultiauthority ABE schemes because it does not require

collaboration amongmultiple authorities in the setup and keygeneration phases and there is no central authority Note thatthe authority in this scheme can join or leave the system freelywithout reinitializing the system Besides the low efficiencythis scheme has another drawback that the attributes of theuser can be collected by tracing his GID

43 Comparison Thecomparison between the differentmul-tiauthority schemes is shown in Tables 4 and 5 By |119880| |119860119880|and |119860119862| we denote the number of the universal attributesthe attributes held by user 119880 and the attributes required bythe ciphertext respectively 119868119880 and 119868119862 denote the index setof the authorities By 119864 and 119875 we denote one exponentialand one paring operation respectively By 119871119866

1

and 1198711198662

wedenote one element in group1198661 and one element in group1198662respectively 119873 denotes the number of the authorities in thesystems By119889 we denote the number of the central authoritiesin [36]

5 Revocation Mechanism of ABE

Revocation mechanism is necessary for any multiuserencryption systems to deal with malicious behaviors Therevocation mechanism of ABE schemes is more complicatedthan that of traditional public key cryptosystem or IBEschemes [40 62ndash65] For example in CP-ABE schemes dif-ferent users may hold the same secret key in function relatedto the same attribute set leading to additional difficulties inthe design of a revocation mechanism

In this section we focus on ABE schemes that supportrevocation In attribute-based setting revocationmechanismcan usually be divided into two kinds user revocation andattribute revocation Currently there are mainly two ways torealize revocation [48] one is the indirect revocationmethod[8 39ndash44] and the other is the direct revocation method [945ndash47]


51 Indirect Revocation Method The indirect revocationmethod enforces revocation by the authority who releasesa key update material periodically in such a way that onlynonrevoked users can update their keys (hence revokedusersrsquo keys are implicitly rendered useless) The indirectmethod has an advantage that senders do not need to knowthe revocation list However it also has a disadvantage thatthe key update phase can be a bottleneck since it requirescommunication from the authority to all nonrevoked usersat all time slots Recently several attribute revocable ABEschemes have been proposed based on the indirect revocationmethod [8 39ndash44]

There are several schemes [8 39 40] which realizeattribute revocation by setting expiration time on eachattribute However these approaches have two main prob-lems One is the security degradation in terms of the back-ward and forward security [43] The other is the scalabilityproblem The authority periodically announces a key updatematerial at each time slot so that all of the nonrevoked userscan update their keys which leads to a bottleneck for theauthority

To reduce the burden of authority and achieve immediateattribute revocation two CP-ABE schemes with immediateattribute revocation with the help of semihonest serviceprovider were proposed by Ibraimi et al [41] and Yu et al[42] respectively However they also have failed to achievefine-grained user access control in the data outsourcingenvironment

For this reason Hur and Noh [43] proposed a CP-ABEscheme with fine-grained attribute revocation with the helpof the honest-but-curious proxy deployed in the data serviceprovider It is an efficient revocation method by employ-ing the binary tree representing revocation introduced byBoldyreva et al [40] and reencrypting the ciphertext How-ever their scheme cannot resist the collusion attack

Aiming at reducing the computation overhead of dataservice manager Xie et al [44] proposed new CP-ABEconstruction with efficient user and attribute revocationCompared with Hur and Nohrsquos [43] in the key update phasethe computation overhead of the data servicemanager will bereduced by half

52 Direct RevocationMethod Thedirect revocationmethodenforces revocation directly by the sender who specifies therevocation list while encrypting the ciphertext An advantageof the direct method over the indirect one is that it doesnot involve the key update phase for all nonrevoked usersinteracting with the authority Although it has the aboveadvantage in contrast its disadvantage is that it requiresthe sender to possess the current revocation list whosemanagement could be also a troublesome task Recentlyseveral attribute revocable ABE schemes [9 45ndash47] that usedthe direct mode have been proposed

For KP-ABE a direct revocation method is howevernot possible yet for the normal present form of the KP-ABEalgorithm since a normal KP-ABE scheme allows the senderonly to specify attribute set associated to the ciphertext Adirectly revocable KP-ABE scheme was first mentioned byStaddon et al [66] but their scheme only works when the

number of attributes associated with a ciphertext is exactlyhalf of the size of the universe of real attributes

And for CP-ABE such direct revocation can be doneby using Ostrovsky et alrsquos [9] scheme that supports negativeclauses To do so one just adds conjunctively the AND ofnegation of revoked user identities (where each is consideredas an attribute here) However this solution is still somewhatlow in efficiency Because in this scheme the ciphertextoverhead scales with 119874(|119877|) and the secret key overheadscales with119874(log 119899) where 119899 is the maximum size of revokedattributes set 119877

Attrapadung and Imai [45] suggested a user-revocableABE scheme by combining broadcast encryption schemeswith ABE schemes However the data owner should takefull charge of maintaining all the membership lists for eachattribute group to enable the direct user revocation Thisscheme is not applicable to the data outsourcing architecturebecause the data owner will no longer be directly in control ofdata distribution after outsourcing their data to the externaldata server

Liang et al [46] proposed a CP-ABE schemewith efficientrevocation Their construction uses linear secret sharing andbinary tree techniques and can be proved secure in thestandard model In addition to the attribute set each useris also assigned a unique identifier Therefore a user can beeasily revoked by using hisher unique identifier

All the above schemes [9 45 46] support user revocationbut they have no effect on attribute revocation RecentlyWu and Zhang [47] first formalized the notion of adaptivelysecure ABE scheme supporting attribute revocation underdirect revocation mode

53 Hybrid Revocation Method Combining the best advan-tages of both indirect and direct methods Attrapadung andImai [48] put forward the first hybrid revocable ABE scheme(HR-ABE) that allows a sender Alice to be able to selectwhether to use either direct or indirect revocation modewhen encrypting a message An HR-ABE scheme works asfollows When Alice selects the direct mode she will specifythe revocation list 119877 directly into the encryption algorithmAnd when selecting the indirect mode she is required onlyto specify the present time slot 119905 A user Bob has one secretkey Let119860 be the access policy associated toBobrsquos secret key Inaddition his secret key will be associated with a unique serialnumber ID If ciphertext was from the direct mode one candecrypt it solely by his key If ciphertext was from indirectmode he must obtain an update key from the authority attime 119905 Let 120596 be the attribute set associated with ciphertextIn this case he can decrypt the ciphertext if 120596 satisfies119860 andID notin 119877 Notice that in the latter case the authority specifies 119877when creating the update key and hence enforces revocationindirectly This method supports user revocation but it isunable to achieve attribute revocation And the utilization oftwo subsystems increases the userrsquos secret key in length

So far we showed and discussed revocable ABE schemeswhich are realized in two different ways Both of themhave advantages and disadvantages For future work theefficiency of the proposed schemes should be improved inshortening the secret key in length reducing the update


Table 6 Comparison of CP-A2BE CP-A3BE and AFKP-ABE

Scheme Trace property Trace effect Sender hides Assumption Supported policyCP-A2BE [49] White box Authority user Null DBDH CDH AndCP-A3BE [50] Black box User Policy DBDH D-linear AndAFKP-ABE [52] Black box User Part attributes DBDH D-linear And or threshold

information published in quantity and improving encryptionand decryption algorithm in efficiency

6 Accountable ABE

The ABE mechanism is a highly promising tool for securefine-grained access control For the purpose of secure accesscontrol there is however still a critical functionality missingin the existing ABE schemes to prevent from key abuseIn particular two problems of key abuse are extremelyimportant in an ABE-based access control system (i) ille-gal key sharing among colluding users and (ii) misbehav-ior of the semitrusted attribute authority including illegalkey (re-)distribution

To make the problems more concrete in this section wefocus on the prevention of key abuse in ABE At presentaccountable ABE schemes can be divided into two kindsaccountable CP-ABE schemes [49ndash51] and accountable KP-ABE schemes [52 53]

61 Accountable CP-ABE Thenotion of accountable CP-ABE(CP-A2BE in short) was first proposed by Li et al [49] toaddress the key abuse problem existing in access controlbased on ABE In the CP-A2BE scheme user accountability isachieved by embedding additional user-specific informationin the secret key It can prevent sharing keys among usersbased on the following observation The userrsquos secret keyconsists of the attribute secret key and the userrsquos identityTherefore if the user shares his secret key the identity willbe detected from the pirated device The CP-A2BE schemeassumes that the key in a pirated device has a format spec-ification so it can only do white box tracking In additionit can only support operation between attributes and has alimited ability to express strategies What is more the publickey certificate center is responsible for issuing certificates forall users which has a serious impact on performance

Li et al [50] prevented illegal key sharing among usersby proposing the notion of accountable and anonymous CP-ABE (CP-A3BE) firstly This idea is achieved by binding useridentity in the attribute secret key In the proposed CP-A3BEscheme user accountability can be achieved in black-boxmodel by embedding additional user-specific informationinto the attribute secret key issued to that user while stillmaintaining hidden access policy But the disadvantage is thatit increases the length of the decryption key and ciphertext

Li et al [51] proposed an accountable multiauthorityCP-ABE scheme which allows tracing the identity of amisbehaving user who leaks the decryption key to others andreduces the trust assumptions on not only the authoritiesbut also the users The tracing process is efficient because it

has a lower computational cost compared with the existingaccountable ABE schemes

62 Accountable KP-ABE The KP-ABE scheme is a promis-ing cryptographic primitive which enables fine-grainedaccess control over sensitive data However key abuse attacksin KP-ABE schemes may impede its wide applications espe-cially in copyright-sensitive systems To defend against thisattack Yu et al [52] proposed an abuse free KP-ABE (AFKP-ABE) scheme by introducing hidden attributes such that thetracing algorithm can use them to identify any single piracyor partial colluding users Their design enables black boxtracing and does not require the well-formed secret key ofthe pirated device when compared with previous works Itis also efficient since the size of both the secret key and theciphertext is119874(log 119873) where119873 is the total number of usersThis scheme is proved secure under the DBDH assumptionand the D-linear assumption

As a future work one may focus on designing a tracingsystem to protect against arbitrary colluders Recently Wanget al [53] first presented an accountable authority KP-ABEscheme which is proved secure under the modified BilinearDecisional Diffie-Hellman (mBDDH) assumption in thestandard model

63 Comparison A comparison of the CP-A2BE [49] CP-A3BE [50] and AFKP-ABE [52] schemes is given in Table 6from which we can draw conclusions below First all ofthese three schemes can achieve user accountability Sec-ond although the CP-A2BE scheme achieves the authorityaccountability it lacks feasibility by assuming a format speci-fication of secret keys And third both the CP-A3BE and theAFKP-ABE protect the senderrsquos privacy but the later can onlypartly hide attributes

7 Attribute-Based Proxy Reencryption

To make data sharing more efficient proxy reencryption(PRE) is proposed Introduced by Mambo and Okamoto[67] and first defined by Blaze et al [68] PRE extendsthe traditional public key encryption (PKE) to support thedelegation of decryption rights It allows a semitrusted partycalled proxy to transforma ciphertext encrypted underAlicersquospublic key into another ciphertext of the same plaintextintended for Bob The proxy however learns neither thedecryption key nor the underlying plaintext PRE is a usefulcryptographic primitive and has many applications such assecure distributed files systems [69] and email forwarding[68] Considering an email forwarding scenario Alice isgoing on vacation and wishes the others to be able to read


themessage in the encrypted email aiming to herWith a PREscheme she could fulfill this task without giving her secretkey to either the mail server or Bob

To date PRE has been extended to adapt differentcryptographic settings In 2007 Green and Ateniese [70]extended the PRE technique in the identity-based cryp-tosystem and gave its applications Meanwhile another newnotion was proposed in 2005 which is called the attribute-based cryptosystem [5] However the ABE scheme does notoffer the capability of decryption to others when the useris offline For this reason the attribute-based PRE (ABPRE)scheme is proposed which combines the traditional proxyreencryption with the ABE so a user is able to empowerdesignated users to decrypt the reencrypted ciphertext withthe associated attributes of designated users

Guo et al [54] proposed the first attribute-based proxyreencryption scheme but their scheme is based on key-policyand bidirectional In 2009 Liang et al [55] proposed the firstciphertext-policy attribute-based PRE (CP-ABPRE) schemein which a proxy is allowed to transform a ciphertext undera specified access policy (which is only represented as ANDgates on positive and negative attributes) into the one underanother access policy

The previous ABPRE scheme demands a number ofpairing operations that imply huge computational overheadBased on Emura et alrsquos [16] CP-ABE scheme which has aconstant ciphertext length Luo et al [56] presented anotherABPRE scheme with constant number of bilinear pairingoperations The computation cost and ciphertext length arereduced significantly compared to previous schemes

In 2012 Seo and Kim [57] proposed a CP-ABPREscheme which supports AND gates on multivalued andnegative attributes Compared with Liang et alrsquos [55] schemeLuo et alrsquos have a new property named reencryption controlwhichmeans the encryptor can decidewhether the ciphertextcan be reencrypted

A CP-ABPRE scheme has many practical applicationssuch as fine-grained access control in cloud storage sys-tems and medical records sharing among different hospitalsThe aforementioned CP-ABPRE schemes however are onlysecure against CPA and support AND gates over attributesThe construction of a CCA secure CP-ABPRE scheme sup-porting anymonotonic access policy remains unsolved Lianget al [58] for the first time proposed a new single-hopunidirectional CP-ABPRE scheme which supports attribute-based reencryption with any monotonic access structureto tackle this problem Despite being constructed in therandom oracle model it can be proved CCA secure under thedecisional 119902-parallel BDHE assumption

In 2013 Li presented a new ciphertext policy ABPREscheme [59] The ciphertext policy realized in his scheme ismatrix access policy based on LSSS matrix access structurewhich is also used in Watersrsquo CP-ABE scheme [13]

In future we hopemore and richer access policies such ashidden policies tree policies or access structures can be usedin attribute-based PRE schemes In addition for the needs ofpractical applications the efficiency of the schemes should beimproved

8 Future Work

The previous sections discuss the research process of ABEwhich has received considerable achievements Howeverthere still exist many problems worth further studyingAccording to application requirements and the shortcomingof the existing algorithms some possible future works remainopen and they are shown as follows

(1) Optimizing the construction method of CP-ABEschemes it is known that the more complex an accessstructure is the more complex a CP-ABE scheme willbe and the more difficult it is to prove its securityMany existing construction methods add additionalredundancy or restrictions (eg an attribute cannotrepeatedly appear in the access structure) so it isnecessary to optimize them One solution is that wecan try to design a new access structure which can beexpressed in terms of monotone boolean formula andrealized by an LSSS matrix whose size is as small aspossible

(2) Improving the efficiency of attribute-based encryp-tion schemes almost all of the existing ABE schemestake bilinear pairings as a convenient constructionway But bilinear pairing has a higher computationalcomplexity which makes algorithms inefficient tosome extent Reducing the number of bilinear pairingoperations will be a meaningful work We can con-struct schemes where ciphertexts can be decryptedwith a constant number of pairings by mathematicsmethod Or even we can also try not to use bilinearpairings in the design of the ABE algorithm (see nextitem)

(3) Trying to build anABE scheme by other technologiesidentity-based encryption schemes can be built withthe help of three theories including bilinear pairingsquadratic residue and lattice ABE is widely consid-ered to be a generalization and an expansion of IBEbut it is only built by the bilinear pairings whichhave limitations in terms of efficiency So the researchwhich uses lattice [20] or quadratic residue theory tobuild an ABE scheme is obviously a very meaningfulwork

(4) Accountable ABE accountability can be a very goodsolution to prevent key abuse and key cloning How-ever the existing accountable ABE schemes are onlyproved to be secure in the selective model For fur-ther study under three assumptions of the subgroupdecision problem for 3 primes (3P-SDP) [19] it isnecessary to design a high-efficiency accountableABE schemewhich can be proved to be full (adaptive)secure by using the dual system encryption method

(5) Focusing on the applicable and practicable researchof ABE ABE was initially put forward to achieve dataconfidentially and fine-gained access control Thenit has been considered as the suitable cryptographictechnology for the cloud environment So on the basis


of solving efficiency drawbacks combined with tech-nologies including PRE anonymous authenticationaccess control and keyword search it is meaningfulto propose more practical ABE schemes in cloudenvironment ABE has received considerable achieve-ments at the theoretical level but unfortunately it hasnot been widely used in practical applications So wecan expect that attribute-based cryptosystem and itsapplications will continue to be a research hot spot inthe next few years

The above is some possible future works of ABE andcertainly there may be other problems which have beenpointed out

9 Conclusion

In recent years attribute-based encryption is a relativelyattractive research topic and has many attracting propertiesIt provides a fine-grained and noninteractive access controlmechanism of encrypted data and has great potential appli-cations in many fields In this paper firstly we expoundthe emergence and development of ABE schemes Then wepay attention to main research directions of ABE includingmultiauthority useattribute revocation accountability andproxy reencryption Finally we point out some possiblefuture works of attribute-based encryption

Conflict of Interests

The authors declare that there is no conflict of interestsregarding the publication of this paper

Acknowledgment

This work is supported by the National Natural ScienceFoundation of China under Grant nos 61103178 61103199and 60803151 and the Basic Science Research Fund in XidianUniversity

References

[1] R L Rivest A Shamir and L Adleman ldquoA method forobtaining digital signatures and public-key cryptosystemsrdquoCommunications of the Association for Computing Machineryvol 21 no 2 pp 120ndash126 1978

[2] L Pang H Li and Y Wang ldquoNMIBAS a novel multi-receiverID-based anonymous signcryption with decryption fairnessrdquoComputing and Informatics vol 32 no 3 pp 441ndash460 2013

[3] L PangH Li andQ Pei ldquoImprovedmulticast keymanagementof Chinese wireless local area network security standardrdquo IETCommunications vol 6 no 9 pp 1126ndash1130 2012

[4] A Shamir ldquoIdentity-based cryptosystems and signature schemesrdquoin Advances in Cryptology Proceedings of (CRYPTO rsquo84) vol196 of Lecture Notes in Computer Science pp 47ndash53 SpringerBerlin Germany 1985

[5] A Sahai and B Waters ldquoFuzzy identity-based encryptionrdquoin Advances in CryptologymdashEUROCRYPT 2005 vol 3494 ofLecture Notes in Computer Science pp 457ndash473 SpringerBerlin Germany 2005

[6] D Nali C Adams and A Miri ldquoUsing threshold attribute-based encryption for practical biometric-based access controlrdquoInternational Journal of Network Security vol 1 no 3 pp 173ndash182 2005

[7] V Goyal O Pandey A Sahai and B Waters ldquoAttribute-based encryption for fine-grained access control of encrypteddatardquo in Proceedings of the 13th ACM Conference on Computerand Communications Security (CCS rsquo06) pp 89ndash98 November2006

[8] J Bethencourt A Sahai and B Waters ldquoCiphertext-policyattribute-based encryptionrdquo in Proceedings of the IEEE Sympo-sium on Security and Privacy (SP rsquo07) pp 321ndash334 May 2007

[9] R Ostrovsky A Sahai and B Waters ldquoAttribute-based encryp-tion with non-monotonic access structuresrdquo in Proceedings ofthe 14th ACM Conference on Computer and CommunicationsSecurity (CCS rsquo07) pp 195ndash203 November 2007

[10] A Lewko A Sanais and B Waters ldquoRevocation systems withvery small private keysrdquo in Proceedings of the IEEE Symposiumon Security and Privacy (SP 10) pp 273ndash285 Oakland CalifUSA May 2010

[11] N Attrapadung B Libert and E de Panafieu ldquoExpressive key-policy attribute-based encryption with constant-size cipher-textsrdquo in Public Key CryptographymdashPKC 2011 vol 6571 pp 90ndash108 Springer 2011

[12] V Goyal A Jain O Pandey and A Sahai ldquoBounded ciphertextpolicy attribute based encryptionrdquo inAutomata Languages andProgramming Part II vol 5126 of Lecture Notes in ComputerScience pp 579ndash591 Springer Berlin Germany 2008

[13] B Waters ldquoCiphertext-policy attribute-based encryption anexpressive efficient and provably secure realizationrdquo in PublicKey Cryptography (PKC rsquo11) pp 53ndash70 Springer Berlin Ger-many 2011

[14] L Cheung and C Newport ldquoProvably secure ciphertext policyABErdquo in Proceedings of the 14th ACM Conference on Computerand Communications Security (CCS rsquo07) pp 456ndash465 Novem-ber 2007

[15] T Nishide K Yoneyama andKOhta ldquoAttribute-based encryp-tion with partially hidden encryptor-specified access struc-turesrdquo in Applied Cryptography and Network Security (ACNS2008) pp 111ndash129 Springer Berlin Germany 2008

[16] K Emura A Miyaji K Omote A Nomura and M SoshildquoA ciphertext-policy attribute-based encryption scheme withconstant ciphertext lengthrdquo International Journal of AppliedCryptography vol 2 no 1 pp 46ndash59 2010

[17] X Liang Z Cao H Lin and D Xing ldquoProvably secure andefficient bounded ciphertext policy attribute based encryptionrdquoin Proceedings of the 4th International Symposium on ACMSymposium on Information Computer and CommunicationsSecurity (ASIACCS rsquo09) pp 343ndash352 March 2009

[18] L Ibraimi Q Tang P Hartel and W Jonker ldquoEfficient andprovable secure ciphertext-policy attribute-based encryptionschemesrdquo in Information Security Practice and Experience (ISPE2009) pp 1ndash12 Springer Berlin Germany 2009

[19] A Lewko T Okamoto A Sahai and B Waters ldquoFully securefunctional encryption attribute-based encryption and (hierar-chical) inner product encryptionrdquo in Advances in CryptologyEUROCRYPT 2010 vol 6110 of Lecture Notes in ComputerScience pp 62ndash91 Springer Berlin Germany 2010

[20] J Zhang and Z F Zhang ldquoA ciphertext policy attribute-based encryption scheme without pairingsrdquo in InformationSecurity and Cryptology (ISC rsquo12) pp 324ndash340 Springer BerlinGermany 2012


[21] N Attrapadung and H Imai ldquoDual-policy attribute basedencryptionrdquo in Applied Cryptography and Network Security pp168ndash185 Springer Berlin Germany 2009

[22] S Muller S Katzenbeisser and C Eckert ldquoDistributedattribute-based encryptionrdquo in Information Security andCryptologymdashICISC 2008 vol 5461 of Lecture Notes in ComputerScience pp 20ndash36 Springer Berlin Germany 2009

[23] S Muller S Katzenbeisser and C Eckert ldquoOn multi-authorityciphertext-policy attribute-based encryptionrdquo Bulletin of theKorean Mathematical Society vol 46 no 4 pp 803ndash819 2009

[24] S Yu CWang K Ren andW Lou ldquoAchieving secure scalableand fine-grained data access control in cloud computingrdquo inProceedings of the IEEE INFOCOM pp 1ndash9 March 2010

[25] Q Tang and D Ji ldquoVerifiable attribute based encryptionrdquoInternational Journal of Network Security vol 10 no 2 pp 114ndash120 2010

[26] G Wang Q Liu and J Wu ldquoHierarchical attribute-basedencryption for fine-grained access control in cloud storageservicesrdquo in Proceeings of the 17th ACMConference on Computerand Communications Security (CCS rsquo10) pp 735ndash737 October2010

[27] G Wang Q Liu J Wu and M Guo ldquoHierarchical attribute-based encryption and scalable user revocation for sharing datain cloud serversrdquoComputers and Security vol 30 no 5 pp 320ndash331 2011

[28] J E Liu Z G Wan and M Gu ldquoHierarchical attribute-setbased encryption for scalable flexible and fine-grained accesscontrol in cloud computingrdquo in Information Security Practiceand Experience pp 98ndash107 Springer Berlin Germany 2011

[29] A Lewko and B Waters ldquoUnbounded HIBE and attribute-based encryptionrdquo in Advances in Cryptology (EUROCRYPTrsquo11) pp 547ndash567 Springer Berlin Germany 2011

[30] M Asim T Ignatenko M Petkovic D Trivellato and NZannone ldquoEnforcing access control in virtual organizationsusing hierarchical attribute-based encryptionrdquo in Proceedingsof the 7th International Conference on Availability Reliabilityand Security (ARES rsquo12) pp 212ndash217 Prague Czech RepublicAugust 2012

[31] M Chase ldquoMulti-authority attribute based encryptionrdquo inTheory of Cryptography vol 4392 of Lecture Notes in ComputerScience pp 515ndash534 Springer Berlin Germany 2007

[32] H Lin Z Cao X Liang and J Shao ldquoSecure thresholdmulti authority attribute based encryption without a centralauthorityrdquo Information Sciences vol 180 no 13 pp 2618ndash26322010

[33] V Bozovic D Socek R Steinwandt and V I Villanyi ldquoMulti-authority attribute-based encryption with honest-but-curiouscentral authorityrdquo International Journal of ComputerMathemat-ics vol 89 no 3 pp 268ndash283 2012

[34] M Chase and S S M Chow ldquoImproving privacy and securityin multi-authority attribute-based encryptionrdquo in Proceedingsof the 16th ACM Conference on Computer and CommunicationsSecurity (CCS 09) pp 121ndash130 Chicago Ill USA November2009

[35] A Lewko and B Waters ldquoDecentralizing attribute-basedencryptionrdquo in Advances in CryptologymdashEUROCRYPT 2011vol 6632 of Lecture Notes in Computer Science pp 568ndash588Springer Heidelberg Germany 2011

[36] Z Liu Z Cao Q Huang D S Wong and T H Yuen ldquoFullysecure multi-authority ciphertext-policy attribute-based en-cryption without random oraclesrdquo in Proceedings of the Euro-pean Symposium on Research in Computer Security (ESORICSrsquo11) pp 278ndash297 Springer 2011

[37] J Han W Susilo Y Mu and J Yan ldquoPrivacy-preserving decen-tralized key-policy attribute-based encryptionrdquo IEEE Transac-tions onParallel andDistributed Systems vol 23 no 11 pp 2150ndash2162 2012

[38] C Lee P Chung and M Hwang ldquoA survey on attribute-basedencryption schemes of access control in cloud environmentsrdquoInternational Journal of Network Security vol 15 no 4 pp 231ndash240 2013

[39] M Pirretti P Traynor P McDaniel and B Waters ldquoSecureattribute-based systemsrdquo Journal of Computer Security vol 18no 5 pp 799ndash837 2010

[40] A Boldyreva V Goyal and V Kumart ldquoIdentity-based encryp-tion withefficient revocationrdquo in Proceedings of the 15th ACMconference on Computer and Communications Security (CCSrsquo08) pp 417ndash426 October 2008

[41] L Ibraimi M Petkovic S Nikova P Hartel and W JonkerldquoMediated ciphertext-policy attribute-based encryption and itsapplicationrdquo in Information Security Applications pp 309ndash323Springer Berlin Germany 2009

[42] S Yu C Wang K Ren and W Lou ldquoAttribute based datasharingwith attribute revocationrdquo inProceedings of the 5thACMSymposium on Information Computer and CommunicationSecurity (ASIACCS rsquo10) pp 261ndash270 April 2010

[43] J Hur and D K Noh ldquoAttribute-based access control withefficient revocation in data outsourcing systemsrdquo IEEE Trans-actions on Parallel and Distributed Systems vol 22 no 7 pp1214ndash1221 2011

[44] X Xie H Ma J Li and X F Chen ldquoNew ciphertext-policyattribute-based access control with efficient revocationrdquo inInformation and Communication Technology vol 7804 of Lec-ture Notes in Computer Science pp 373ndash382 Springer BerlinGermany 2013

[45] N Attrapadung and H Imai ldquoConjunctive broadcast andattribute-based encryptionrdquo in Pairing-Based Cryptography(Pairing rsquo09) pp 248ndash265 Springer Berlin Germany 2009

[46] X Liang R Lu X Lin and X Shen ldquoCiphertext policyattribute based encryptionwith efficient revocationrdquo Tech RepUniversity of Waterloo 2010

[47] Q X Wu and M Zhang ldquoAdaptively secure attribute-basedencryption supporting attribute revocationrdquo China Communi-cations vol 9 no 9 pp 22ndash40 2012

[48] N Attrapadung and H Imai ldquoAttribute-based encryption sup-porting directindirect revocationmodesrdquo inCryptography andCoding vol 5921 of Lecture Notes in Computer Science pp 278ndash300 Springer Berlin Germany 2009

[49] J Li K Ren and K Kim ldquoA2BE accountable attribute-basedencryption for abuse free access controlrdquo IACR CryptologyePrint Archive 2009118 2009

[50] J Li K Ren B Zhu and Z G Wan ldquoPrivacy-aware attribute-based encryption with user accountabilityrdquo in InformationSecurity vol 5735 of Lecture Notes in Computer Science pp 347ndash362 Springer Berlin Germany 2009

[51] J Li Q Huang X Chen S S M Chow D S Wong and D XieldquoMulti-authority ciphertext-policy attribute-based encryptionwith accountabilityrdquo in Proceedings of the 6th InternationalSymposium on Information Computer and CommunicationsSecurity (ASIACCS rsquo11) pp 386ndash390 March 2011


[52] S C Yu K Ren W J Lou and J Li ldquoDefending against keyabuse attacks inKP-ABE enabled broadcast systemsrdquo in Securityand Privacy in Communication Networks pp 311ndash329 SpringerBerlin Germany 2009

[53] Y Wang K Chen Y Long and Z Liu ldquoAccountable authoritykey policy attribute-based encryptionrdquo Science China Informa-tion Sciences vol 55 no 7 pp 1631ndash1638 2012

[54] S Guo Y Zeng J Wei and Q Xu ldquoAttribute-based re-encryption scheme in the standard modelrdquo Wuhan UniversityJournal of Natural Sciences vol 13 no 5 pp 621ndash625 2008

[55] X Liang Z Cao H Lin and J Shao ldquoAttribute based proxyre-encryption with delegating capabilitiesrdquo in Proceedings of the4th International Symposium on ACM Symposium on Informa-tion Computer and Communications Security (ASIACCS rsquo09)pp 276ndash286 March 2009

[56] S Luo J B Hu and Z Chen ldquoCiphertext policy attribute-based proxy re-encryptionrdquo in Information and Communica-tions Security pp 401ndash415 2010

[57] J H Seo andHKim ldquoAttribute-based proxy re-encryptionwitha constant number of pairing operationsrdquo Journal of Informationand Communication Convergence Engineering vol 10 no 1 pp53ndash60 2012

[58] K T Liang L M Fang et al ldquoA ciphertext-policy attribute-based proxy re-encryption with chosen-ciphertext securityrdquoIACR Cryptology ePrint Archive 2013236 2013

[59] K Y Li ldquoMatrix access structure policy used in attribute-basedproxy re-encryptionrdquo httparxivorgabs13026428

[60] R Gennaro S Jarecki H Krawczyk and T Rabin ldquoSecure dis-tributed key generation for discrete-log based cryptosystemsrdquoin Advances in CryptologymdashEUROCRYPT rsquo99 vol 1592 pp295ndash310 Springer Berlin Germany 1999

[61] R Gennaro S Jarecki H Krawczyk and T Rabin ldquoRobustthreshold DSS signaturesrdquo in Advances in CryptologymdashEUROCRYPT rsquo96 pp 354ndash371 Springer Berlin Germany1996

[62] SMicali ldquoEfficient certificate revocationrdquo Tech RepMITLCSTM-542b 1996

[63] W Aiello S Lodha and R Ostrovsky ldquoFast digital identityrevocation (extended abstract)rdquo in Proceedings of the 18thAnnual International Cryptology Conference (CRYPTO rsquo98) pp137ndash152 Springer 1998

[64] D Naor M Naor and J Lotspiech ldquoRevocation and tracingschemes for stateless receiversrdquo in Advances in CryptologymdashCRYPTO 2001 vol 2139 of Lecture Notes in Computer Sciencepp 41ndash62 Springer Berlin Germany 2001

[65] B Libert and D Vergnaud ldquoAdaptive-ID secure revocableidentity-based encryptionrdquo in Topics in CryptologymdashCT-RSA2009 vol 5473 of Lecture Notes in Computer Science pp 1ndash15Springer Berlin Germany 2009

[66] J Staddon P Golle M Gagne and P Rasmussen ldquoA content-driven access control systemrdquo in Proceedings of the 7th Sympo-sium on Identity and Trust on the Internet (IDtrust rsquo08) pp 26ndash35 March 2008

[67] M Mambo and E Okamoto ldquoProxy cryptosystems delegationof the power to decrypt ciphertextsrdquo IEICE Transactions onFundamentals of Electronics Communications and ComputerSciences vol 80 no 1 pp 54ndash62 1997

[68] M Blaze G Bleumer andM Strauss ldquoDivertible protocols andatomic proxy cryptographyrdquo in Proceedings of the InternationalConference on the Theory and Application of CryptographicTechniques (EUROCRYPT rsquo98) pp 127ndash144 Espoo Finland1998

[69] G Ateniese K Fu M Green and S Hohenberger ldquoImprovedproxy re-encryption schemes with applications to secure dis-tributed storagerdquoACMTransactions on Information and SystemSecurity vol 9 no 1 pp 1ndash30 2006

[70] M Green and G Ateniese ldquoIdentity-based proxy re-encryptionrdquo in Applied Cryptography and Network Security pp288ndash306 Springer Berlin Germany 2007

Submit your manuscripts athttpwwwhindawicom

Computer Games Technology

International Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Distributed Sensor Networks


Advances in

FuzzySystems

Hindawi Publishing Corporationhttpwwwhindawicom

Volume 2014


ReconfigurableComputing

Hindawi Publishing Corporation httpwwwhindawicom Volume 2014


Applied Computational Intelligence and Soft Computing

thinspAdvancesthinspinthinsp

Artificial Intelligence

HindawithinspPublishingthinspCorporationhttpwwwhindawicom Volumethinsp2014

Advances inSoftware EngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Electrical and Computer Engineering

Journal of

Journal of

Computer Networks and Communications


Hindawi Publishing Corporation

httpwwwhindawicom Volume 2014

Advances in

Multimedia


Biomedical Imaging


ArtificialNeural Systems

Advances in


RoboticsJournal of



Computational Intelligence and Neuroscience

Industrial EngineeringJournal of


Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Human-ComputerInteraction

Advances in

Computer EngineeringAdvances in



it introduces new disadvantage that the threshold semanticsare limited in designing more general systems which needexpressive access control

In ABE scheme attribute plays a very important roleAttributes have been exploited to generate a public key forencryption data and have been used as an access policy tocontrol usersrsquo access Based on the access policy subsequentresearches can be roughly categorized [7] as either key-policyor ciphertext-policyThe first KP-ABE scheme that allows anymonotone access structures was proposed by Goyal et al [7]and the first CP-ABE scheme was presented by Bethencourtet al [8] After that several KP-ABE [9ndash11] and CP-ABEschemes [12ndash20] were proposed Goyal et al [12] presenteda bounded CP-ABE scheme in the standard model but thefirst fully expressive CP-ABE scheme in the standard modelwas proposed byWaters [13] Subsequently Attrapadung andImai [21] proposed a Dual-Policy ABE scheme which allowskey-policy and ciphertext-policy to act on encrypted datasimultaneously

Moreover Muller et al [22 23] proposed a distributedABE scheme with a constant number of bilinear pairingoperations during decryption Yu et al [24] proposed a fine-grained data access control encryption scheme Tang andJi [25] proposed a verifiable ABE scheme and Wang et al[26 27] proposed a hierarchical ABE (HABE) scheme in2010 and 2011 respectively In these schemes Wang et alused the disjunctive normal form policy to generate the keyshierarchically assuming that all attributes in one conjunctiveclause are administered by the same domain authority Morestudies on HABE are in literatures [28ndash30]

In each ABE scheme mentioned above the user must goto a trusted party to prove his identity before obtaining asecret key which allows him to decrypt messages Chase [31]gave an efficient multiauthority ABE scheme in which theuserrsquos secret key is no longer authorized by a single centerauthority but authorized separately by different cooperativeand independent authorities In addition to this there are alsosome multiauthority ABE schemes [31ndash37]

According to the existing schemes a summary [38] ofthe criterial functionalities in an ideal ABE scheme is listedas follows (1) Data confidentiality unauthorized participantscannot know the information about the encrypted data(2) Fine-grained access control in order to achieve flexibleaccess control even for users in the same group theiraccess rights are not the same (3) Scalability the numberof authorized users cannot affect the performance of thescheme That is to say the scheme can deal with the case thatthe number of the authorized users increases dynamically(4) Userattribute revocation if a user quits the systemthe scheme can revoke his access right Similarly attributerevocation is inevitable (5) Accountability in all previousschemes the dishonest users can just directly give away partof their original or transformed keys such that nobody cantell who has distributed these keysThe above problem whichis called key abuse should be prevented by accountability(6) Collusion resistance the dishonest users cannot combinetheir attributes to decrypt the encrypted data

In order to realize an ideal ABE scheme some researcheswhich are aimed at addressing the issue of userattribute

Concept proposed2005minus2006

Development2007ndash2013

Future work2014

Dual-policy ABE 2009

Userattribute revocation2007ndash2013

Accountability 2009ndash2012

PRE 2008ndash2013

ABE schemes2006ndash2012

FIBE 2005

KP-ABE CP-ABE 2006

KP-ABE 2006ndash2011

Multiauthority ABE2007ndash2012

CP-ABE 2007ndash2012

Figure 1 Development of ABE

revocation [8 9 39ndash48] and accountability [49ndash53] in ABEschemes have been published on journals or academic confer-ences What is more with its own advantages the attribute-based cryptosystem has the ability and possibility to beapplied to other areas Particularly lots of studies which focuson the applications of ABE in proxy reencryption [54ndash59]have been proposed

In conclusion the existing research results about ABEcan be generally divided into the design of ABE schemes themultiauthority ABE schemes and the userattribute revoca-tion accountability and applications of ABE schemes whichcan be shown in Figure 1 According to this classification therest of this paper can be organized as follows We introducethe basic ABE scheme in Section 2 The KP-ABE CP-ABEand Dual-policy ABE are examined in Section 3 Thenmultiauthority ABE is surveyed in Section 4 Userattributerevocation and accountability in ABE are shown in Sections5 and 6 respectively One application of ABE the attribute-based proxy reencryption is surveyed in Section 7 What ismore in Section 8 we point out the problems worth furtherstudying Finally we make some conclusions in Section 9

2 Formal Model of the Basic ABE

In 2005 Sahai andWaters [5] proposed the FIBE which viewsidentities as a set of descriptive attributes With its basic anddescriptive algorithms to say the least this scheme is usuallyregarded as the basic ABE scheme In this section firstlywe deal with the complexity assumptions used in the basicABE schemeThen we give the formal algorithm and securitymodel of it





119886 119861 = 119892119887 119862 = 119892

119888 119885 = 119890(119892 119892)119886119887119888) from the tuple

(119860 = 119892119886 119861 = 119892

119887 119862 = 119892119888 119885 = 119890(119892 119892)



119886 119861 = 119892119887 119862 = 119892

119888 119885 = 119890(119892 119892)119886119887119888) from

(119860 = 119892119886 119861 = 119892

119887 119862 = 119892119888 119885 = 119890(119892 119892)







CT


1015840| ge 119889













as

Adv119860 =1003816100381610038161003816100381610038161003816

pr [1198871015840 = 119887] minus

1

2

1003816100381610038161003816100381610038161003816

(1)



3 ABE Schemes












1015840le 119889


















+ 1198711198662(3119899 + 1)119871119885119902 (2119899 + 1)1198711198661

(119899 + 1)1198711198661+ 1198711198662


+ 1198711198662(21198731015840+ 1)119871119885119902 (3119899 + 1)1198711198661

(21198731015840+ 1)1198711198661

+ 1198711198662


+ 1198711198662(1198731015840+ 1)119871119885119902 21198711198661

21198711198661+ 1198711198662


119871119885119902 + 1198711198661(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


(119899 + 1)119871119885119902 (1003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

(1003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662

Watersrsquo [13] (119899 + 2)1198711198661+ 1198711198662

1198711198661(1003816100381610038161003816119860119880

1003816100381610038161003816+ 2)1198711198661

(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


119871119885119902 + 1198711198661(1003816100381610038161003816119860119880

1003816100381610038161003816+ 2)1198711198661

(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662




1015840+ 1)1198661 + 21198662 (3119899 + 1)119862119890 + (3119899 + 1)1198662



1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 2

1003816100381610038161003816119860119880

1003816100381610038161003816119862119890 + (2 |119878| + 2)1198662


1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 (

100381610038161003816100381612059610158401003816100381610038161003816+ 1)119862119890 + (

100381610038161003816100381612059610158401003816100381610038161003816+ 1)1198662

Watersrsquo [13] (41003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 2

1003816100381610038161003816119860119880

1003816100381610038161003816119862119890 + 3

1003816100381610038161003816119860119880

10038161003816100381610038161198662


1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 2

1003816100381610038161003816119860119880

1003816100381610038161003816119862119890 + 3

1003816100381610038161003816119860119880

10038161003816100381610038161198662







1le119895le119873









1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


10038161003816100381610038161198711198661

+ 1198711198662


1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


10038161003816100381610038161198711198661

+ (1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198711198662


1003816100381610038161003816+ 2)1198711198661

+ 1198711198662



1003816100381610038161003816119860119880

1003816100381610038161003816+ 1)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119875

Liu et alrsquos [36] (|119880| + 119873)119864 (4119889 +1003816100381610038161003816119860119880

1003816100381610038161003816)119864 +

1003816100381610038161003816119868119880

1003816100381610038161003816119864 (3

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119864 + 2

1003816100381610038161003816119860119862

1003816100381610038161003816119875

Chase and Chow [34] (|119880| + 2119873)119864 (|119880| +1003816100381610038161003816119868119880

1003816100381610038161003816

2)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119875

Lekwo and Waters [35] 2119873119864 21003816100381610038161003816119860119880

1003816100381610038161003816119864 (5

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119864 3

1003816100381610038161003816119860119862

1003816100381610038161003816(119864 + 119875)

Han et alrsquos [37] (|119880| + 2119873)119864 (1003816100381610038161003816119860119880

1003816100381610038161003816+ 3

1003816100381610038161003816119868119880

1003816100381610038161003816)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 3)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+1003816100381610038161003816119868119862

1003816100381610038161003816+ 1)119875







1

and 1198711198662
























6 Accountable ABE





















8 Future Work










9 Conclusion




Acknowledgment


References
















































































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in







119886 119861 = 119892119887 119862 = 119892

119888 119885 = 119890(119892 119892)119886119887119888) from the tuple

(119860 = 119892119886 119861 = 119892

119887 119862 = 119892119888 119885 = 119890(119892 119892)



119886 119861 = 119892119887 119862 = 119892

119888 119885 = 119890(119892 119892)119886119887119888) from

(119860 = 119892119886 119861 = 119892

119887 119862 = 119892119888 119885 = 119890(119892 119892)







CT


1015840| ge 119889













as

Adv119860 =1003816100381610038161003816100381610038161003816

pr [1198871015840 = 119887] minus

1

2

1003816100381610038161003816100381610038161003816

(1)



3 ABE Schemes












1015840le 119889


















+ 1198711198662(3119899 + 1)119871119885119902 (2119899 + 1)1198711198661

(119899 + 1)1198711198661+ 1198711198662


+ 1198711198662(21198731015840+ 1)119871119885119902 (3119899 + 1)1198711198661

(21198731015840+ 1)1198711198661

+ 1198711198662


+ 1198711198662(1198731015840+ 1)119871119885119902 21198711198661

21198711198661+ 1198711198662


119871119885119902 + 1198711198661(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


(119899 + 1)119871119885119902 (1003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

(1003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662

Watersrsquo [13] (119899 + 2)1198711198661+ 1198711198662

1198711198661(1003816100381610038161003816119860119880

1003816100381610038161003816+ 2)1198711198661

(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


119871119885119902 + 1198711198661(1003816100381610038161003816119860119880

1003816100381610038161003816+ 2)1198711198661

(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662




1015840+ 1)1198661 + 21198662 (3119899 + 1)119862119890 + (3119899 + 1)1198662



1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 2

1003816100381610038161003816119860119880

1003816100381610038161003816119862119890 + (2 |119878| + 2)1198662


1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 (

100381610038161003816100381612059610158401003816100381610038161003816+ 1)119862119890 + (

100381610038161003816100381612059610158401003816100381610038161003816+ 1)1198662

Watersrsquo [13] (41003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 2

1003816100381610038161003816119860119880

1003816100381610038161003816119862119890 + 3

1003816100381610038161003816119860119880

10038161003816100381610038161198662


1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 2

1003816100381610038161003816119860119880

1003816100381610038161003816119862119890 + 3

1003816100381610038161003816119860119880

10038161003816100381610038161198662







1le119895le119873









1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


10038161003816100381610038161198711198661

+ 1198711198662


1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


10038161003816100381610038161198711198661

+ (1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198711198662


1003816100381610038161003816+ 2)1198711198661

+ 1198711198662



1003816100381610038161003816119860119880

1003816100381610038161003816+ 1)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119875

Liu et alrsquos [36] (|119880| + 119873)119864 (4119889 +1003816100381610038161003816119860119880

1003816100381610038161003816)119864 +

1003816100381610038161003816119868119880

1003816100381610038161003816119864 (3

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119864 + 2

1003816100381610038161003816119860119862

1003816100381610038161003816119875

Chase and Chow [34] (|119880| + 2119873)119864 (|119880| +1003816100381610038161003816119868119880

1003816100381610038161003816

2)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119875

Lekwo and Waters [35] 2119873119864 21003816100381610038161003816119860119880

1003816100381610038161003816119864 (5

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119864 3

1003816100381610038161003816119860119862

1003816100381610038161003816(119864 + 119875)

Han et alrsquos [37] (|119880| + 2119873)119864 (1003816100381610038161003816119860119880

1003816100381610038161003816+ 3

1003816100381610038161003816119868119880

1003816100381610038161003816)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 3)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+1003816100381610038161003816119868119862

1003816100381610038161003816+ 1)119875







1

and 1198711198662
























6 Accountable ABE





















8 Future Work










9 Conclusion




Acknowledgment


References
















































































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in













1015840le 119889


















+ 1198711198662(3119899 + 1)119871119885119902 (2119899 + 1)1198711198661

(119899 + 1)1198711198661+ 1198711198662


+ 1198711198662(21198731015840+ 1)119871119885119902 (3119899 + 1)1198711198661

(21198731015840+ 1)1198711198661

+ 1198711198662


+ 1198711198662(1198731015840+ 1)119871119885119902 21198711198661

21198711198661+ 1198711198662


119871119885119902 + 1198711198661(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


(119899 + 1)119871119885119902 (1003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

(1003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662

Watersrsquo [13] (119899 + 2)1198711198661+ 1198711198662

1198711198661(1003816100381610038161003816119860119880

1003816100381610038161003816+ 2)1198711198661

(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


119871119885119902 + 1198711198661(1003816100381610038161003816119860119880

1003816100381610038161003816+ 2)1198711198661

(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662




1015840+ 1)1198661 + 21198662 (3119899 + 1)119862119890 + (3119899 + 1)1198662



1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 2

1003816100381610038161003816119860119880

1003816100381610038161003816119862119890 + (2 |119878| + 2)1198662


1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 (

100381610038161003816100381612059610158401003816100381610038161003816+ 1)119862119890 + (

100381610038161003816100381612059610158401003816100381610038161003816+ 1)1198662

Watersrsquo [13] (41003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 2

1003816100381610038161003816119860119880

1003816100381610038161003816119862119890 + 3

1003816100381610038161003816119860119880

10038161003816100381610038161198662


1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 2

1003816100381610038161003816119860119880

1003816100381610038161003816119862119890 + 3

1003816100381610038161003816119860119880

10038161003816100381610038161198662







1le119895le119873









1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


10038161003816100381610038161198711198661

+ 1198711198662


1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


10038161003816100381610038161198711198661

+ (1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198711198662


1003816100381610038161003816+ 2)1198711198661

+ 1198711198662



1003816100381610038161003816119860119880

1003816100381610038161003816+ 1)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119875

Liu et alrsquos [36] (|119880| + 119873)119864 (4119889 +1003816100381610038161003816119860119880

1003816100381610038161003816)119864 +

1003816100381610038161003816119868119880

1003816100381610038161003816119864 (3

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119864 + 2

1003816100381610038161003816119860119862

1003816100381610038161003816119875

Chase and Chow [34] (|119880| + 2119873)119864 (|119880| +1003816100381610038161003816119868119880

1003816100381610038161003816

2)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119875

Lekwo and Waters [35] 2119873119864 21003816100381610038161003816119860119880

1003816100381610038161003816119864 (5

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119864 3

1003816100381610038161003816119860119862

1003816100381610038161003816(119864 + 119875)

Han et alrsquos [37] (|119880| + 2119873)119864 (1003816100381610038161003816119860119880

1003816100381610038161003816+ 3

1003816100381610038161003816119868119880

1003816100381610038161003816)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 3)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+1003816100381610038161003816119868119862

1003816100381610038161003816+ 1)119875







1

and 1198711198662
























6 Accountable ABE





















8 Future Work










9 Conclusion




Acknowledgment


References
















































































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in


















+ 1198711198662(3119899 + 1)119871119885119902 (2119899 + 1)1198711198661

(119899 + 1)1198711198661+ 1198711198662


+ 1198711198662(21198731015840+ 1)119871119885119902 (3119899 + 1)1198711198661

(21198731015840+ 1)1198711198661

+ 1198711198662


+ 1198711198662(1198731015840+ 1)119871119885119902 21198711198661

21198711198661+ 1198711198662


119871119885119902 + 1198711198661(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


(119899 + 1)119871119885119902 (1003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

(1003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662

Watersrsquo [13] (119899 + 2)1198711198661+ 1198711198662

1198711198661(1003816100381610038161003816119860119880

1003816100381610038161003816+ 2)1198711198661

(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


119871119885119902 + 1198711198661(1003816100381610038161003816119860119880

1003816100381610038161003816+ 2)1198711198661

(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662




1015840+ 1)1198661 + 21198662 (3119899 + 1)119862119890 + (3119899 + 1)1198662



1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 2

1003816100381610038161003816119860119880

1003816100381610038161003816119862119890 + (2 |119878| + 2)1198662


1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 (

100381610038161003816100381612059610158401003816100381610038161003816+ 1)119862119890 + (

100381610038161003816100381612059610158401003816100381610038161003816+ 1)1198662

Watersrsquo [13] (41003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 2

1003816100381610038161003816119860119880

1003816100381610038161003816119862119890 + 3

1003816100381610038161003816119860119880

10038161003816100381610038161198662


1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 2

1003816100381610038161003816119860119880

1003816100381610038161003816119862119890 + 3

1003816100381610038161003816119860119880

10038161003816100381610038161198662







1le119895le119873









1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


10038161003816100381610038161198711198661

+ 1198711198662


1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


10038161003816100381610038161198711198661

+ (1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198711198662


1003816100381610038161003816+ 2)1198711198661

+ 1198711198662



1003816100381610038161003816119860119880

1003816100381610038161003816+ 1)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119875

Liu et alrsquos [36] (|119880| + 119873)119864 (4119889 +1003816100381610038161003816119860119880

1003816100381610038161003816)119864 +

1003816100381610038161003816119868119880

1003816100381610038161003816119864 (3

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119864 + 2

1003816100381610038161003816119860119862

1003816100381610038161003816119875

Chase and Chow [34] (|119880| + 2119873)119864 (|119880| +1003816100381610038161003816119868119880

1003816100381610038161003816

2)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119875

Lekwo and Waters [35] 2119873119864 21003816100381610038161003816119860119880

1003816100381610038161003816119864 (5

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119864 3

1003816100381610038161003816119860119862

1003816100381610038161003816(119864 + 119875)

Han et alrsquos [37] (|119880| + 2119873)119864 (1003816100381610038161003816119860119880

1003816100381610038161003816+ 3

1003816100381610038161003816119868119880

1003816100381610038161003816)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 3)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+1003816100381610038161003816119868119862

1003816100381610038161003816+ 1)119875







1

and 1198711198662
























6 Accountable ABE





















8 Future Work










9 Conclusion




Acknowledgment


References
















































































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in






+ 1198711198662(3119899 + 1)119871119885119902 (2119899 + 1)1198711198661

(119899 + 1)1198711198661+ 1198711198662


+ 1198711198662(21198731015840+ 1)119871119885119902 (3119899 + 1)1198711198661

(21198731015840+ 1)1198711198661

+ 1198711198662


+ 1198711198662(1198731015840+ 1)119871119885119902 21198711198661

21198711198661+ 1198711198662


119871119885119902 + 1198711198661(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


(119899 + 1)119871119885119902 (1003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

(1003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662

Watersrsquo [13] (119899 + 2)1198711198661+ 1198711198662

1198711198661(1003816100381610038161003816119860119880

1003816100381610038161003816+ 2)1198711198661

(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


119871119885119902 + 1198711198661(1003816100381610038161003816119860119880

1003816100381610038161003816+ 2)1198711198661

(21003816100381610038161003816119860119880

1003816100381610038161003816+ 1)1198711198661

+ 1198711198662




1015840+ 1)1198661 + 21198662 (3119899 + 1)119862119890 + (3119899 + 1)1198662



1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 2

1003816100381610038161003816119860119880

1003816100381610038161003816119862119890 + (2 |119878| + 2)1198662


1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 (

100381610038161003816100381612059610158401003816100381610038161003816+ 1)119862119890 + (

100381610038161003816100381612059610158401003816100381610038161003816+ 1)1198662

Watersrsquo [13] (41003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 2

1003816100381610038161003816119860119880

1003816100381610038161003816119862119890 + 3

1003816100381610038161003816119860119880

10038161003816100381610038161198662


1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198661 + 21198662 2

1003816100381610038161003816119860119880

1003816100381610038161003816119862119890 + 3

1003816100381610038161003816119860119880

10038161003816100381610038161198662







1le119895le119873









1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


10038161003816100381610038161198711198661

+ 1198711198662


1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


10038161003816100381610038161198711198661

+ (1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198711198662


1003816100381610038161003816+ 2)1198711198661

+ 1198711198662



1003816100381610038161003816119860119880

1003816100381610038161003816+ 1)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119875

Liu et alrsquos [36] (|119880| + 119873)119864 (4119889 +1003816100381610038161003816119860119880

1003816100381610038161003816)119864 +

1003816100381610038161003816119868119880

1003816100381610038161003816119864 (3

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119864 + 2

1003816100381610038161003816119860119862

1003816100381610038161003816119875

Chase and Chow [34] (|119880| + 2119873)119864 (|119880| +1003816100381610038161003816119868119880

1003816100381610038161003816

2)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119875

Lekwo and Waters [35] 2119873119864 21003816100381610038161003816119860119880

1003816100381610038161003816119864 (5

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119864 3

1003816100381610038161003816119860119862

1003816100381610038161003816(119864 + 119875)

Han et alrsquos [37] (|119880| + 2119873)119864 (1003816100381610038161003816119860119880

1003816100381610038161003816+ 3

1003816100381610038161003816119868119880

1003816100381610038161003816)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 3)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+1003816100381610038161003816119868119862

1003816100381610038161003816+ 1)119875







1

and 1198711198662
























6 Accountable ABE





















8 Future Work










9 Conclusion




Acknowledgment


References
















































































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in







1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


10038161003816100381610038161198711198661

+ 1198711198662


1003816100381610038161003816+ 1)1198711198661

+ 1198711198662


10038161003816100381610038161198711198661

+ (1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)1198711198662


1003816100381610038161003816+ 2)1198711198661

+ 1198711198662



1003816100381610038161003816119860119880

1003816100381610038161003816+ 1)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119875

Liu et alrsquos [36] (|119880| + 119873)119864 (4119889 +1003816100381610038161003816119860119880

1003816100381610038161003816)119864 +

1003816100381610038161003816119868119880

1003816100381610038161003816119864 (3

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119864 + 2

1003816100381610038161003816119860119862

1003816100381610038161003816119875

Chase and Chow [34] (|119880| + 2119873)119864 (|119880| +1003816100381610038161003816119868119880

1003816100381610038161003816

2)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 2)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119875

Lekwo and Waters [35] 2119873119864 21003816100381610038161003816119860119880

1003816100381610038161003816119864 (5

1003816100381610038161003816119860119862

1003816100381610038161003816+ 1)119864 3

1003816100381610038161003816119860119862

1003816100381610038161003816(119864 + 119875)

Han et alrsquos [37] (|119880| + 2119873)119864 (1003816100381610038161003816119860119880

1003816100381610038161003816+ 3

1003816100381610038161003816119868119880

1003816100381610038161003816)119864 (

1003816100381610038161003816119860119862

1003816100381610038161003816+ 3)119864

1003816100381610038161003816119860119862

1003816100381610038161003816119864 + (

1003816100381610038161003816119860119862

1003816100381610038161003816+1003816100381610038161003816119868119862

1003816100381610038161003816+ 1)119875







1

and 1198711198662
























6 Accountable ABE





















8 Future Work










9 Conclusion




Acknowledgment


References
















































































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in






















6 Accountable ABE





















8 Future Work










9 Conclusion




Acknowledgment


References
















































































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in







6 Accountable ABE





















8 Future Work










9 Conclusion




Acknowledgment


References
















































































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in












8 Future Work










9 Conclusion




Acknowledgment


References
















































































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in






9 Conclusion




Acknowledgment


References
















































































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in






























































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in






























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in










Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in



Documents

Review Article A Survey of Research Progress and ...downloads.hindawi.com/journals/tswj/2014/193426.pdf · 2014 Dual-policy ABE 2009 User/attribute revocation 2007 2013 Accountability