Attribute-based Encryption
(20110705) Threshold ABE
(20110719) KP-ABE
(20110719) CP-ABE
(20111003) v21
Attribute-Based Encryption
[SW05] Threshold ABE
[GPSW06] Key-policy ABE
[BSW07] Cipher-policy ABE
2
[SW05] THRESHOLD ABE
3
Threshold ABE
aka Fuzzy IBE
Using biometrics in IBE
Identity as a set of “attributes”
First propose the term of Attribute Based Encryption
4
Threshold ABE
5
Setup
Bilinear map: e e: G1× G1 -> G2 G1 has prime order p g is a generator of G1
6
Setup
7
Setup
8
Encryption
9
Extract
10
Decryption
11
Decryption
12
[GPSW06] KEY-POLICY ABE
13
Key-policy ABE
Ciphertexts are labeled with a set of attributes
private keys are associated with access
structures that control which ciphertext a user is able to decrypt.
14
Example
C1(3,5,6,7) ╳ K1( 1 and 2) ○ K2( 3 or 5 ) ○ K3( (1 and 2) or (3 and 7) ) ○ K4 ( 3 out of (1,2,3,4,5,6,7) ) ╳ K5 ( 2 out of (1,2,5) )
15
Access Tree
(“child” and “<120cm”) or (2 of (“student”, ”<20”, ”disabled”,))
OR
AND 2 of 3
“student” “disabled”
“<20”
“<120cm”
“child”
16
Access Tree
parent(x): parent of a node x
att(x): if x is a leaf node then return the attribute associated with x
17
Access Tree
18
Access Tree
index(x): return node’s index
1
8
32
5 67
4
19
Setup
Bilinear map: e e: G1× G1 -> G2 G1 has prime order p g is a generator of G1
20
Setup
21
Setup
22
Encryption
23
Key Generation KeyGen(T, MK)
Choose a polynomial qx for each node:q1, q2, q3, … , q8. degree(qx) = K(x) - 1 degree(q1) = 0 degree(q2) = 1 degree(q3) = 1 degree(q4) = 0 ︴ degree(q8) = 0
24
Key Generation
q1(0)=y
q2(0)=q1(2) q3(0)=q1(3)
q4(0)=q2(4) q5(0)=q2(5) q6(0)=q3(6)
q7(0)=q3(7)q8(0)=q3(8)
25
Key Generation
26
Decryption
27
28
q6(0)=q3(6)
q7(0)=q3(7)
q3(0)=q1(3)
29
[BSW07] CIPHER-POLICY ABE
30
Cipher-policy ABE
Private keys are labeled with a set S of attributes
Ciphertexts are associated with access
structures T that control which user is able to decrypt the ciphertext.
31
Example
C1( (1 and 2) or (3 of (4,5,6,7)) )
╳ K1( 1) ○ K2(1, 2) ○ K3(4,5,6) ○ K4 (1,2,4,6,7) ╳ K5 (4,5,8)
32
Setup
Bilinear map: e e: G1× G1 -> G2 G1 has prime order p g is a generator of G1
33
Setup
U = {a1=child, a2=<120cm, … ,an } U is the set of all attributes
H: U -> G1
34
Setup
35
Encryption
36
Encryption
q1(0)=s
q2(0)=q1(2) q3(0)=q1(3)
q4(0)=q2(4) q5(0)=q2(5) q6(0)=q3(6)
q7(0)=q3(7)q8(0)=q3(8)
37
Encryption
38
Key Generation
39
Decryption
40
41
42