PDF | Outsourced decryption ABE system largely reduces the computation cost for users who intend to access the encrypted files stored in. Request PDF on ResearchGate | Attribute-Based Encryption With Verifiable Outsourced Decryption | Attribute-based encryption (ABE) is a public-key-based. , IRJET | Impact Factor value: | ISO Certified Journal | Page Attribute-Based Encryption with Verifiable Outsourced Decryption.

Author: | Goltigrel Zulugor |

Country: | Congo |

Language: | English (Spanish) |

Genre: | Business |

Published (Last): | 26 November 2014 |

Pages: | 91 |

PDF File Size: | 16.36 Mb |

ePub File Size: | 7.84 Mb |

ISBN: | 374-7-11175-359-9 |

Downloads: | 45079 |

Price: | Free* [*Free Regsitration Required] |

Uploader: | Sakinos |

So we can conclude that if can attack our scheme at nonnegligible advantage, then we will find an algorithm which attacks Basic CP-ABE scheme under the selective CPA security model at nonnegligible advantage. View at Google Scholar Z.

In their scheme, a user uses proxy reencryption method [ 1314 ] to generate a transformation key and sends the transformation key and ABE ciphertext to the CSP.

If there exist and such thatthe user with attribute set is able to decrypt ciphertext related towhere, and. Lemma 7 shows that and are indistinguishable.

Table of Contents Alerts. One of the main defects of current ABE schemes is expensive decryption operation for mobile device with low computing power and limited battery.

It outputs message or. In this article, we present a novel verifiable outsourced CP-ABE scheme with constant ciphertext length to save the communication cost. Otherwise, selects random exponents.

### HKU Scholars Hub: Offline/online attribute-based encryption with verifiable outsourced decryption

Note that, with overwhelming probability, has multiplicative inverse. Several traceable CP-ABE schemes [ 20 — 22 ] were constructed to trace the identity of a misbehaving user who leaks its decryption key to others and thus reduces wlth trust assumptions on both users and attribute authorities.

The elliptic curve parameter we choose is type-A, and the order of group is bits.

Access Structure Access structure is being referred to in [ 33 ]; we utilize AND gates with respect to multivalued attributes as follows. Thus, we come to a conclusion that the advantage for an adversary in is negligible.

## Security and Communication Networks

Let be the challenger with respect to of the scheme [ 33 ]. Ifhe outputs the message ; otherwise, he outputs. We introduce some basic knowledge about bilinear groups, security assumption, access structure, and CP-ABE which our scheme relies on.

The computational overhead for the decryption and transformation operations in our scheme is constant, which does not rely on the amount of attributes. Suppose is a generator in. In the proposed scheme, cloud service provider CSP performs partial decryption task delegated by data user without knowing anything about the plaintext.

Given a ciphertext and a transformation key, CSP transforms a ciphertext into a simple ciphertext.

It outputs if associated with satisfies. TA selectscomputes andand sends to a user associated with attribute set. Compared with the scheme in [ 111231 ], the computational overhead for the decryption and transformation operations in our scheme is much smaller. There is no doubt that verifiability brings about great progress to outsourced decryption of ABE. It outputs transformation key associated with and a corresponding retrieving key.

Indexed in Science Citation Index Expanded. We have that the assumption holds with overwhelming probability: We prove security and verifiability of our scheme in Section 4. If such a tuple exists, it sends the transformation key to. An encryptor randomly selects. In order to solve this problem, Lai et al. The challenger runs and sets. Proceedings, Part IIvol.

Figure 6 illustrates that the length of partially decrypted ciphertext in two schemes is almost same. From Table 2we observe that the computational overhead over group and pairing in [ 111231 ] depends on the number of attributes, while it is constant in our scheme. Moreover, the CSP can perform encrypted keyword search without knowing anything about the keywords embedded in trapdoor.

A decryptor calculates as follows: Ifit outputs the message ; otherwise, it outputs. A trusted authority TA picks two bilinear groups of prime-order, and. This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Without loss of generality, we suppose that an adversary does not launch transformation key query for attribute setif a private key query about the same attribute set has been issued.

### Verifiable Outsourced Decryption of Attribute-Based Encryption with Constant Ciphertext Length

It allows users to use flexible access control to access files stored in the cloud server with encrypted form. This algorithm takes,and for as input. The traditional concept of security for chosen-ciphertext attack CCA is not suitable for the above CP-ABE scheme because it does not permit modifying any bit for the ciphertext.

It sends to the adversary. If has a nonnegligible advantage inthen attacks the scheme in [ 33 ] at a nonnegligible advantage. This algorithm takes and as input. In order to protect privacy of the user, Han et al. Tables 1 — 3 show that our scheme is efficient. This theorem is proven via the following lemmas. A user checks whether the transformed ciphertext or or ; if the equations do not hold, he outputs.

Here, we compute as follows: Then, lets decrption sends the private key to. The redundant information is mainly used to design a CP-ABE scheme with verifiable outsourcing decryption from [ 33 ], which has been proven to be selectively CPA-secure. Observe attrkbute-based does not know the actual retrieving key.