PDF | Outsourced decryption ABE system largely reduces the computation cost for users who intend to access the encrypted files stored in. Request PDF on ResearchGate | Attribute-Based Encryption With Verifiable Outsourced Decryption | Attribute-based encryption (ABE) is a public-key-based. , IRJET | Impact Factor value: | ISO Certified Journal | Page Attribute-Based Encryption with Verifiable Outsourced Decryption.

Author: Kazidal Melabar
Country: Portugal
Language: English (Spanish)
Genre: Career
Published (Last): 27 September 2010
Pages: 287
PDF File Size: 7.76 Mb
ePub File Size: 17.20 Mb
ISBN: 581-6-96332-700-9
Downloads: 26570
Price: Free* [*Free Regsitration Required]
Uploader: Gardadal

The size of ciphertext and the number of expensive pairing operations are constant, which do not grow with the complexity of the access structure.

He chooses and computes the transformation key aswhere and. Given a ciphertext and a transformation key, CSP transforms a ciphertext into a simple ciphertext. Obviously, has appropriately simulated. An outsourcing decryption CP-ABE scheme is selective security if we add an initialization phase prior to setup algorithm in above game, where the adversary gives the challenger access structure.

Definition 2 discrete logarithm DL assumption [ 31 ]. It outputs transformation key associated with and a corresponding retrieving key. Observe that does not know the drcryption retrieving key. Tables 1 — 3 show that our scheme is efficient.

The computational overhead for the decryption and transformation operations in our scheme is constant, which does not rely on the amount of attributes. We prove security and verifiability of our scheme in Section 4.

The redundant information is mainly used to design a CP-ABE scheme with verifiable outsourcing decryption from [ 33 ], which has been proven to be selectively CPA-secure. To protect data privacy, the sensitive data should be encrypted by attributte-based data owner prior to outsourcing. In their scheme, a user uses proxy reencryption method [ 1314 ] to generate a transformation key and sends the transformation key and ABE ciphertext to the CSP.


Access Structure Access structure is being referred to in [ 33 ]; we utilize AND gates with respect to multivalued attributes as follows.

The traditional concept of security for chosen-ciphertext attack CCA is not suitable for the above CP-ABE scheme because it does not permit modifying any bit for the ciphertext. Lemma 7 shows that and are indistinguishable. Finally, we conclude the paper in Section 6.

If we randomly choose as secret key, then our assumption is reasonable. It sends to the adversary and keeps secret.

Security and Communication Networks

The proposed scheme has the potential application in various lower power devices with limited computational power, such as mobile phone.

Lemma 8 shows that the advantage for an adversary in is negligible. The access structure in our scheme is AND gates on multivalued attributes and we prove our scheme is verifiable and it is secure against selectively chosen-plaintext attack in the standard model. In order to improve the computation performance and reduce communication overhead, we propose a new verifiable outsourcing scheme with constant ciphertext length.

Without loss of generality, we suppose that the adversary does not launch transformation key query for attribute setif a private key query about the same attribute set has been issued.

Verifiable Outsourced Decryption of Attribute-Based Encryption with Constant Ciphertext Length

Several traceable CP-ABE schemes [ 20 — 22 ] were constructed to trace the identity of a misbehaving user who leaks its decryption key to others and thus reduces the trust assumptions on both users and attribute authorities. This theorem is proven via the following lemmas. Therefore, our scheme is very efficient.

As the operation cost over is much smaller than group and pairing operation, we ignore the computation time over. Figure 6 illustrates that the length of partially decrypted ciphertext in two schemes is almost same.


Proceedings, Part IIvol. If there exist and such thatthe user with attribute set is able to decrypt ciphertext related towhere, and. The first two elements are ciphertexts for message and random messagerespectively, utilizing the encryption algorithm [ 33 ].

Inthe challenger randomly selects and generates the remaining parts of the challenge ciphertext as in.

HKU Scholars Hub: Offline/online attribute-based encryption with verifiable outsourced decryption

In essence, the second and the third elements are redundant information. With the cloud service being more and more popular in modern society, ABE technology has become a promising orientation. Figure 5 shows the ciphertext length in our scheme and Outskurced et al. A user checks whether the transformed ciphertext or or ; if the equations do not hold, he outputs.

A decryptor calculates as follows: Note that, in our scheme, a ciphertext consists of three parts: If such a tuple exists, it runs and returns to ; otherwise, it returns. A user generates his transformation key pair as follows.

Without loss of generality, we suppose that an adversary does not launch transformation key query for attribute setif a private key query about the same attribute set has been issued. It is described by the seven algorithms as follows. Givenwhere is randomly selected, the DL problem for is to calculate.

Subscribe to Table of Contents Alerts. Moreover, the CSP can perform encrypted keyword search without knowing anything about vrifiable keywords embedded in trapdoor. An encryptor randomly selects.