Decentralized Attribute-Based Encryption and Signatures

Tatsuaki OKAMOTO  Katsuyuki TAKASHIMA  

Publication
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E103-A   No.1   pp.41-73
Publication Date: 2020/01/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.2019CIP0008
Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security)
Category: 
Keyword: 
attribute-based encryption,  attribute-based signatures,  decentralized multi-authority system,  non-monotone predicates,  

Full Text: FreePDF


Summary: 
This paper presents decentralized multi-authority attribute-based encryption and signature (DMA-ABE and DMA-ABS) schemes, in which no central authority exists and no global coordination is required except for the setting of a parameter for a prime order bilinear group and a hash function, which can be available from public documents, e.g., ISO and FIPS official documents. In the proposed DMA-ABE and DMA-ABS schemes, every process can be executed in a fully decentralized manner; any party can become an authority and issue a piece for a secret key to a user without interacting with any other party, and each user obtains a piece of his/her secret key from the associated authority without interacting with any other party. While enjoying such fully decentralized processes, the proposed schemes are still secure against collusion attacks, i.e., multiple pieces issued to a user by different authorities can form a collusion resistant secret key, composed of these pieces, of the user. The proposed ABE scheme is the first DMA-ABE for non-monotone relations (and more general relations), which is adaptively secure under the decisional linear (DLIN) assumption in the random oracle model. This paper also proposes the first DMA-ABS scheme for non-monotone relations (and more general relations), which is fully secure, adaptive-predicate unforgeable and perfect private, under the DLIN assumption in the random oracle model. DMA-ABS is a generalized notion of ring signatures. The efficiency of the proposed DMA-ABE and DMA-ABS schemes is comparable to those of the existing practical ABE and ABS schemes with comparable relations and security.