Cryptography Reference
In-Depth Information
Theorem 2.
If the based blind ABE is IND-sAtt-CPA secure and the knowledge
proof
PoK
1
is zero-knowledge, then the generic construction for CAC-OT is
user-secure.
We give a proof of theorem 2 in Appendix A.
Note that, we only describe a secure generic construction for CAC-OT secure
in the standard model by using a commitment scheme. In fact, we can also apply
a random oracle to achieve a secure construction for CAC-OT in the random
oracle model. The technique is similar to that in [20].
5 A Concrete Scheme for CAC-OT
In section 5, we combine the blind ABE with the credential signature scheme
to present a construction for CAC-OT. To give a concrete scheme, we have to
construct a blind ABE and combine the blind ABE with a credential signature
scheme to achieve this point: when each user extracts the private keys for his
attributes, he must make a proof of knowledge to convince the server that he has
the credentials for the requested attributes. However, it seems that presenting a
blind ABE based on the existing ABE schemes such as [8,27,21,31,15] and finding
a credential scheme to make such a knowledge proof as above are infeasible. This
is in part due to the fact that either the indexes of attributes are hashed into an
element or a secret value for each attribute is selected unknown to the user in
the existing ABE schemes. The fact makes the
BlindKeyGen
protocol not to be
realized and makes the proof of knowledge techniques unwieldy.
In the following, we first present a new ABE based on the IBE scheme [3], and
then a blind ABE using the similar technique to that in [20]. Then we combine
the blind ABE with the credential signature [2] to give a concrete CAC-OT
protocol.
5.1 A Concrete Blind ABE
Blind ABE
We first present the basic ABE scheme, and next give the
Blind-
KeyGen
protocol. The technique in encryption phase is similar to that in [23].
We give a description of the access control structure
τ
i
used in our protocol.
The access control structure is a
n
-ary tree, in which leaves are attributes and
inner nodes are “
and
(
∧
)” and “
or
(
∨
)” boolean operations.
-
Setup(
1
k
)
1. Select a generator
g
of
G
,where
=
p
, a random
α
,andset
g
1
=
g
α
.
|
G
|
Then pick a random element
g
2
∈
G
.
Z
p
, for some integer
l
,
2. Generate the attribute set
Ω
=
{
a
1
,a
2
,...,a
l
}⊆
G
.
The public key is
pk
=(
g, g
1
,g
2
,h
1
,...,h
l
), and the master key is
sk
=
g
2
.
-
KeyGen(
sk, ω
)
1. Select a random value
r
and the random elements
h
1
,h
2
,...,h
l
∈
Z
p
, and compute
d
0
=
g
r
;
∈
Search WWH ::
Custom Search