Professional Documents
Culture Documents
Outsourced Decryption
A.Sridhar
III MCA, Department of MCA, Paavai Enginnering College, Namakkal, Tamil Nadu
Abstract Attribute-based encryption (ABE) is a promising 2) How to construct an ABE with verifiable outsourced
technique for fine-grained access control of encrypted data in a decryption more efficiently?
cloud storage, however, decryption involved in the ABEs is
usually too expensive for resource-constrained front-end users, encryption (ABE) [1] was thus proposed to have flexible
which greatly hinders its practical popularity. In order to reduce access control of encrypted data utilizing access policies and
the decryption overhead for a user to recover the plaintext, ascribed attributes associated with private keys and ciphertexts
Green et al. suggested to outsource the majority of the decryption respectively. In an ABE scheme, a specified private key can
decrypt a particular ciphertext only if associated attributes
work without revealing actually data or private keys. To ensure and policy are matched. According to the ciphertext associ-
the third-party service honestly computes the outsourced work, ated with an access policy or containing a set of attributes,
Lai et al. provided a requirement of verifiability to the decryption ABE schemes are divided into two kinds: ciphertext-
of ABE, but their scheme doubled the size of the underlying ABE policy (CP) ABE [4]-[7] and key-policy (KP) ABE [8], [9].
cipher text and the computation costs. Roughly speaking, their
main idea is to use a parallel encryption technique, while one of The functionality of access control is very powerful,
the encryption components is used for the verification purpose. however, expensive. For most of the existing pairing-based
Hence, the bandwidth and the computation cost are doubled. In ABE schemes (see [6], [8]), the number of pairing operations
this paper, we investigate the same problem. In particular, we to decrypt a ciphertext is linear to the complexity of the access
propose a more efficient and generic construction of ABE with policy. It would be a significant challenge for users to complete
verifiable outsourced decryption based on an attribute-based
key encapsulation mechanism, a symmetric-key encryption the decryption independently on resource-constrained devices,
scheme and a commitment scheme. Then, we prove the security e.g., mobile phones. In order to reduce the number of pairing
and the verification soundness of our constructed ABE scheme in operations for users when executing the decryption algorithm,
the standard model. Finally, we instantiate our scheme with Green et al. [2] considered outsourcing the heavy computation
concrete building blocks. Compared with Lai et al.s scheme, our of decryption to a third-party service, which helps to imple-
scheme reduces the bandwidth and the computation costs almost
ment thin clients. They proposed a key blinding technique
by half.
to outsource the decryption without leaking data or secret
Keywords Attribute-based encryption, keys as a precaution against maliciously detecting from the
outsourced, decryption, verifiability, access third-party service. A user provides a transformed key to
control. the service to outsource an ABE ciphertext and obtains a
constant-size ElGamal-style ciphertext, then utilizes the secret
retrieving key to recover the plaintext.
I. INTRODUCTION
To guarantee the third-party service honestly executes
With the rapid development of cloud computing, the outsourced computation, Lai et al. (LDGW) [3] introduced
growing data is being centralized into the cloud for sharing. verifiability to the outsourced decryption of ABE. Actually,
To keep the data security and privacy for data owners, they added an extra instance to the underlying ABE scheme [6]
the sharing data needs to be encrypted before being uploaded
and fine-grained access control is required. Attribute-based in the encryption/decryption algorithms, which is used for
encryption (ABE) [1] was thus proposed to have flexible verification. The technique added noticeable overhead to the
access control of encrypted data utilizing access policies and underlying ABE scheme: encryption requires the data sender
ascribed attributes associated with private keys and cipher to encrypt an extra random message and compute a checksum
texts value related to two messages; decryption requires the
respectively. In an ABE scheme, a specified private key can third-party service to execute the underlying decryption
decrypt a particular cipher text only if associated attributes algorithm twice and the data receiver to verify the outsourced
and policy are matched. According to the ciphertext associ- computation with respect to the encrypted messages. Although
ated with an access policy or containing a set of attributes,
ABE schemes are divided into two kinds: ciphertext- the LDGW-scheme [3] is easy to understand, it works not so
policy (CP) ABE [4]-[7] and key-policy (KP) ABE [8], [9]. well in practice: First, the scheme doubles the computation
1) Whether there exists a generic construction to introduce costs of encryption and decryption compared to the underlying
verification to the outsourced decryption of ABE?
ABE scheme. Second, the length of the ciphertext is twice B. Units
of that of the underlying ABE ciphertext. Therefore, the Use either SI (MKS) or CGS as primary units. (SI
following questions arise naturally: units are encouraged.) English units may be used as
In this paper, we revisit ABE with verifiable outsourced secondary units (in parentheses). An exception would
decryption (VO-ABE), and try to solve these problems. be the use of English units as identifiers in trade, such
We first present a generic construction of VO-ABE, based on as 3.5-inch disk drive.
an attribute-based key encapsulation mechanism (AB-KEM), Avoid combining SI and CGS units, such as current in
a symmetric-key encryption scheme and a commitment amperes and magnetic field in oersteds. This often
scheme. In our opinion, hybrid encryption and a commitment leads to confusion because equations do not balance
can be used to add verification to the outsourced decryption dimensionally. If you must use mixed units, clearly
more efficiently and a proper verification algorithm should state the units for each quantity that you use in an
be defined as a constraint during the final decryption for equation.
the data receiver. Similar to the idea of blinding technique
in [2], we propose an appropriate transform for the actual Do not mix complete spellings and abbreviations of
secret key to achieve outsourcing the decryption. In fact, the units: Wb/m2 or webers per square meter, not
transform we used here may be thought as a subclass of webers/m2. Spell units when they appear in text: ...a
all-or-nothing transforms (AONTs) [10], [11] with specific few henries, not ...a few H.
properties ensuring secure outsourced computation. We insist
that our construction of VO-ABE is comprehensive and can Use a zero before decimal points: 0.25, not .25.
be operated easily and as secure as [3]. Use cm3, not cc. (bullet list)