Site Overlay


PDF | Outsourced decryption ABE system largely reduces the computation cost for users who intend to access the encrypted files stored in. Request PDF on ResearchGate | Attribute-Based Encryption With Verifiable Outsourced Decryption | Attribute-based encryption (ABE) is a public-key-based. , IRJET | Impact Factor value: | ISO Certified Journal | Page Attribute-Based Encryption with Verifiable Outsourced Decryption.

Author: Kazrakasa Jusar
Country: Samoa
Language: English (Spanish)
Genre: Business
Published (Last): 25 February 2014
Pages: 282
PDF File Size: 9.73 Mb
ePub File Size: 9.9 Mb
ISBN: 781-3-15004-914-4
Downloads: 36424
Price: Free* [*Free Regsitration Required]
Uploader: Faetaxe

To receive news and publication witth for Security and Communication Networks, enter your email address in the box below. Correspondence should be addressed to Jiguo Li ; moc. This is an open access decryptionn distributed under the Creative Commons Attribution Licensewhich permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Outsourced decryption ABE system largely reduces the computation cost for users who intend to access the encrypted files stored in cloud. However, the correctness of the transformation ciphertext cannot be guaranteed because the user does not have the original ciphertext.

In order to improve the computation performance and reduce communication overhead, we propose a new verifiable uotsourced scheme with constant ciphertext length. To be specific, our scheme achieves the following goals. Our scheme is verifiable which ensures attributw-based the user efficiently checks whether the transformation is done correctly by the CSP. The size of ciphertext and the number of expensive pairing operations are constant, which do not grow with the complexity of the access structure.

The access structure in our scheme is AND gates on multivalued attributes and we prove our scheme is verifiable and it is secure against selectively chosen-plaintext attack in the standard model. We give some performance analysis which indicates that our scheme is adaptable for various limited bandwidth and computation-constrained devices, such as mobile phone.


The identity represented by an attribute set is not unique so ABE can realize the one-to-many encryption. Traditional IBE schemes can only provide coarse-grained access control.

In order to solve this problem, Goyal et al.

One wirh the main defects of current ABE schemes is expensive decryption operation for mobile device with low computing power and limited battery. To improve efficiency, Green et al. Attribute-bqsed their scheme, a user uses proxy reencryption method [ 1314 ] to generate a transformation key and sends the transformation key and ABE ciphertext decrjption the CSP. Given the transformation key, the CSP transforms an ABE ciphertext into a simple ciphertext, from which the user recovers plaintext by using less computation overhead.

In this process, the CSP does not get any information about original plaintext. However, he attribute-bazed proves that the scheme is secure against the selective ID model. Attributs-based order to protect privacy of the user, Han et al. Furthermore, they [ 19 ] proposed a privacy-preserving personal health record using multiauthority ABE with revocation. Several traceable CP-ABE schemes [ 20 — 22 ] were constructed to trace the identity of a misbehaving user who leaks its decryption key to others and thus reduces the trust assumptions on both users and attribute authorities.

Recently, Li et al. To protect data privacy, the sensitive data should be encrypted by the data owner prior to outsourcing.

  LEY 27784 PDF

As the amount of encrypted files stored in cloud is becoming very huge, searchable encryption scheme over encrypted cloud data is a very challenging issue. To deal with above problem, Li et al. In the proposed scheme, cloud service provider CSP performs partial decryption task delegated by data user without knowing anything about the plaintext.

Moreover, the CSP can perform encrypted keyword search without knowing anything about the keywords embedded in trapdoor. In order to protect the privacy for the encryptor and decryptor, Li et al. Our Motivations and Contributions. With the cloud service being more and more popular wit modern society, ABE technology has become a promising orientation. It allows users to use flexible access control to access files stored in the cloud server with encrypted form.


Though its advantages make it a powerful tool for cloud, one of its main performance challenges is that the complexity of decryption computation is linearly correlated with the access structure. By using the proxy reencryption technology, outsourced decryption ABE system can largely reduce the computation cost for users who intend to access the encrypted files stored in cloud. Given a ciphertext and a transformation key, CSP transforms outsoyrced ciphertext into a simple ciphertext.

The user only needs to spend less computational overhead to recover the plaintext from simple ciphertext. However, the correctness of the transformation ciphertext which the CSP gives to the user cannot be guaranteed because the latter does not have the original ciphertext. It is a security threat that malicious cloud service provider CSP may replace the original ciphertext and give the user a transformed ciphertext from another ciphertext which CSP wants the user to decrypt.

Mutual verifiable provable data auditing [ 30 ] in public cloud storage is a potential method to solve remote data possession checking. The security property about ABE with outsourcing decryption ensures that the malicious cloud server cannot obtain anything with respect to the encrypted message; nonetheless, the scheme does not ensure the validity of the transformation done by the CSP.

In order to solve this problem, Lai et al. There is no doubt that verifiability brings about great progress to outsourced decruption of ABE. However, the ciphertext length and the encrypton of expensive pairing computations grow with the number of the attributes, which greatly limits its application in power constrained and bandwidth limited devices. Schemes in [ 3334 ] put forward a good solution to this problem in which the ciphertext length is constant.

In this article, we present a novel verifiable outsourced CP-ABE scheme with constant ciphertext length to save the communication cost. The security of our scheme reduces to that of scheme in [ 33 ].

Similar to the proof in [ 31 ], the verifiability of our scheme reduces to the discrete logarithm assumption. We organized the rest of the paper as follows.

We also give the security definitions used in our paper in this section. We prove security and verifiability of our scheme in Section 4. In Section 5we give some performance comparison with the existing schemes. Finally, we conclude the paper in Section 6. We introduce some basic knowledge about bilinear groups, security assumption, access structure, and CP-ABE which our scheme relies on.


Definition 1 bilinear map. Suppose is a generator in. Definition 2 discrete logarithm DL assumption [ 31 ]. Let be a prime-order bilinear group system. Givenwhere is randomly selected, encryptino DL problem for is to calculate. The advantage for is defined as. Access structure is being referred to in [ 33 ]; we utilize AND gates with respect to multivalued attributes as follows.

Assume that is an attribute universe. Letlet be an attribute set for a user, and ; let be an access structure. The notation denotes that an attribute set satisfies an access structure ; that is to say. Briefly speaking, a user interacts with the CSP as illustrated encrgption Figure 1.

Data owner encrypts message into ciphertext and uploads it to the storage in cloud. A user who is permitted to access the data downloads the ciphertext. Then the user sends the ciphertext and transformation key to the CSP for outsourcing decryption. CSP computes partially decrypted ciphertext and sends it to the user. The user computes the message from the partially decrypted ciphertext and verifies whether the message is the original one.

It is described by the seven algorithms as follows. This algorithm takes the security parameter and attribute universe as input. It outputs public parameter and master secret key. This algorithm takes, and attribute set as input. It outputs private key related to. This algorithm takesmessageand access structure as input and outputs ciphertext. This algorithm takes, and as input. It outputs if associated with satisfies. This algorithm takes and as input. It outputs transformation outsourcde associated with and a corresponding retrieving key.

It outputs a partially decrypted ciphertext.

Verifiable Outsourced Decryption of Attribute-Based Encryption with Constant Ciphertext Length

This algorithm takes,and for as input. It outputs message or. The traditional concept of security for chosen-ciphertext attack CCA is not suitable for the above CP-ABE scheme because it does not permit modifying any bit for the ciphertext. Therefore, they use a attribuye-based named replayed CCA RCCA security [ 35 ], which permits alternation for the ciphertext, so that they can change the potential message in a significant way.

According to the game in [ 31 ], it is described as follows. The challenger performs dith algorithm to get the public parameter and master secret key.

Security and Communication Networks

It sends to the adversary and keeps secret. The challenger maintains a table Tb and a set which are initialized empty. The adversary adaptively issues queries. The challenger runs and decryptipn. It then sends the private key to the adversary. If such a tuple exists, it returns as the transformation key. Otherwise, it runs and and stores the tuple in table Tb.

It then returns the transformation key to vedifiable adversary. Without loss of generality, we suppose that an adversary does not ouhsourced transformation key query for attribute setif a private key query about the same attribute set has been issued. It sends to the adversary. If such a tuple exists, it runs algorithm and returns to ; otherwise, it returns. The challenger chooses and computes.