Cryptography Reference
In-Depth Information
Our Contributions.
In this paper, we present an oblivious transfer with
complex attribute-based access control permissions. The protocol can directly
achieve “
and
(
)” policies on each message without the duplication
of the message. More concretely, for each message, we can directly enforce such
type of access control permissions as (
c
1
1
∧
∧
)” and “
or
(
∨
c
1
2
∧
...c
1
n
1
)
∨
(
c
2
1
∧
c
2
2
∧
...c
2
n
2
)
∨
...
...c
t
n
t
)onit,whereeach
c
i
j
is an attribute. That is, the message
can only be available, on request, to the users who possess at least one attribute
set (
c
i
1
,c
i
2
,...,c
i
n
i
),
i
∨
(
c
t
1
∧
c
t
2
∧
[1
,t
].
To realize the functionality of the protocol, we present a new primitive called
blind (ciphertext policy) attribute-based encryption(CP-ABE) as a building
block. Combining the blind ABE with an anonymous credential scheme, a generic
construction for the protocol is proposed. In this construction, a server,
n
users
and a credential issuer are included. Assume that
Ω
is an attribute universe
where
∈
=
l
. Each user first authenticates to obtain the credentials for his enti-
tled attributes from the issuer. The server initializes the database
(
M
1
,M
2
,...,M
N
) by encrypting the messages under the associated access con-
trol policies so that the users must obtain the private keys for the attributes to
decrypt out the messages. In the transfer phase, to obtain the allowed messages
according to the policies, each user first makes requests to the server for the
private keys of his entitled attributes, and simultaneously executes a proof of
knowledge to convince the server that he possesses a valid credential generated
by the issuer for the requested attributes. From the requests, even if the server
colludes with the credential issuer, they cannot learn anything about the at-
tributes or identity of the user. Then after the user obtains the private keys, he
can arbitrarily decrypt out the messages whose associated policies are satisfied
by the user's attributes.
If we let
k
be the number of messages a user can access in a database according
to the access control policies, then in our construction, the user needs to interact
with the server for just one time to obtain the private keys to decrypt all the
k
allowed messages. Therefore, the communication cost of our construction is
O
(
N
+
l
).
To present a concrete oblivious transfer protocol with complex access con-
trol policies, we first construct a new blind ABE scheme which achieves “
and
”
and “
or
” policies. The access control structure is provided by an access tree in
which leaves are attributes and inner nodes are “
|
Ω
|
∧
”and“
∨
” boolean operators.
Organization.
The rest of this paper is organized as follows. In section 2, we
introduce some preliminaries. In section 3, we present the functionality and se-
curity definition for the oblivious transfer with attribute-based access control.
In section 4, a generic construction for oblivious transfer with attribute-based
access control is proposed based on blind attribute-based encryption and cre-
dential signature scheme. In section 5, a concrete scheme for the construction is
given. We give some analysis and extensions in section 6. Finally, we conclude
in section 7.
Search WWH ::
Custom Search