Research On Ciphertext Policy Attribute Based Encryption

Ciphertext-policy attribute-based encryption(CP-ABE)as the extensible one-to-many en-cryption mechanisms has aroused widespread concern of researchers.The traditional CP-ABE scheme indeed has accumulated a lot of achievements in the implementation of robust plaintext security and fine-grained access control However,some issues including the secu-rity proofs,the escrow problem,multi-authority CP-ABE,the attribute revocation,the user key accountability or traceability,large universe CP-ABE and the access policy hiding,have been becoming the obstacles to its expansion in practical applications.In view of these problems,we begin with a survey of existing solutions to these security issues,and focus on the escrow problem,the user key accountability and the access policy hiding.Finally the main results are as follows:(1)In traditional CP-ABE mechanisms,one single trusted authority as the key generation center could decrypt any ciphertexts addressed to all the specific users through generating the corresponding attribute keys.It will cause a certain impact on the absolute confidentiality of outsourced data,especially when the authorization center is compromised.While the existing solutions either lack the expressive access structure or only achieve the selectively secure in the standard model.In view of this situation,one new CP-ABE scheme without the escrow problem is proposed,where the users' private keys are jointly assigned by one semi-trusted key generation center and the semi-trusted data-storing center through the two party secure computing protocol(2PC protocol).What's more,we apply one simple homomorphic encryption mechanism to construct a new algorithm for implementing the 2PC protocol,which makes the proposal not only support arbitrary monotone access structures but also achieve fully secure in the standard model.Performance analysis shows that the efficiency of our scheme has not been affected by the removal of the key escrow problem.(2)In traditional CP-ABE mechanisms,the private keys are only associated with the at-tributes nor with the user identity.Although this operation makes CP-ABE mechanism free from complex key management,it also breeds the risk that some malicious users will leak their private keys to the authorized users.For the time being,the decryption prerogative could be shared by multiple users who own the same attributes set.It will make some dam-age to the rights and interests of users and the stability of the system.At the same time,one central authority is responsible for verifying the authenticity of all the attribute set,which is a bottleneck for the actual application system.Under this circumstances,we propose a new multi-authority CP-ABE with black-box and public traceability.In the proposed scheme,the user gets the complete attribute private keys through associating the private keys ob-tained from each attribute authority.We still employ a central authority to issue the global public private and private key pairs for the users,and constructs the tracking list of the sys-tem according to the corresponding public and private key pairs.When a pirate device was found,any user can trace the original creator of the device.More importantly,the decryp-tion efficiency and tracking efficiency of our scheme have been greatly improved through introducing the outsourcing technology of attribute decryption.(3)In the traditional CP-ABE mechanisms,the access strategy as an important parameter of decryption is disclosed in the ciphertext.This means that any user can obtain the access policy,regardless of whether the user can decrypt the corresponding ciphertext properly.For some special scenarios,the access policy itself contains sensitive information.The existing solutions to hide the access policy either support the access structure with AND-gate on multi-valued attributes or achieve selectively secure in the standard model.We first construct a partially hidden CP-ABE scheme with expressive access structure through changing the mapping function in the traditional scheme.Furthermore,we also construct a fully hidden CP-ABE scheme with any access structure applying the inner product predicate encryption technology.Security and performance analysis show that both the schemes are highly efficient and achieve fully secure in the standard model.