Related Research On Attribute Based Cryptosystem

With more and more sensitive data stored by third-party sites and shared among userson the Internet, it is necessary to store data in encrypted form. In the above setting, usingthe traditional public key cryptosystems is inefficient. Therefore, the concept of attributebased encryption is introduced to deal with the above issue. It makes use of access policiesto control the ability of decryption of users in the system, and becomes one of the mostefficient approaches. Attribute based encryption can be viewed as a generalization of identitybased encryption. Substantially, the attribute based encryption system integrates the notionof access structure into the identity based encryption system. In recent years, broad scaleresearch on attribute based encryption has been done. However, there are many problemsstill not addressed, such as key clone, key misuse, key escrow and so on. In this paper, wetry to tackle the above problems existed in some attribute based encryption schemes, andachieve the following results:1. In general, access rights are linked to users'private keys in an attribute based encryp-tion system. This leads to a problem that the system's access control policy will bebroken if a user (or set of colluding users) creates a well formed key (or decryptiondevice) and distributes it for malicious use. However, the most of attribute based en-cryption schemes did not address the above issue. In these schemes, users can easilymake use of their private keys or just a subset of their private keys to create a wellformed key and distribute it, which can decrypt a subset of the ciphertexts. Collusionis also easy for two or more users to construct such a key. At present, the schemeexisted in literature needs an online server to handle the above issue, and this schemeis impractical. Thus, considering the above argument, we introduce the traitor trac-ing mechanism of broadcast encryption into attribute based encryption, and design aconcrete attribute based traitor tracing scheme within formal definition and securitymodels. Additionally, our scheme does not need such an online server. 2. Attribute based encryption inherits the key escrow problem from identity based en-cryption. That is, all users'private keys are issued by an authority which must beunconditionally trusted. In such a system, the authority can decrypt all ciphertextsencrypted for any user. Furthermore, the authority can easily distribute users'privatekeys for malicious use. Thus, the key escrow problem stunts some applications of at-tribute based encryption. At present, the scheme existed in literature needs a high levelpublic key cryptosystem to deal with the above issue. To mitigate the above problemin attribute based encryption, we introduce the notion of accountable authority intoattribute based encryption, and present several concrete schemes for accountable au-thority attribute based encryption. Furthermore, our schemes do not need such a highlevel public key cryptosystem.3. Lattice-based cryptography has many appealing properties, for example, it can be im-plemented efficiently and it is believed to be secure against quantum computer. As faras we know, all attribute based encryption schemes are based on the bilinear pairingtechnology up to now. Inspired by the progress of lattice identity based encryption,we design two lattice ciphertext policy attribute based encryption schemes with secu-rity proofs in the standard model. However,the ciphertext policy that we achievedis a special AND-gates access structure, that its expression in access control has somelimitation, on multi-valued attributes.4. A two party attribute based key agreement protocol has a new property, that is, achiev-ing mutually fuzzy authentication between the two participants. However, notice thatany of traditional key agreement protocols does not possess this characteristic. Thus,we discuss some potential applications of such a protocol and design two attributebased key agreement protocols. One is key policy attribute based key agreement pro-tocol, and the other is message policy attribute based key agreement protocol. Atpresent, there exist several attribute based key agreement protocols, which are shownto be secure in the random oracle model. However, we give the security proofs in thestandard model for the above two protocols.