Generic constructions for fully secure revocable attribute-based encryption

Abstract

Attribute-based encryption (ABE) is a cryptographic primitive that realizes fine-grained access control. Due to its attractive functionality, several systems based on ABE have been widely constructed so far. In such cryptographic systems, revocation functionality is indispensable in practice to handle withdrawal of users, secret key exposure, and others. While many ABE schemes with various functionalities have been proposed, only a few of these are revocable ABE (RABE). In this paper, we propose two generic constructions of RABE from ABE. Our first construction employs the pair encoding framework (Attrapadung, EUROCRYPT 2014), and combines identity-based revocation and ABE via the generic conjunctive conversion of Attrapadung and Yamada (CT-RSA 2015). Our second construction directly converts ABE to RABE when ABE supports Boolean formulae. Since our constructions preserve functionalities of the underlying ABE, we can instantiate various fully secure RABE schemes for the first time, e.g., supporting regular languages, with unbounded attribute size and policy structure, and with constant-size ciphertext and secret key.