Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attribute-Based Encryption

Published byKryštof Leoš Neduchal Modified over 5 years ago

Similar presentations

Presentation on theme: "Attribute-Based Encryption"— Presentation transcript:

1 Attribute-Based Encryption
Brent Waters SRI International Joint work with Vipul Goyal, Omkant Pandey, and Amit Sahai

2 IBE [BF01] Is regular PKI good enough?
IBE: [BF01] Public key encryption scheme where public key is an arbitrary string (ID). Examples: user’s address Is regular PKI good enough? I am Private key encrypted using public key: Alice does not access a PKI CA/PKG Authority is offline master-key

3 Generalizing the Framework
Capability Request Private “Capability” Encrypt “Structured” Data CA/PKG Authority is offline master-key

4 Attributed-Based Encryption(ABE) [SW05]
Encrypt Data with descriptive “Attributes” Users Private Keys reflect Decryption Policies master-key CA/PKG Authority is offline Encrypt w/attributes

5 An Encrypted Filesystem
Encrypted Files on Untrusted Server Label files with attributes File 1 “Creator: bsanders” “Computer Science” “Admissions” “Date: ” File 2 “Creator: akeen” “History” “Hiring” “Date: ”

6 An Encrypted Filesystem
“Creator: bsanders” “Computer Science” “Admissions” “Date: ” Authority OR File 2 “Creator: akeen” “History” “Hiring” “Date: ” AND “bsmith” “CS” “admissions”

7 This Talk Threshold ABE & Biometrics More “Advanced” ABE Other Systems

8 A Warmup: Threshold ABE[SW05]
Data labeled with attributes Keys of form “At least k” attributes Application: IBE with Biometric Identities

9 Biometric Identities Iris Scan Voiceprint Fingerprint

10 Biometric Identities Stay with human Are unique No registration
Certification is natural

11 Biometric Identities Deviations Environment
Difference in sensors Small change in trait Can’t use previous IBE solutions!

12 Error-tolerance in Identity
k attributes must match Example: 5 attributes Public Key master-key CA/PKG Private Key 5 matches

13 Error-tolerance in Identity
k attributes must match Example: 5 attributes Public Key Private Key CA/PKG 3 matches master-key

14 Secret Sharing Split message M into shares such that need k to reconstruct Choose random k-1 degree polynomial, q, s.t. q(0)=M Need k points to interpolate

15 First Method Key Pair per Trait Encrypt shares of message
Deg. 4 (need 5 traits) polynomial q(x), such that q(0)=M Ciphertext E3(q(3))... 5 Private Key 2 7 8 11 13 16 q(x) at 5 points ) q(0)=M

16 Collusion Attack Private Key 5 6 7 9 10 8 6 8 9 7 5 10

17 Our Approach Goals Threshold Collusion Resistance Methods
Secret-share private key Bilinear maps

18 Bilinear Maps G , G1 : finite cyclic groups of prime order p.
Def: An admissible bilinear map e: GG  G is: Bilinear: e(ga, gb) = e(g,g)ab a,bZ, gG Non-degenerate: g generates G  e(g,g) generates G1 . Efficiently computable.

19 The SW05 Threshold ABE system
Public Parameters e(g,g)y 2 G1, gt1, gt2,.... gtn 2 G Private Key Random degree 4 polynomial q(x) s.t. q(0)=y gq(5)/t5 Bilinear Map e(g,g)rq(5) Ciphertext gr¢ t5 Me(g,g)ry Interpolate in exponent to get e(g,g)rq(0)=e(g,g)ry

20 Intuition Threshold Need k values of e(g,g)rq(x) Collusion resistance
Can’t combine private key components ( shares of q(x), q’(x) ) Reduction Given ga,gb,gc distinguish e(g,g)ab/c from random

21 Moving Beyond Threshold ABE
Threshold ABE not very expressive “Grafting” has limitations Shamir Secret Sharing => k of n Base new ABE off of general secret sharing schemes OR AND “ksmith” “CS” “admin”

22 Access Trees [Ben86] Secret Sharing for tree-structure of AND + OR
Replicate ORs Split ANDs s OR s AND AND OR s-s’’ s’’ Alice Bob Charlie s’ s-s’ s’’ Doug Edith

23 Key-Policy Attribute-Based Encryption [GPSW06]
Encryption similar to Threshold ABE Keys reflect a tree access structure Randomness to prevent collusion! Use Threshold Gates Decrypt iff attributes from CT satisfy key’s policy OR AND “ksmith” “CS” “admin”

24 Delegation Can delegate any key to a more restrictive policy
Subsumes Hierarchical-IBE OR AND “ksmith” Year=2005 “CS” “admin”

25 A comparison ABE [GPSW06] Arbitrary Attributes Expressive Policy
Attributes in Clear Hidden Vector Enc. [BW06] Fields Fixed at Setup Conjunctions & don’t care Hidden Attributes

26 Ciphertext Policy ABE (opposite)
Encrypt Data reflect Decryption Policies Users’ Private Keys are descriptive attributes master-key CA/PKG “Blond”, “Well-dressed”, “Age=21”, “Height=5’2” OR AND “Rhodes Scholar” “25-35” “millionaire”

27 Multi-Authority ABE [Chase07]
Authorities over different domains E.g. DMV and IRS Challenge: Prevent Collusion Across Domains Insight: Use “globally verifiable ID/attribute” to link

28 Open Problems Ciphertext Policy ABE ABE with “hidden attributes”
Policies from Circuits instead of Trees

29 Generalizing the Framework
Capability Request Private “Capability” Encrypt “Structured” Data CA/PKG Authority is offline master-key

30 Health Records Weight=125 Height = 5’4 Age = 46 Blood Pressure= 125
Partners = … If Weight/Height >30 AND Age > 45 Output Blood Pressure Private “Capability” No analogous PKI solution CA/PKG Authority is offline master-key

31 THE END

32 Related Work Secret Sharing Schemes [Shamir79, Benaloh86…]
Allow Collusion Building from IBE + Secret Sharing [Smart03, Juels] IBE gives key Compression Not Collusion Resistant

Download ppt "Attribute-Based Encryption"

Similar presentations

Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption Allison Lewko Tatsuaki Okamoto Amit Sahai The.

Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption Allison Lewko Tatsuaki Okamoto Amit Sahai The.
Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Efficient Non-interactive Proof Systems for Bilinear Groups Jens Groth University College London Amit Sahai University of California Los Angeles TexPoint.

Efficient Non-interactive Proof Systems for Bilinear Groups Jens Groth University College London Amit Sahai University of California Los Angeles TexPoint.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
Attribute-based Encryption

Attribute-based Encryption
Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.

Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.
Russell Martin August 9th, 2013. Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.

Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.
Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.

Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.
Identity Based Encryption

Identity Based Encryption
1 Conjunctive, Subset, and Range Queries on Encrypted Data Presenter: 陳國璋 Lecture Notes in Computer Science, 2007 Dan Boneh and Brent Waters.

1 Conjunctive, Subset, and Range Queries on Encrypted Data Presenter: 陳國璋 Lecture Notes in Computer Science, 2007 Dan Boneh and Brent Waters.
1 Queries on Encrypted Data Dan Boneh Brent Waters Stanford UniversitySRI.

1 Queries on Encrypted Data Dan Boneh Brent Waters Stanford UniversitySRI.
Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.

Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.
1 Conjunctive, Subset, and Range Queries on Encrypted Data Dan Boneh Brent Waters Stanford University SRI International.

1 Conjunctive, Subset, and Range Queries on Encrypted Data Dan Boneh Brent Waters Stanford University SRI International.
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.

CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
1 Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys Dan Boneh, Craig Gentry, and Brent Waters.

1 Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys Dan Boneh, Craig Gentry, and Brent Waters.
Ciphertext-Policy, Attribute-Based Encryption Brent Waters SRI International John Bethencourt CMU Amit Sahai UCLA.

Ciphertext-Policy, Attribute-Based Encryption Brent Waters SRI International John Bethencourt CMU Amit Sahai UCLA.
Xiaohua Jia Shen Zhen Graduate School Harbin Institute of Technology Data Security for Cloud Storage Systems 1.

Xiaohua Jia Shen Zhen Graduate School Harbin Institute of Technology Data Security for Cloud Storage Systems 1.
Functional Encryption: An Introduction and Survey Brent Waters.

Functional Encryption: An Introduction and Survey Brent Waters.
Efficient and Robust Private Set Intersection and multiparty multivariate polynomials Dana Dachman-Soled 1, Tal Malkin 1, Mariana Raykova 1, Moti Yung.

Efficient and Robust Private Set Intersection and multiparty multivariate polynomials Dana Dachman-Soled 1, Tal Malkin 1, Mariana Raykova 1, Moti Yung.
Functional Encryption: Beyond Public Key Cryptography

Functional Encryption: Beyond Public Key Cryptography

Similar presentations

Ads by Google