Fine-grained flexible access control: ciphertext policy attribute based encryption for arithmetic circuits

Applying access structure to encrypted sensitive data is one of the challenges in communication networks and cloud computing. Various methods have been proposed to achieve this goal, one of which is attribute-based encryption (ABE). In ABE schemes, the access structure, a.k.a policy, can be applied to the key or ciphertext. Thus, if the policy is applied to the key, the ABE scheme is called the key policy attribute-based encryption (KP-ABE), and if it is applied to the ciphertext, the scheme is called the ciphertext policy attribute-based encryption (CP-ABE). Since in the KP-ABE, the policy is selected once by a trusted entity and is fixed then, they are not suitable for applications where the policy needs to change repeatedly. This problem is solved in CP-ABE, where the policy is selected by the sender and can be changed for each message encryption. Furthermore, it is desired in the ABE schemes that a strong fine-grained access control can be realized. While most of the existing access structures are of Boolean type, an arithmetic access structure can support a stronger fine-grained access structure. We present the first CP-ABE scheme with an arithmetic circuit access policy based on the multilinear maps. First, we outline a basic design and then two improved versions of this scheme, with or without the property of hidden attributes, are introduced. We also define the concept of hidden result attribute based encryption (HR-ABE) which means that the result of the arithmetic function will not be revealed to the users. We define a new hardness assumption, called the (k-1)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$(k-1)$$\end{document}-distance decisional Diffie–Hellman assumption, which is at least as hard as the k-multilinear decisional Diffie–Hellman assumption. Under this assumption, we prove the adaptive security of the proposed scheme.