Enhancing Lattice-Based Attribute-Based Encryption with Robust Fine-Grained Access Policies

Khajouei-Nejad, Sedigheh; Jabbehdari, Sam; Haj Seyyed Javadi, Hamid; Moattar, Seyed Mohammad Hossein

doi:10.22042/isecure.2024.436486.1082

Enhancing Lattice-Based Attribute-Based Encryption with Robust Fine-Grained Access Policies

Document Type : Research Article

Authors

Sedigheh Khajouei-Nejad ¹

Sam Jabbehdari ¹

Hamid Haj Seyyed Javadi ²

Seyed Mohammad Hossein Moattar ³

¹ Department of Engineering, North Tehran Branch, Islamic Azad University, Tehran, Iran

² Department of Computer Engineering, Shahed University, Tehran, Iran

³ Department of Computer engineering, Mashhad branch, Islamic Azad University, Mashhad, Iran

https://doi.org/10.22042/isecure.2024.436486.1082

Abstract

Protecting sensitive data is crucial in various fields, including Information Technologies, Network Security, and healthcare records. Implementing precise access policies for encrypted data is vital in large networks. Attribute-Based Encryption (ABE) emerges as a solution to this challenge, enabling encryption and access control simultaneously. With the increasing significance of quantum-safe measures due to advancements in quantum computing, there is a growing need for quantum-resistant access control mechanisms for encrypted data, as addressed by Lattice-Based Attribute-Based Encryption.
However, some existing Lattice-Based ABE schemes lack robust support for fine-grained access policies. In this paper, we present an enhancement to a Key Policy Attribute-Based Encryption (ABE) scheme to not only accommodate threshold gates but also any boolean circuits. Our proposed scheme's security is grounded in the Learning with Errors (LWE) assumption within the selective security model under the Indistinguishable CPA game. Importantly, the scheme is well-suited for the Disjunctive Normal Form (DNF) representation of boolean functions, offering enhanced flexibility and security in access control mechanisms for encrypted data.

Keywords

Attribute-Based Encryption(ABE)

Learning With Errors(LWE)

Access Policy

Key Policy Attribute-Based Encryption(KP-ABE)

Post-Quantum Attribute-Based Encryption(PQ-ABE)

Disjunctive Normal Form (DNF)

[1] Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM conference on Computer and communications security, pages 89–98, 2006.
[2] John Bethencourt, Amit Sahai, and Brent Waters. Ciphertext-policy attribute-based encryption. In 2007 IEEE symposium on security and privacy (SP’07), pages 321–334. IEEE, 2007.
[3] Rafail Ostrovsky, Amit Sahai, and Brent Waters. Attribute-based encryption with non-monotonic access structures. In Proceedings of the 14th ACM conference on Computer and communications security, pages 195–203, 2007.
[4] Dan Boneh, Craig Gentry, Sergey Gorbunov, Shai Halevi, Valeria Nikolaenko, Gil Segev, Vinod Vaikuntanathan, and Dhinakaran Vinayagamurthy. Fully key-homomorphic encryption, arithmetic circuit abe and compact garbled circuits. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 533–556. Springer, 2014.
[5] Mahdi MahdaviOliaee and Zahra Ahmadian. Fine-grained flexible access control: ciphertext policy attribute based encryption for arithmetic circuits. Journal of Computer Virology and Hacking Techniques, pages 1–14, 2022.
[6] Mahdi Mahdavi Oliaee and Zahra Ahmadian. Ciphertext policy attribute based encryption for arithmetic circuits. Cryptology ePrint Archive, 2021.
[7] Amit Sahai and Brent Waters. Fuzzy identitybased encryption. In Annual international conference on the theory and applications of cryptographic techniques, pages 457–473. Springer, 2005.
[8] Sedigheh Khajouei-Nejad, Sam Jabbehdari, Hamid Haj Seyyed Javadi, and Seyed Mohammad Hossein Moattar. Fuzzy identity based encryption with a flexible threshold value. Journal of Communication Engineering, 2023.
[9] Zhitao Guan, Xin Lu, Wenti Yang, Longfei Wu, Naiyu Wang, and Zijian Zhang. Achieving efficient and privacy-preserving energy trading based on blockchain and abe in smart grid. Journal of Parallel and Distributed Computing, 147:34–45, 2021.
[10] Zhijun Zhang and Xiaojun Ren. Data security sharing method based on cp-abe and blockchain. Journal of Intelligent & Fuzzy Systems, 40(2):2193–2203, 2021.
[11] Jiguo Yu, Suhui Liu, Minghui Xu, Hechuan Guo, Fangtian Zhong, and Wei Cheng. An efficient revocable and searchable ma-abe scheme with blockchain assistance for c-iot. IEEE Internet of Things Journal, 10(3):2754–2766, 2022.
[12] Mahdi Mahdavi, Mohammad Hesam Tadayon, Mohammad Sayad Haghighi, and Zahra Ahmadian. Iot-friendly, precomputed and outsourced attribute based encryption. Future Generation Computer Systems, 150:115–126, 2024.
[13] Sangjukta Das and Suyel Namasudra. Multiauthority cp-abe-based access control model for iotenabled healthcare infrastructure. IEEE Transactions on Industrial Informatics, 19(1):821–829 2022.
[14] Susan Hohenberger, George Lu, Brent Waters, and David J Wu. Registered attribute-based encryption. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 511–542. Springer, 2023.
[15] Rachit Garg, Rishab Goyal, and George Lu. Dynamic collusion functional encryption and multiauthority attribute-based encryption. In IACR International Conference on Public-Key Cryptography, pages 69–104. Springer, 2024.
[16] Marloes Venema and Greg Alp´ar. Glue: Generalizing unbounded attribute-based encryption for flexible efficiency trade-offs. In IACR International Conference on Public-Key Cryptography, pages 652–682. Springer, 2023.
[17] Mostafa Chegenizadeh, Mohammad Ali, Javad Mohajeri, and Mohammad Reza Aref. Huap: Practical attribute-based access control supporting hidden updatable access policies for resourceconstrained devices. The ISC International Journal of Information Security, 16(1):93–114, 2024.
[18] Sajjad Palanki and Alireza Shafieinejad. Attribute-based encryption with efficient attribute revocation, decryption outsourcing, and multi-keyword searching in cloud storage. The ISC International Journal of Information Security, 14(3):135–149, 2022.
[19] Sina Abdollahi, Javad Mohajeri, and Mahmoud Salmasizadeh. Highly efficient and revocable cpabe with outsourcing decryption for iot. In 2021 18th International ISC Conference on Information Security and Cryptology (ISCISC), pages
81–88. IEEE, 2021.
[20] Aniseh Najafi, Majid Bayat, and Hamid Haj Seyyed Javadi. Privacy preserving attribute-based encryption with conjunctive keyword search for e-health records in cloud. The ISC International Journal of Information Security, 13(2):87–100, 2021.
[21] Mahdi Mahdavi Oliaee, Sahar Khaleghifard, and Zahra Ahmadian. New variations of discrete logarithm problem. The ISC International Journal of Information Security, 15(3):91–100, 2023.
[22] Shweta Agrawal, Xavier Boyen, Vinod Vaikuntanathan, Panagiotis Voulgaris, and Hoeteck Wee. Functional encryption for threshold functions (or fuzzy ibe) from lattices. In Public Key Cryptography–PKC 2012: 15th International Conference on Practice and Theory in Public Key Cryptography, Darmstadt, Germany, May 21-23, 2012. Proceedings 15, pages 280–297. Springer, 2012.
[23] Sedigheh Khajouei-Nejad, Hamid Haj Seyyed Javadi, Sam Jabbehdari, and Seyed Mohammad Hossein and Moattar. Reducing the computational complexity of fuzzy identity-based encryption from lattice. International Journal of Information and Communication Technology Research, 16(1), 2024.
[24] Sedigheh Khajouei-Nejad, Hamid Haj Seyyed Javadi, Sam Jabbehdari, and Seyed Mohammad Hossein Moattar. Reducing the computational complexity of fuzzy identity-based encryption from lattice. Cryptology ePrint Archive, 2024.
[25] Jiang Zhang and Zhenfeng Zhang. A ciphertext policy attribute-based encryption scheme without pairings. In International Conference on Information Security and Cryptology, pages 324–340. Springer, 2011.
[26] Xavier Boyen. Attribute-based functional encryption on lattices. In Theory of Cryptography Conference, pages 122–142. Springer, 2013.
[27] Shweta Agrawal, Rajarshi Biswas, Ryo Nishimaki, Keita Xagawa, Xiang Xie, and Shota Yamada. Cryptanalysis of boyen’s attribute-based encryption scheme in tcc 2013. Designs, Codes and Cryptography, 90(10):2301–2318, 2022.
[28] Sergey Gorbunov, Vinod Vaikuntanathan, and Hoeteck Wee. Attribute-based encryption for circuits. Journal of the ACM (JACM), 62(6):1–33, 2015.
[29] Willy Susilo, Dung Hoang Duong, Huy Quoc Le, and Josef Pieprzyk. Puncturable encryption: a generic construction from delegatable fully keyhomomorphic encryption. In Computer Security–ESORICS 2020: 25th European Symposium on Research in Computer Security, ESORICS 2020, Guildford, UK, September 14–18, 2020, Proceedings, Part II 25, pages 107–127. Springer, 2020.
[30] Sam Kim. Multi-authority attribute-based encryption from lwe in the ot model. Cryptology ePrint Archive, 2019.
[31] Uma Sankararao Varri, Syam Kumar Pasupuleti, and KV Kadambari. Cp-absel: Ciphertext-policy attribute-based searchable encryption from lattice in cloud storage. Peer-to-Peer Networking and Applications, 14:1290–1302, 2021.
[32] Xingting Dong, Yanhua Zhang, Baocang Wang, and Jiangshan Chen. Server-aided revocable attribute-based encryption from lattices. Security and Communication Networks, 2020:1–13, 2020.
[33] Weiling Zhu, Jianping Yu, Ting Wang, Peng Zhang, and Weixin Xie. Efficient attribute-based encryption from r-lwe. Chin. J. Electron, 23(4):778–782, 2014.
[34] Akbar Morshed Aski, Hamid Haj Seyyed Javadi, and Gholam Hassan Shirdel. A full connectable and high scalable key pre-distribution scheme based on combinatorial designs for resourceconstrained devices in iot network. Wireless Personal Communications, 114(3):2079–2103, 2020.
[35] Nafiseh Masaeli, Hamid Haj Seyyed Javadi, and Seyed Hossein Erfani. Key pre-distribution scheme based on transversal design in large mobile fog networks with multi-clouds. Journal of Information Security and Applications, 54:102519, 2020.
[36] M. Mahdavi Oliaee, M. Delavar, M.H. Ameri, J. Mohajeri, and M.R. Aref. On the security of o-psi: A delegated private set intersection on outsourced datasets (extended version). The ISC International Journal of Information Security, 10(2):117–127, 2018.
[37] Mehdi Oliaee Mahdavi, Mahshid Delavar, Mohammad Hassan Ameri, Javad Mohajeri, and Mohammad Reza Aref. On the security of o-psi a delegated private set intersection on outsourced datasets. In 2017 14th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC), pages 77–81. IEEE, 2017.
[38] Mahdi MahdaviOliaiy, Mohammad Hassan Ameri, Javad Mohajeri, and Mohammad Reza Aref. A verifiable delegated set intersection without pairing. In 2017 Iranian Conference on Electrical Engineering (ICEE), pages 2047–2051. IEEE, 2017.
[39] Shweta Agrawal, Anshu Yadav, and Shota Yamada. Multi-input attribute based encryption and predicate encryption. In Annual International Cryptology Conference, pages 590–621. Springer, 2022.
[40] Yang Yang, Jianguo Sun, Zechao Liu, and YuQing Qiao. Practical revocable and multiauthority cp-abe scheme from rlwe for cloud computing. Journal of Information Security and Applications, 65:103108, 2022.
[41] Hui Liu and Rui Jiang. Efficient revocable attribute-based encryption from r-lwe in cloud storage. In Advances in Intelligent Automation and Soft Computing, pages 1051–1058. Springer, 2022.
[42] Cheng Guo, Ruhan Zhuang, Yingmo Jie, Yizhi Ren, Ting Wu, and Kim-Kwang Raymond Choo. Fine-grained database field search using attribute-based encryption for e-healthcare clouds. Journal of medical systems, 40:1–8, 2016.
[43] Siti Dhalila Mohd Satar, Masnida Hussin, Zurina Mohd Hanapi, and Mohamad Afendee Mohamed. Cloud-based secure healthcare framework by using enhanced ciphertext policy attribute-based encryption scheme. Int. J. Adv.Comput. Sci. Appl, 12:393–399, 2021.
[44] Hong Zhong, Yiyuan Zhou, Qingyang Zhang, Yan Xu, and Jie Cui. An efficient and outsourcing-supported attribute-based access control scheme for edge-enabled smart health-care. Future Generation Computer Systems, 115:486–496, 2021.
[45] Liang Zhang, Haibin Kan, and Honglan Huang. Patient-centered cross-enterprise document sharing and dynamic consent framework using consortium blockchain and ciphertext-policy attribute-based encryption. In Proceedings of the 19th ACM International Conference on Computing Frontiers, pages 58–66, 2022.
[46] Shweta Agrawal, Xavier Boyen, Vinod Vaikuntanathan, Panagiotis Voulgaris, and Hoeteck Wee. Fuzzy identity based encryption from lattices. IACR Cryptol. ePrint Arch., 2011:414, 2011.