Presentation is loading. Please wait.

Presentation is loading. Please wait.

Online/Offline Attribute-Based Encryption Brent WatersSusan Hohenberger Presented by Shai Halevi.

Published byEdith Freeman Modified over 8 years ago

Similar presentations

Presentation on theme: "Online/Offline Attribute-Based Encryption Brent WatersSusan Hohenberger Presented by Shai Halevi."— Presentation transcript:

1 Online/Offline Attribute-Based Encryption Brent WatersSusan Hohenberger Presented by Shai Halevi

2 Access Control by Encryption Idea: Need secret key to access data SK PK

3 3 Rethinking Encryption OR Internal Affairs AND Undercover Central  Who matches this? Am I allowed to know?  What if they join later? Problem: Disconnect between policy and mechanism

4 4 Attribute-Based Encryption [SW05,GPSW06,…] Public Parameters Authority MSK Key: f SK CT: S (set of attributes) Functionality: output message if f(S) = true S is not hidden

5 5 Costs of Encryption Typical cost ~ 1-3 exponentiations per attribute (KP-ABE) Problems: Bursty encryption periods Low power devices

6 Can we move most of the encryption costs offline?

7 7 Online/Offline ABE Offline: Online: Intermediate Ciphertext (IT) Attribute set S Ciphertext ABE Key Encapsulation Mechanism (KEM)

8 8 Some Prior Online/Offline Work Signatures: EGM96, ST01, … Also in other contexts such as Multi-party computation IBE: GMC08, …

9 9 The rest of the talk (1)Warmup with IBE (2) Our Online/Offline Construction (3) “Pooling” for better efficiency

10 10 Brief Background on Bilinear maps High Level: single multiplication

11 11 Structure Matters CT: Difficulty of online/offline on Boneh-Franklin IBE

12 12 IBE Warmup (Boneh-Boyen04 ish) Offline: Online (ID):“Correction Factor” KeyGen(ID): Decrypt:

13 13 Challenges for ABE Many ABE systems do not have right structure (e.g. GPSW06) More complex access policies Use Rouselakis-Waters 2013

14 14 System Setup

15 15 Key Generation OR AND (1)Share a according to formula (2)Generate key components

16 16 Encryption Offline: Online ( ): System uses n attributes per CT (address later)

17 17 Decryption & Proof Brings together CT randomness and key shares Uses correction factor per node Details in paper. Proof: Reduce to security of RW13 ABE scheme Decryption:

18 18 Extensions Pooling: Flexible number of attributes per ciphertext Online/Offline Key Gen: Matches CP-ABE

19 19 Thank you

Download ppt "Online/Offline Attribute-Based Encryption Brent WatersSusan Hohenberger Presented by Shai Halevi."

Similar presentations

Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption Allison Lewko Tatsuaki Okamoto Amit Sahai The.

Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption Allison Lewko Tatsuaki Okamoto Amit Sahai The.
Efficient Lattice (H)IBE in the standard model Shweta Agrawal, Dan Boneh, Xavier Boyen.

Efficient Lattice (H)IBE in the standard model Shweta Agrawal, Dan Boneh, Xavier Boyen.
Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Adaptively Attribute-Hiding ( Hierarchical ) Inner Product Encryption

Adaptively Attribute-Hiding ( Hierarchical ) Inner Product Encryption
Attribute-based Encryption

Attribute-based Encryption
Multi-Dimensional Range Query over Encrypted Data Authors: Elaine Shi, Joint work with John Bethencourt, Hubert Chan, Dawn Song, Adrian Perrig Slides originated.

Multi-Dimensional Range Query over Encrypted Data Authors: Elaine Shi, Joint work with John Bethencourt, Hubert Chan, Dawn Song, Adrian Perrig Slides originated.
Cryptographic Multilinear Maps

Cryptographic Multilinear Maps
Dan Boneh Public key encryption from Diffie-Hellman ElGamal Variants With Better Security Online Cryptography Course Dan Boneh.

Dan Boneh Public key encryption from Diffie-Hellman ElGamal Variants With Better Security Online Cryptography Course Dan Boneh.
Russell Martin August 9th, 2013. Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.

Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.
Encryption Public-Key, Identity-Based, Attribute-Based.

Encryption Public-Key, Identity-Based, Attribute-Based.
Public-Key Encryption in the Bounded-Retrieval Model Joël Alwen, Yevgeniy Dodis, Moni Naor, Gil Segev, Shabsi Walfish, Daniel Wichs Earlier Today: Yevgeniy.

Public-Key Encryption in the Bounded-Retrieval Model Joël Alwen, Yevgeniy Dodis, Moni Naor, Gil Segev, Shabsi Walfish, Daniel Wichs Earlier Today: Yevgeniy.
Dual System Encryption: Realizing IBE and HIBE from Simple Assumptions Brent Waters.

Dual System Encryption: Realizing IBE and HIBE from Simple Assumptions Brent Waters.
1 IDENTITY BASED ENCRYPTION SECURITY NOTIONS AND NEW IBE SCHEMES FOR SAKAI KASAHARA KEY CONSTRUCTION N. DENIZ SARIER.

1 IDENTITY BASED ENCRYPTION SECURITY NOTIONS AND NEW IBE SCHEMES FOR SAKAI KASAHARA KEY CONSTRUCTION N. DENIZ SARIER.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.

Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.
Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.

Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.
Identity Based Encryption

Identity Based Encryption
1 Conjunctive, Subset, and Range Queries on Encrypted Data Presenter: 陳國璋 Lecture Notes in Computer Science, 2007 Dan Boneh and Brent Waters.

1 Conjunctive, Subset, and Range Queries on Encrypted Data Presenter: 陳國璋 Lecture Notes in Computer Science, 2007 Dan Boneh and Brent Waters.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
A Designer’s Guide to KEMs Alex Dent

A Designer’s Guide to KEMs Alex Dent

Similar presentations

Ads by Google