Cryptography Reference
In-Depth Information
4 A Generic Construction for CAC-OT
In this part, we will present a generic construction for our CAC-OT built from the
blind (ciphertext policy) attribute-based encryption which is introduced below.
The construction can be proved secure in the security model described in section
3. In the following, we first present the definition and security notions of the blind
attribute-based encryption, and next using the encryption as a building block,
give a generic construction for CAC-OT.
4.1 Blind Attribute-Based Encryption
To make the blind attribute-based encryption more expressive, we first briefly
introduce the traditional ABE scheme and its security definition. A CP-ABE
scheme [8] consists of four algorithms
Setup
,
KeyGen
,
Encrypt
and
Decrypt
.There
is a private key generation center (
KGC
) who is responsible for the generation
of private keys for users' attributes.
-
Setup(
1
κ
)
The algorithm takes no input other than the implicit security
parameter
κ
. It outputs the public parameters
pk
and a mater key
sk
.
-
KeyGen(
KGC
(
pk, sk
),
U
(
pk, ω
)
)
→
(
ω, sk
ω
)Anhon tu r
U
with an at-
tributes set
ω
makesrequeststo
KGC
and obtains the corresponding secret
key
sk
ω
from
KGC
.
-
Encrypt(
pk
,
τ
,
m
)
The algorithm returns a ciphertext
c
τ
to a message
m
corresponding to the access control structure
τ
, such that only users who
have the secret key generated from the attributes that satisfy
τ
will be able
to decrypt the message
m
.
-
Decrypt(
c
τ
,
sk
ω
)
The algorithm outputs a message
m
on input a ciphertext
c
τ
, a secret key
sk
ω
associated with
ω
.
ABE can be seen as a generalized identity-based encryption (IBE). In this work,
the blind ABE we present is analogously a generalized blind IBE proposed in
[20]. In the blind ABE, after each user extracts the secret key corresponding to
his attribute set from the
KGC
,
KGC
will not obtain anything about the user's
attribute set.
The blind ABE includes four algorithms
Setup
,
BlindKeyGen
,
Encrypt
and
Decrypt
.The
Setup
,
Encrypt
and
Decrypt
algorithms are the same as those in
traditional CP-ABE, and the
BlindKeyGen
algorithm is described as follows.
-
BlindKeyGen(
KGC
(
pk, sk
),
U
(
pk, ω
))
→
(
nothing, sk
ω
)Anhon tu r
U
with an attribute set
ω
makes request to
KGC
and obtains the corresponding
secret key
sk
ω
. It includes three sub-algorithms (
Blind
,
BKeyGen
and
Unblind
): the user first runs
Blind(
pk, ω
)
algorithm to blind his attribute
set
ω
to
ω
from
KGC
performs
BKeyGen
(
sk, ω
)
to
generate the private key
sk
ω
for
ω
; and finally the user obtains the private
key
sk
ω
for the attribute set
ω
by executing
Unblind(
sk
ω
)
algorithm. At the
end, the
BlindKeyGen
algorithm outputs the private key
sk
ω
and sends
ω
to
KGC
;then
KGC
for
ω
for the
user and nothing for the
KGC
.
Search WWH ::
Custom Search