Cryptography Reference
In-Depth Information
policies like (
c
1
1
∧
...c
t
n
t
)are
enforced to each message, AC-OT does not work eciently. Since the message
must be duplicated for
t
times, each with a policy (
c
i
1
∧
c
1
2
∧
...c
1
n
1
)
∨
(
c
2
1
∧
c
2
2
∧
...c
2
n
2
)
∨
...
∨
(
c
t
1
∧
c
t
2
∧
...c
i
n
i
). Moreover,
when the server initializes the database, he must encrypt the message for
t
times
under different “
and
” policies, and the initialized database will also increase
greatly. However, our CAC-OT directly achieves flexible “
or
”and“
and
” access
control policies such that it can be eciently applied in the databases that
request complex access control permissions.
Since in the transfer phase of our construction, to obtain the private keys for
his certificates, the user needs to interact with the server for just one round.
Therefore, if we let
k
be the number of messages that a user can access in a
database according to the access control policies, then the communication cost
of our construction is
O
(
N
+
l
). However, in Camenisch
et al.
's AC-OT [10],
each time the user requests a message, the communication cost is
O
(
N
+
l
). Then
to obtain all the
k
allowed messages, the user has to interact with the server for
k
times and correspondingly the communication cost is
O
(
N
+
kl
). So in the
case that
k
is a large number, our protocol works eciently in communications.
In the protocol, we combine the blind ABE with credential signature scheme
to present the CAC-OT. Under our construction, the CAC-OT achieves the same
access control policies as the blind ABE. However, in the concrete blind ABE
scheme we presented, the ciphertext size increases linearly with the number of
“
or
” policies, and the access policies are just “
and
”and“
or
”. As we know, there
have been some ecient ABE schemes which have achieved more complicated
access control structures such as [32]. In the scheme [32], access control is ex-
pressed by a Linear Secret Sharing Scheme(LSSS) matrix over the attributes in
the system. Presenting a more ecient blind ABE with more complicated access
control policies, and applying it to our construction for CAC-OT is our future
work.
c
i
2
∧
7Con lu on
In this paper we presented the oblivious transfer with complex access control
policies which directly achieves “
and
”and“
or
” policies. To realize the protocol,
we first presented a primitive called blind ABE using the similar technique to
that in the blind IBE [20], and then gave a generic construction combining the
blind ABE with a credential signature scheme. Moreover, a new blind ABE
scheme was proposed in which the access control structure is provided by access
trees, and based on it, a concrete CAC-OT protocol is presented.
References
1. Aiello, W., Ishai, Y., Reingold, O.: Priced oblivious transfer: How to sell digital
goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119-135.
Springer, Heidelberg (2001)
2. Au, M.H., Susilo, W., Mu, Y.: Constant-size dynamic k-TAA. In: De Prisco, R.,
Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 111-125. Springer, Heidelberg
(2006)
Search WWH ::
Custom Search