ABSTRACT
Attribute-based encryption (ABE) is a cryptographic primitive which supports fine-grained access control on encrypted data, making it an appealing building block for many applications. In this paper, we propose, implement, and evaluate fully automated methods for proving security of ABE in the Generic Bilinear Group Model (Boneh, Boyen, and Goh, 2005, Boyen, 2008), an idealized model which admits simpler and more efficient constructions, and can also be used to find attacks. Our method is applicable to Rational-Fraction Induced ABE, a large class of ABE that contains most of the schemes from the literature, and relies on a Master Theorem, which reduces security in the GGM to a (new) notion of symbolic security, which is amenable to automated verification using constraint-based techniques. We relate our notion of symbolic security for Rational-Fraction Induced ABE to prior notions for Pair Encodings. Finally, we present several applications, including automated proofs for new schemes.
Supplemental Material
- M. Abe, G. Fuchsbauer, J. Groth, K. Haralambiev, and M. Ohkubo. Structure-preserving signatures and commitments to group elements. In T. Rabin, editor, CRYPTO 2010, volume 6223 of LNCS, pages 209--236. Springer, Heidelberg, Aug. 2010. Google ScholarCross Ref
- M. Abe, J. Groth, K. Haralambiev, and M. Ohkubo. Optimal structure-preserving signatures in asymmetric bilinear groups. In P. Rogaway, editor, CRYPTO 2011, volume 6841 of LNCS, pages 649--666. Springer, Heidelberg, Aug. 2011. Google ScholarCross Ref
- M. Abe, J. Groth, and M. Ohkubo. Separating short structure-preserving signatures from non-interactive assumptions. In D. H. Lee and X. Wang, editors, ASIACRYPT 2011, volume 7073 of LNCS, pages 628--646. Springer, Heidelberg, Dec. 2011. Google ScholarDigital Library
- M. Abe, J. Groth, M. Ohkubo, and M. Tibouchi. Unified, minimal and selectively randomizable structure-preserving signatures. In Y. Lindell, editor, TCC 2014, volume 8349 of LNCS, pages 688--712. Springer, Heidelberg, Feb. 2014. Google ScholarCross Ref
- S. Agrawal and M. Chase. A study of pair encodings: Predicate encryption in prime order groups. In E. Kushilevitz and T. Malkin, editors, TCC 2016-A, Part II, volume 9563 of LNCS, pages 259--288. Springer, Heidelberg, Jan. 2016.Google Scholar
- S. Agrawal and M. Chase. Simplifying design and analysis of complex predicate encryption schemes. In J.-S. Coron and J. B. Nielsen, editors, Advances in Cryptology -- EUROCRYPT 2017: 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, April 30 -- May 4, 2017, Proceedings, Part I, pages 627--656, Cham, 2017. Springer International Publishing. Google ScholarCross Ref
- J. A. Akinyele, C. Garman, I. Miers, M. W. Pagano, M. Rushanan, M. Green, and A. D. Rubin. Charm: a framework for rapidly prototyping cryptosystems. Journal of Cryptographic Engineering, 3(2):111--128, 2013. Google ScholarCross Ref
- J. A. Akinyele, M. Green, and S. Hohenberger. Using SMT solvers to automate design tasks for encryption and signature schemes. In A.-R. Sadeghi, V. D. Gligor, and M. Yung, editors, ACM CCS 13, pages 399--410. ACM Press, Nov. 2013. Google ScholarDigital Library
- J. A. Akinyele, M. W. Pagano, M. D. Green, C. U. Lehmann, Z. N. J. Peterson, and A. D. Rubin. Securing electronic medical records using attribute-based encryption on mobile devices. In X. Jiang, A. Bhattacharya, P. Dasgupta, and W. Enck, editors, SPSM'11, Proceedings of the 1st ACM Workshop Security and Privacy in Smartphones and Mobile Devices, Co-located with CCS 2011, October 17, 2011, Chicago, IL, USA, pages 75--86. ACM, 2011. Google ScholarDigital Library
- M. Ambrona, G. Barthe, and B. Schmidt. Automated unbounded analysis of cryptographic constructions in the generic group model. In M. Fischlin and J.-S. Coron, editors, EUROCRYPT 2016, Part II, volume 9666 of LNCS, pages 822--851. Springer, Heidelberg, May 2016. Google ScholarDigital Library
- M. Ambrona, G. Barthe, and B. Schmidt. Generic transformations of predicate encodings: Constructions and applications. In CRYPTO, 2017.Google ScholarCross Ref
- N. Attrapadung. Dual system encryption via doubly selective security: Framework, fully secure functional encryption for regular languages, and more. In P. Q. Nguyen and E. Oswald, editors, EUROCRYPT 2014, volume 8441 of LNCS, pages 557--577. Springer, Heidelberg, May 2014.Google Scholar
- N. Attrapadung. Dual system encryption framework in prime-order groups via computational pair encodings. In J. H. Cheon and T. Takagi, editors, ASIACRYPT 2016, Part II, volume 10032 of LNCS, pages 591--623. Springer, Heidelberg, Dec. 2016. Google ScholarDigital Library
- N. Attrapadung, B. Libert, and E. de Panafieu. Expressive key-policy attribute-based encryption with constant-size ciphertexts. In D. Catalano, N. Fazio, R. Gennaro, and A. Nicolosi, editors, PKC 2011, volume 6571 of LNCS, pages 90--108. Springer, Heidelberg, Mar. 2011. Google ScholarCross Ref
- R. Baden, A. Bender, N. Spring, B. Bhattacharjee, and D. Starin. Persona: An online social network with user-defined privacy. In Proceedings of the ACM SIGCOMM 2009 Conference on Data Communication, SIGCOMM '09, pages 135--146, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- C. E. Z. Baltico, D. Catalano, and D. Fiore. Practical functional encryption for bilinear forms. IACR Cryptology ePrint Archive, 2016:1104, 2016.Google Scholar
- C. E. Z. Baltico, D. Catalano, D. Fiore, and R. Gay. Practical functional encryption for quadratic functions with applications to predicate encryption. IACR Cryptology ePrint Archive, 2017:151, 2017.Google Scholar
- G. Barthe. High-assurance cryptography: Cryptographic software we can trust. IEEE Security & Privacy, 13(5):86--89, 2015. Google ScholarDigital Library
- G. Barthe, J. Cederquist, and S. Tarento. A machine-checked formalization of the generic model and the random oracle model. In D. A. Basin and M. Rusinowitch, editors, Automated Reasoning - Second International Joint Conference, IJCAR 2004, Cork, Ireland, July 4--8, 2004, Proceedings, volume 3097 of Lecture Notes in Computer Science, pages 385--399. Springer, 2004. Google ScholarCross Ref
- G. Barthe, E. Fagerholm, D. Fiore, J. C. Mitchell, A. Scedrov, and B. Schmidt. Automated analysis of cryptographic assumptions in generic group models. In J. A. Garay and R. Gennaro, editors, CRYPTO 2014, Part I, volume 8616 of LNCS, pages 95--112. Springer, Heidelberg, Aug. 2014. Google ScholarCross Ref
- G. Barthe, E. Fagerholm, D. Fiore, A. Scedrov, B. Schmidt, and M. Tibouchi. Strongly-optimal structure preserving signatures from type II pairings: Synthesis and lower bounds. In J. Katz, editor, Public-Key Cryptography - PKC 2015 - 18th IACR International Conference on Practice and Theory in Public-Key Cryptography, Gaithersburg, MD, USA, March 30 - April 1, 2015, Proceedings, volume 9020 of Lecture Notes in Computer Science, pages 355--376. Springer, 2015.Google Scholar
- G. Barthe, E. Fagerholm, D. Fiore, A. Scedrov, B. Schmidt, and M. Tibouchi. Strongly-optimal structure preserving signatures from type II pairings: Synthesis and lower bounds. In J. Katz, editor, PKC 2015, volume 9020 of LNCS, pages 355--376. Springer, Heidelberg, Mar. / Apr. 2015.Google Scholar
- G. Barthe, B. Grégoire, S. Heraud, and S. Zanella Béguelin. Computer-aided security proofs for the working cryptographer. In P. Rogaway, editor, CRYPTO 2011, volume 6841 of LNCS, pages 71--90. Springer, Heidelberg, Aug. 2011. Google ScholarCross Ref
- G. Barthe, B. Grégoire, and B. Schmidt. Automated proofs of pairing-based cryptography. In I. Ray, N. Li, and C. Kruegel:, editors, ACM CCS 15, pages 1156--1168. ACM Press, Oct. 2015. Google ScholarDigital Library
- A. Beimel. Secure Schemes for Secret Sharing and Key Distribution. Ph.D., Technion - Israel Institute of Technology, 1996.Google Scholar
- D. Boneh and X. Boyen. Efficient selective-ID secure identity based encryption without random oracles. In C. Cachin and J. Camenisch, editors, EUROCRYPT 2004, volume 3027 of LNCS, pages 223--238. Springer, Heidelberg, May 2004. Google ScholarCross Ref
- D. Boneh and X. Boyen. Secure identity based encryption without random oracles. In M. Franklin, editor, CRYPTO 2004, volume 3152 of LNCS, pages 443--459. Springer, Heidelberg, Aug. 2004. Google ScholarCross Ref
- D. Boneh, X. Boyen, and E.-J. Goh. Hierarchical identity based encryption with constant size ciphertext. In R. Cramer, editor, EUROCRYPT 2005, volume 3494 of LNCS, pages 440--456. Springer, Heidelberg, May 2005. Google ScholarDigital Library
- D. Boneh and M. K. Franklin. Identity-based encryption from the Weil pairing. In J. Kilian, editor, CRYPTO 2001, volume 2139 of LNCS, pages 213--229. Springer, Heidelberg, Aug. 2001. Google ScholarCross Ref
- D. Boneh and M. K. Franklin. Identity based encryption from the Weil pairing. SIAM Journal on Computing, 32(3):586--615, 2003. Google ScholarDigital Library
- X. Boyen. Miniature CCA2 PK encryption: Tight security without redundancy. In K. Kurosawa, editor, ASIACRYPT 2007, volume 4833 of LNCS, pages 485--501. Springer, Heidelberg, Dec. 2007.Google Scholar
- X. Boyen. The uber-assumption family (invited talk). In S. D. Galbraith and K. G. Paterson, editors, PAIRING 2008, volume 5209 of LNCS, pages 39--56. Springer, Heidelberg, Sept. 2008.Google Scholar
- E. Brier, J.-S. Coron, T. Icart, D. Madore, H. Randriam, and M. Tibouchi. Efficient indifferentiable hashing into ordinary elliptic curves. In T. Rabin, editor, CRYPTO 2010, volume 6223 of LNCS, pages 237--254. Springer, Heidelberg, Aug. 2010. Google ScholarCross Ref
- M. Chase and S. Meiklejohn. Déjà Q: Using dual systems to revisit q-type assumptions. In P. Q. Nguyen and E. Oswald, editors, EUROCRYPT 2014, volume 8441 of LNCS, pages 622--639. Springer, Heidelberg, May 2014.Google Scholar
- S. Chatterjee and A. Menezes. Type 2 structure-preserving signature schemes revisited. In T. Iwata and J. H. Cheon, editors, ASIACRYPT 2015, Part I, volume 9452 of LNCS, pages 286--310. Springer, Heidelberg, Nov. / Dec. 2015. Google ScholarDigital Library
- J. Chen, R. Gay, and H. Wee. Improved dual system ABE in prime-order groups via predicate encodings. In E. Oswald and M. Fischlin, editors, EUROCRYPT 2015, Part II, volume 9057 of LNCS, pages 595--624. Springer, Heidelberg, Apr. 2015. Google ScholarCross Ref
- J. Chen and H. Wee. Fully, (almost) tightly secure IBE and dual system groups. In R. Canetti and J. A. Garay, editors, CRYPTO 2013, Part II, volume 8043 of LNCS, pages 435--460. Springer, Heidelberg, Aug. 2013.Google Scholar
- J. Chen and H. Wee. Dual system groups and its applications -- compact hibe and more. Cryptology ePrint Archive, Report 2014/265, 2014. http://eprint.iacr.org/2014/265.Google Scholar
- C. Cocks. An identity based encryption scheme based on quadratic residues. In B. Honary, editor, Cryptography and Coding, 8th IMA International Conference, volume 2260 of LNCS, pages 360--363, Cirencester, UK, Dec. 17--19, 2001. Springer, Heidelberg. Google ScholarCross Ref
- C. Gentry. Practical identity-based encryption without random oracles. In S. Vaudenay, editor, EUROCRYPT 2006, volume 4004 of LNCS, pages 445--464. Springer, Heidelberg, May / June 2006. Google ScholarDigital Library
- V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute-based encryption for fine-grained access control of encrypted data. In A. Juels, R. N. Wright, and S. Vimercati, editors, ACM CCS 06, pages 89--98. ACM Press, Oct. / Nov. 2006. Available as Cryptology ePrint Archive Report 2006/309. Google ScholarDigital Library
- A. Guillevic. Comparing the pairing efficiency over composite-order and prime-order elliptic curves. In M. J. Jacobson Jr., M. E. Locasto, P. Mohassel, and R. Safavi-Naini, editors, ACNS 13, volume 7954 of LNCS, pages 357--372. Springer, Heidelberg, June 2013. Google ScholarDigital Library
- M. Hamburg. Spatial Encryption. Ph.D. Thesis, Stanford University, California, 2011.Google Scholar
- M. Ion, J. Zhang, and E. M. Schooler. Toward content-centric privacy in ICN: attribute-based encryption and routing. In B. Ohlman, G. C. Polyzos, and L. Zhang, editors, ICN'13, Proceedings of the 3rd, 2013 ACM SIGCOMM Workshop on Information-Centric Networking, August 12, 2013, Hong Kong, China, pages 39--40. ACM, 2013.Google ScholarDigital Library
- M. Karchmer and A. Wigderson. On span programs. In Structure in Complexity Theory Conference, 1993., Proceedings of the Eighth Annual, pages 102--111, May 1993. Google ScholarCross Ref
- J. Katz, A. Sahai, and B. Waters. Predicate encryption supporting disjunctions, polynomial equations, and inner products. In N. P. Smart, editor, EUROCRYPT 2008, volume 4965 of LNCS, pages 146--162. Springer, Heidelberg, Apr. 2008. Google ScholarCross Ref
- A. B. Lewko, T. Okamoto, A. Sahai, K. Takashima, and B. Waters. Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In H. Gilbert, editor, EUROCRYPT 2010, volume 6110 of LNCS, pages 62--91. Springer, Heidelberg, May 2010.Google Scholar
- A. B. Lewko and B. Waters. New techniques for dual system encryption and fully secure HIBE with short ciphertexts. In D. Micciancio, editor, TCC 2010, volume 5978 of LNCS, pages 455--479. Springer, Heidelberg, Feb. 2010. Google ScholarDigital Library
- A. B. Lewko and B. Waters. Unbounded HIBE and attribute-based encryption. In K. G. Paterson, editor, EUROCRYPT 2011, volume 6632 of LNCS, pages 547--567. Springer, Heidelberg, May 2011. Google ScholarCross Ref
- J. Li, M. H. Au, W. Susilo, D. Xie, and K. Ren. Attribute-based signature and its applications. In D. Feng, D. A. Basin, and P. Liu, editors, ASIACCS 10, pages 60--69. ACM Press, Apr. 2010. Google ScholarDigital Library
- U. M. Maurer. Abstract models of computation in cryptography (invited paper). In N. P. Smart, editor, 10th IMA International Conference on Cryptography and Coding, volume 3796 of LNCS, pages 1--12. Springer, Heidelberg, Dec. 2005. Google ScholarDigital Library
- A. Miyaji, M. Nakabayashi, and S. TAKANO. New explicit conditions of elliptic curve traces for fr-reduction, 2001.Google Scholar
- V. I. Nechaev. Complexity of a determinate algorithm for the discrete logarithm. Mathematical Notes, 55(2):165--172, 1994. Google Scholar
- T. Okamoto and K. Takashima. Hierarchical predicate encryption for inner-products. In M. Matsui, editor, ASIACRYPT 2009, volume 5912 of LNCS, pages 214--231. Springer, Heidelberg, Dec. 2009. Google ScholarDigital Library
- T. Okamoto and K. Takashima. Fully secure functional encryption with general relations from the decisional linear assumption. In T. Rabin, editor, CRYPTO 2010, volume 6223 of LNCS, pages 191--208. Springer, Heidelberg, Aug. 2010. Google ScholarCross Ref
- T. Okamoto and K. Takashima. Adaptively attribute-hiding (hierarchical) inner product encryption. In D. Pointcheval and T. Johansson, editors, EUROCRYPT 2012, volume 7237 of LNCS, pages 591--608. Springer, Heidelberg, Apr. 2012.Google Scholar
- Y. Rouselakis and B. Waters. Practical constructions and new proof methods for large universe attribute-based encryption. In A.-R. Sadeghi, V. D. Gligor, and M. Yung, editors, ACM CCS 13, pages 463--474. ACM Press, Nov. 2013. Google ScholarDigital Library
- A. Sahai and B. R. Waters. Fuzzy identity-based encryption. In R. Cramer, editor, EUROCRYPT 2005, volume 3494 of LNCS, pages 457--473. Springer, Heidelberg, May 2005. Google ScholarDigital Library
- A. Shamir. Identity-based cryptosystems and signature schemes. In G. R. Blakley and D. Chaum, editors, CRYPTO'84, volume 196 of LNCS, pages 47--53. Springer, Heidelberg, Aug. 1984.Google ScholarDigital Library
- V. Shoup. Lower bounds for discrete logarithms and related problems. In W. Fumy, editor, EUROCRYPT'97, volume 1233 of LNCS, pages 256--266. Springer, Heidelberg, May 1997. Google ScholarCross Ref
- B. Waters. Dual system encryption: Realizing fully secure IBE and HIBE under simple assumptions. In S. Halevi, editor, CRYPTO 2009, volume 5677 of LNCS, pages 619--636. Springer, Heidelberg, Aug. 2009.Google Scholar
- B. Waters. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In D. Catalano, N. Fazio, R. Gennaro, and A. Nicolosi, editors, PKC 2011, volume 6571 of LNCS, pages 53--70. Springer, Heidelberg, Mar. 2011.Google Scholar
- H. Wee. Dual system encryption via predicate encodings. In Y. Lindell, editor, TCC 2014, volume 8349 of LNCS, pages 616--637. Springer, Heidelberg, Feb. 2014. Google ScholarCross Ref
- H. Wee. Déjà Q: Encore! Un petit IBE. In E. Kushilevitz and T. Malkin, editors, TCC 2016-A, Part II, volume 9563 of LNCS, pages 237--258. Springer, Heidelberg, Jan. 2016.Google Scholar
Index Terms
- Attribute-Based Encryption in the Generic Group Model: Automated Proofs and New Constructions
Recommendations
Generic constructions of master-key KDM secure attribute-based encryption
AbstractMaster-key key-dependent message (mKDM) security is a strong security notion for attribute-based encryption (ABE) schemes, which has been investigated in recent years. This line of research was started with identity-based encryption (IBE; Garg, ...
Comments on Circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation
Attribute-based encryption (ABE) with outsourced decryption not only allows fine-grained and versatile sharing of encrypted data, but also largely mitigates the decryption overhead and the ciphertext size in the standard ABE schemes. Very recently, Xu ...
Attribute-based encryption schemes with constant-size ciphertexts
Attribute-based encryption (ABE), as introduced by Sahai and Waters, allows for fine-grained access control on encrypted data. In its key-policy flavor (the dual ciphertext-policy scenario proceeds the other way around), the primitive enables senders to ...
Comments