# Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization

@inproceedings{Waters2011CiphertextPolicyAE, title={Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization}, author={Brent Waters}, booktitle={Public Key Cryptography}, year={2011} }

We present a new methodology for realizing Ciphertext-Policy Attribute Encryption (CP-ABE) under concrete and noninteractive cryptographic assumptions in the standard model. Our solutions allow any encryptor to specify access control in terms of any access formula over the attributes in the system. In our most efficient system, ciphertext size, encryption, and decryption time scales linearly with the complexity of the access formula. The only previous work to achieve these parameters was… Expand

#### Tables and Topics from this paper

#### 1,710 Citations

Threshold Ciphertext Policy Attribute-Based Encryption with Constant Size Ciphertexts

- Mathematics, Computer Science
- ACISP
- 2012

This paper designs a CPA secure threshold CP-ABE scheme, which can be further upgraded to the CCA security and proves the security of the schemes can be proved under the decisional q-Bilinear Diffie-Hellman Exponent (q-BDHE) assumption in the selective model. Expand

Private Ciphertext-Policy Attribute-based Encryption Schemes With Constant-Size Ciphertext Supporting CNF Access Policy

- Computer Science
- IACR Cryptol. ePrint Arch.
- 2015

This paper gives the first private CP-ABE constructions with a constant-size ciphertext, supporting CNF (Conjunctive Normal Form) access policy, with the simple restriction that each attribute can only appear kmax times in the access formula. Expand

Computationally Efficient Expressive Key-Policy Attribute Based Encryption Schemes with Constant-Size Ciphertext

- Computer Science, Mathematics
- ICICS
- 2013

In this paper, we present two attribute based encryption (ABE) schemes for monotone access structure (MAS) in the key-policy setting, where secret key is generated according to a MAS, ciphertext is… Expand

Provably secure and efficient bounded ciphertext policy attribute based encryption

- Computer Science
- ASIACCS '09
- 2009

One-time signature technique is used to obtain a chosen ciphertext secure extension and give its complete security proof in the standard model under traditional Decisional Bilinear Diffie-Hellman (DBDH) assumption and strong existential unforgeability of one- time signature scheme. Expand

Expressive Ciphertext-Policy Attribute-Based Encryption with Fast Decryption

- Computer Science
- J. Internet Serv. Inf. Secur.
- 2018

This paper proposes a new construction of ciphertext-policy ABE supporting general predicates with a constant number of pairing operations for decryption, and proves that the construction achieves new security notion which it introduces, restricted-selectively payload-hiding security under the q-type decisional bilinear DeiffieHellman assumption. Expand

Efficient Ciphertext-Policy Attribute Based Encryption with Hidden Policy

- Mathematics, Computer Science
- IDCS
- 2012

This paper proposes an efficient anonymous CP-ABE scheme that reduces both the length of each ciphertext and the number of pairing operations to a constant level, but still leverages a hidden policy to keep recipients' privacy preserved. Expand

Direct Chosen-Ciphertext Secure Attribute-Based Key Encapsulations without Random Oracles

- Computer Science
- IACR Cryptol. ePrint Arch.
- 2013

We present a new technique to realize attribute-based encryption (ABE) schemes secure in the standard model against chosen-ciphertext attacks (CCA-secure). Our approach is to extend certain concrete… Expand

A Ciphertext Policy Attribute-Based Encryption Scheme without Pairings

- Mathematics, Computer Science
- Inscrypt
- 2011

This work presents a ciphertext policy attribute-based encryption (CP-ABE) scheme, which supports and-gates without pairings, and has a very strong security proof based on worst-case hardness. Expand

CCA-Secure Ciphertext-Policy Attribute-Based Encryption ?

- 2018

We propose a technique of individually modifying an attribute-based encryption scheme (ABE) that is secure against chosen-plaintext attacks (CPA) into an ABE scheme that is secure against… Expand

Fully Secure Decentralized Ciphertext-Policy Attribute-Based Encryption in Standard Model

- Computer Science
- Inscrypt
- 2018

This paper presents two constructions that will be proved secure in the standard model of multi-authority ciphertext policy attribute-based encryption and achieves constant size ciphertexts for AND-gate policy in prime-order group. Expand

#### References

SHOWING 1-10 OF 52 REFERENCES

Provably secure ciphertext policy ABE

- Computer Science
- CCS '07
- 2007

The basic scheme is proven to be chosen plaintext (CPA) secure under the decisional bilinear Diffie-Hellman (DBDH) assumption and the Canetti-Halevi-Katz technique is applied to obtain a chosen ciphertext (CCA) secure extension using one-time signatures. Expand

Bounded Ciphertext Policy Attribute Based Encryption

- Mathematics, Computer Science
- ICALP
- 2008

This work presents the first construction of a ciphertext-policy attribute based encryption scheme having a security proof based on a number theoretic assumption and supporting advanced access structures and support access structures which can be represented by a bounded size access tree with threshold gates as its nodes. Expand

Practical Identity-Based Encryption Without Random Oracles

- Mathematics, Computer Science
- EUROCRYPT
- 2006

We present an Identity Based Encryption (IBE) system that is fully secure in the standard model and has several advantages over previous such systems – namely, computational efficiency, shorter… Expand

Chosen-Ciphertext Security from Identity-Based Encryption

- Computer Science, Mathematics
- EUROCRYPT
- 2004

This work proposes a simple and efficient construction of a CCA-secure public-key encryption scheme from any CPA-secure identity-based encryption (IBE) scheme, which avoids non-interactive proofs of “well-formedness” which were shown to underlie most previous constructions. Expand

Hierarchical Identity Based Encryption with Constant Size Ciphertext

- Computer Science, Mathematics
- EUROCRYPT
- 2005

A Hierarchical Identity Based Encryption system where the ciphertext consists of just three group elements and decryption requires only two bilinear map computations, regardless of the hierarchy depth, which is proved to be as efficient as in other HIBE systems. Expand

Ciphertext-Policy Attribute-Based Encryption

- Computer Science
- 2007 IEEE Symposium on Security and Privacy (SP '07)
- 2007

A system for realizing complex access control on encrypted data that is conceptually closer to traditional access control methods such as role-based access control (RBAC) and secure against collusion attacks is presented. Expand

Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption

- Computer Science, Mathematics
- EUROCRYPT
- 2010

We present two fully secure functional encryption schemes: a fully secure attribute-based encryption (ABE) scheme and a fully secure (attribute-hiding) predicate encryption (PE) scheme for… Expand

A Forward-Secure Public-Key Encryption Scheme

- Mathematics, Computer Science
- EUROCRYPT
- 2003

The first constructions of a (non-interactive) forward-secure public-key encryption scheme that achieves security against chosen plaintext attacks under the decisional bilinear Diffie-Hellman assumption in the standard model is presented. Expand

Escrow-free encryption supporting cryptographic workflow

- Computer Science
- International Journal of Information Security
- 2006

An encryption scheme such that the receiver of an encrypted message can only decrypt if it satisfies a particular policy chosen by the sender at the time of encryption, providing the users' public keys are properly certified. Expand

Attribute-based encryption for fine-grained access control of encrypted data

- Computer Science
- CCS '06
- 2006

This work develops a new cryptosystem for fine-grained sharing of encrypted data that is compatible with Hierarchical Identity-Based Encryption (HIBE), and demonstrates the applicability of the construction to sharing of audit-log information and broadcast encryption. Expand