Removing escrow from ciphertext policy attribute-based encryption

Attribute-based encryption (ABE) is a promising cryptographic primitive for fine-grained access control of distributed data. In ciphertext policy attribute-based encryption (CP-ABE), each user is associated with a set of attributes and data are encrypted with access policies on attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the access policy embedded in the ciphertext. However, key escrow is inherent in ABE systems. A curious key generation center in that construction has the power to decrypt every ciphertext. We found that most of the existing ABE schemes depending on a single key authority suffer from the key escrow problem. In this study, we propose a novel CP-ABE key issuing architecture that solves the key escrow problem. The proposed scheme separates the power of issuing user keys into two parties: the key generation center and the attribute authority. In the proposed construction, the key generation center and the attribute authority issue different parts of secret key components to users through a secure two-party computation protocol such that none of them can determine the whole set of keys of users individually. We demonstrate how the proposed key issuing protocol can be applied in the existing CP-ABE scheme and resolve the key escrow problem. (C) 2012 Elsevier Ltd. All rights reserved.