SpringerLink
Log in

A Bunch of Broken Schemes: A Simple yet Powerful Linear Approach to Analyzing Security of Attribute-Based Encryption

  • Conference paper
  • First Online:
Topics in Cryptology – CT-RSA 2021 (CT-RSA 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12704))

Included in the following conference series:

  • 1647 Accesses

Abstract

Verifying security of advanced cryptographic primitives such as attribute-based encryption (ABE) is often difficult. In this work, we show how to break eleven schemes: two single-authority and nine multi-authority (MA) ABE schemes. Notably, we break DAC-MACS, a highly-cited multi-authority scheme, published at TIFS. This suggests that, indeed, verifying security of complex schemes is complicated, and may require simpler tools. The multi-authority attacks also illustrate that mistakes are made in transforming single-authority schemes into multi-authority ones. To simplify verifying security, we systematize our methods to a linear approach to analyzing generic security of ABE. Our approach is not only useful in analyzing existing schemes, but can also be applied during the design and reviewing of new schemes. As such, it can prevent the employment of insecure (MA-)ABE schemes in the future.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Agrawal, S., Chase, M.: Simplifying design and analysis of complex predicate encryption schemes. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 627–656. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56620-7_22

    Chapter  Google Scholar 

  2. Ambrona, M., Barthe, G., Gay, R., Wee, H.: Attribute-based encryption in the generic group model: automated proofs and new constructions. In: CCS, pp. 647–664. ACM (2017)

    Google Scholar 

  3. Attrapadung, N.: Dual system encryption via doubly selective security: framework, fully secure functional encryption for regular languages, and more. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 557–577. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_31

    Chapter  Google Scholar 

  4. Beimel, A.: Secure schemes for secret sharing and key distribution (1996)

    Google Scholar 

  5. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: S&P, pp. 321–334. IEEE (2007)

    Google Scholar 

  6. Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_26

    Chapter  Google Scholar 

  7. Boyen, X.: The uber-assumption family. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 39–56. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85538-5_3

    Chapter  Google Scholar 

  8. Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_28

    Chapter  Google Scholar 

  9. Chaudhari, P., Das, M.L., Mathuria, A.: On anonymous attribute based encryption. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2015. LNCS, vol. 9478, pp. 378–392. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26961-0_23

    Chapter  Google Scholar 

  10. Chen, J., Ma, H.: Efficient decentralized attribute-based access control for cloud storage with user revocation. In: ICC, pp. 3782–3787. IEEE (2014)

    Google Scholar 

  11. Ge, A., Zhang, J., Zhang, R., Ma, C., Zhang, Z.: Security analysis of a privacy-preserving decentralized key-policy attribute-based encryption scheme. IEEE TPDS 24(11), 2319–2321 (2013)

    Google Scholar 

  12. Han, J., Susilo, W., Mu, Y., Yan, J.: Privacy-preserving decentralized key-policy attribute-based encryption. IEEE TPDS 23(11), 2150–2162 (2012)

    Google Scholar 

  13. Han, J., Susilo, W., Mu, Y., Zhou, J., Au, M.H.: PPDCP-ABE: privacy-preserving decentralized ciphertext-policy attribute-based encryption. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 73–90. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_5

    Chapter  Google Scholar 

  14. Han, J., Susilo, W., Mu, Y., Zhou, J., Au, M.H.A.: Improving privacy and security in decentralized ciphertext-policy attribute-based encryption. IEEE TIFS 10(3), 665–678 (2015)

    Google Scholar 

  15. Hong, J., Xue, K., Li, W.: Comments on DAC-MACS: Effective data access control for multiauthority cloud storage systems/security analysis of attribute revocation in multiauthority data access control for cloud storage systems. IEEE TIFS 10(6), 1315–1317 (2015)

    Google Scholar 

  16. Jung, T., Li, X.Y., Wan, Z., Wan, M.: Privacy preserving cloud data access with multi-authorities. In: INFOCOM, pp. 2625–2633. IEEE (2013)

    Google Scholar 

  17. Jung, T., Li, X.Y., Wan, Z., Wan, M.: Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption. IEEE TIFS 10(1), 190–199 (2015)

    Google Scholar 

  18. Jung, T., Li, X.Y., Wan, Z., Wan, M.: Rebuttal to Comments on Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption. IEEE TIFS 10(4), 868 (2016)

    Google Scholar 

  19. Lewko, A., Waters, B.: Decentralizing attribute-based encryption. In: EUROCRYPT. pp. 568–588. Springer (2011)

    Google Scholar 

  20. Li, J., Huang, Q., Chen, X., Chow, S.S.M., Wong, D.S., **e, D.: Multi-authority ciphertext-policy attribute-based encryption with accountability. In: AsiaCCS, pp. 386–390. ACM (2011)

    Google Scholar 

  21. Li, J., Ren, K., Zhu, B., Wan, Z.: Privacy-aware attribute-based encryption with user accountability. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 347–362. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04474-8_28

    Chapter  Google Scholar 

  22. Li, W., Xue, K., Xue, Y., Hong, J.: TMACS: a robust and verifiable threshold multi-authority access control system in public cloud storage. IEEE TPDS 27(5), 1484–1496 (2016)

    Google Scholar 

  23. Ma, C., Ge, A., Zhang, J.: Fully secure decentralized ciphertext-policy attribute-based encryption in standard model. In: Guo, F., Huang, X., Yung, M. (eds.) Inscrypt 2018. LNCS, vol. 11449, pp. 427–447. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-14234-6_23

    Chapter  Google Scholar 

  24. Ma, H., Zhang, R., Yuan, W.: Comments on Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption. IEEE TIFS 11(4), 866–867 (2016)

    Google Scholar 

  25. Malluhi, Q.M., Shikfa, A., Trinh, V.C.: Ciphertext-policy attribute-based encryption scheme with optimized ciphertext size and fast decryption. In: AsiaCCS, pp. 230–240. ACM (2017)

    Google Scholar 

  26. Ning, J., Dong, X., Cao, Z., Wei, L.: Accountable authority ciphertext-policy attribute-based encryption with white-box traceability and public auditing in the cloud. In: ESORICS. pp. 270–289. Springer (2015)

    Google Scholar 

  27. Pussewalage, H.S.G., Oleshchuk, V.A.: A distributed multi-authority attribute based encryption scheme for secure sharing of personal health records. In: SACMAT, pp. 255–262. ACM (2017)

    Google Scholar 

  28. Qian, H., Li, J., Zhang, Y.: Privacy-preserving decentralized ciphertext-policy attribute-based encryption with fully hidden access structure. In: Qing, S., Zhou, J., Liu, D. (eds.) ICICS 2013. LNCS, vol. 8233, pp. 363–372. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-02726-5_26

    Chapter  Google Scholar 

  29. Qian, H., Li, J., Zhang, Y., Han, J.: Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation. Int. J. Inf. Security 14(6), 487–497 (2014). https://doi.org/10.1007/s10207-014-0270-9

    Article  Google Scholar 

  30. Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27

    Chapter  Google Scholar 

  31. Venema, M., Alpár, G.: A bunch of broken schemes: A simple yet powerful linear approach to analyzing security of attribute-based encryption. Cryptology ePrint Archive, Report 2020/460 (2020)

    Google Scholar 

  32. Wang, M., Zhang, Z., Chen, C.: Security analysis of a privacy-preserving decentralized ciphertext-policy attribute-based encryption scheme. Concurrency and Computation 28(4), 1237–1245 (2015)

    Article  Google Scholar 

  33. Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19379-8_4

    Chapter  Google Scholar 

  34. Wee, H.: Dual system encryption via predicate encodings. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 616–637. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54242-8_26

    Chapter  Google Scholar 

  35. Wu, X., Jiang, R., Bhargava, B.: On the security of data access control for multiauthority cloud storage systems. IEEE Trans. Serv. Comput. 10(2), 258–272 (2017)

    Article  Google Scholar 

  36. Xhafa, F., Feng, J., Zhang, Y., Chen, X., Li, J.: Privacy-aware attribute-based phr sharing with user accountability in cloud computing. J. Supercomput. 71, 1607–1619 (2014)

    Article  Google Scholar 

  37. Yang, K., Jia, X.: Attribute-based access control for multi-authority systems in cloud storage. In: IEEE Distributed Computing Systems, pp. 536–545. IEEE Computer Society (2012)

    Google Scholar 

  38. Yang, K., Jia, X.: Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE TPDS 25(7), 1735–1744 (2014)

    Google Scholar 

  39. Yang, K., Jia, X., Ren, K., Zhang, B.: DAC-MACS: effective data access control for multiauthority cloud storage systems. In: INFOCOM, pp. 2895–2903. IEEE (2013)

    Google Scholar 

  40. Yang, K., Jia, X., Ren, K., Zhang, B., **e, R.: DAC-MACS: effective data access control for multiauthority cloud storage systems. IEEE TIFS 8(11), 1790–1801 (2013)

    Google Scholar 

  41. Zhang, Y., Chen, X., Li, J., Wong, D., Li, H.: Anonymous attribute-based encryption supporting efficient decryption test. In: AsiaCCS, pp. 511–516. ACM (2013)

    Google Scholar 

  42. Zhou, Z., Huang, D.: On efficient ciphertext-policy attribute based encryption and broadcast encryption. In: CCS (poster), pp. 753–755. ACM (2010)

    Google Scholar 

  43. Zhou, Z., Huang, D.: On efficient ciphertext-policy attribute based encryption and broadcast encryption. Cryptology ePrint Archive, Report 2010/395 (2010)

    Google Scholar 

  44. Zhou, Z., Huang, D., Wang, Z.: Efficient privacy-preserving ciphertext-policy attribute based-encryption and broadcast encryption. IEEE Trans. Comput. 64(1), 126–138 (2015)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgments

The authors would like to thank the anonymous reviewers for their helpful comments and suggestions.

Author information

Authors and Affiliations

  1. Radboud University, Nijmegen, The Netherlands

    Marloes Venema & Greg Alpár

  2. Open University of the Netherlands, Heerlen, The Netherlands

    Greg Alpár

Authors
  1. Marloes Venema
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Greg Alpár
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marloes Venema .

Editor information

Editors and Affiliations

  1. ETH Zürich, Zürich, Switzerland

    Kenneth G. Paterson

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Venema, M., Alpár, G. (2021). A Bunch of Broken Schemes: A Simple yet Powerful Linear Approach to Analyzing Security of Attribute-Based Encryption. In: Paterson, K.G. (eds) Topics in Cryptology – CT-RSA 2021. CT-RSA 2021. Lecture Notes in Computer Science(), vol 12704. Springer, Cham. https://doi.org/10.1007/978-3-030-75539-3_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-75539-3_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-75538-6

  • Online ISBN: 978-3-030-75539-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation