Constant Decryption-Cost Non-monotonic Ciphertext Policy Attribute-Based Encryption with Reduced Secret Key Size (and Dynamic Attributes)

Abstract

Attribute-based encryption, especially ciphertext policy attribute based encryption (CP-ABE), is a standard method for achieving access control using cryptography. The access control policy is determined by access structure in a CP-ABE scheme. If negative permission is required in the access control model, which is a quite common setting, then non-monotonic access structures must be allowed in the CP-ABE scheme. In 2011, Chen et al. proposed a CP-ABE scheme with non-monotonic access structures that has constant decryption cost. However, it requires a secret key size linear to the number of total attributes, which is hard to implement when the resources are limited for both computation and storage. In this paper, we improve this scheme to get a CP-ABE scheme where access structure is non-monotonic AND-gate, while the secret key size is only linear to the number of attributes held by a user, without increasing the decryption cost. This scheme will be useful if the total attributes are much more than attributes for each user. Our scheme is provably secure for selective CPA-security under the decision n-BDHE assumption. We also show that our scheme can be naturally extended to supporting attribute addition and revocation, where the attribute set of each user can be updated dynamically, without any complicated proxy re-encryption or decryption procedure.