Efficient Expressive Attribute-Based Encryption with Keyword Search over Prime-Order Groups

Attribute-based encryption with keyword search(ABEKS)is a novel cryptographic paradigm that can be used to implementfine-grained access control and retrieve ciphertexts without disclosing the sensitive information.It is a perfect combination of attribute-based encryption(ABE)and public key encryption with keyword search(PEKS).Nevertheless,most of the existing ABEKS schemes have limited search capabilities and only support single or simple conjunctive keyword search.Due to the weak search capability and inaccurate search results,it is difficult to apply these schemes to practical applications.In this paper,an effi-cient expressive ABEKS(EABEKS)scheme supporting unbounded keyword uni-verse over prime-order groups is designed,which supplies the expressive keyword search function supporting the logical connectives of“AND”and“OR”.The proposed scheme not only leads to low computation and communica-tion costs,but also supports unbounded keyword universe.In the standard model,the scheme is proven to be secure under the chosen keyword attack and the cho-sen plaintext attack.The comparison analysis and experimental results show that it has better performance than the existing EABEKS schemes in the storage,com-putation and communication costs.

Secured Access Policy in Ciphertext-Policy Attribute-Based Encryption for Cloud Environment

The cloud allows clients to store and share data.Depending on the user’s needs,it is imperative to design an effective access control plan to share the information only with approved users.The user loses control of their data when the data is outsourced to the cloud.Therefore,access control mechanisms will become a significant challenging problem.The Ciphertext-Policy Attribute-Based Encryption(CP-ABE)is an essential solution in which the user can control data access.CP-ABE encrypts the data under a limited access policy after the user sets some access policies.The user can decrypt the data if they satisfy the limited access policy.Although CP-ABE is an effective access control program,the privacy of the policy might be compromised by the attackers.Namely,the attackers can gather important information from plain text policy.To address this issue,the SHA-512 algorithm is presented to create a hash code for the user’s attributes in this paper.Depending on the created hash codes,an access policy will be formed.It leads to protecting the access policy against attacks.The effectiveness of the proposed scheme is assessed based on decryption time,private key generation time,ciphertext generation time,and data verification time.

A Novel Attribute-Based Encryption Approach with Integrity Verification for CAD Assembly Models

Cloud manufacturing is one of the three key technologies that enable intelligent manufacturing.This paper presents a novel attribute-based encryption(ABE)approach for computer-aided design(CAD)assembly models to effectively support hierarchical access control,integrity verification,and deformation protection for co-design scenarios in cloud manufacturing.An assembly hierarchy access tree(AHAT)is designed as the hierarchical access structure.Attribute-related ciphertext elements,which are contained in an assembly ciphertext(ACT)file,are adapted for content keys decryption instead of CAD component files.We modify the original Merkle tree(MT)and reconstruct an assembly MT.The proposed ABE framework has the ability to combine the deformation protection method with a content privacy of CAD models.The proposed encryption scheme is demonstrated to be secure under the standard assumption.Experimental simulation on typical CAD assembly models demonstrates that the proposed approach is feasible in applications.

Substring-searchable attribute-based encryption and its application for IoT devices

With the development of big data and cloud computing technology,more and more users choose to store data on cloud servers,which brings much convenience to their management and use of data,and also the risk of data leakage.A common method to prevent data leakage is to encrypt the data before uploading it,but the traditional encryption method is often not conducive to data sharing and querying.In this paper,a new kind of Attribute-Based Encryption(ABE)scheme,which is called the Sub-String Searchable ABE(SSS-ABE)scheme,is proposed for the sharing and querying of the encrypted data.In the SSS-ABE scheme,the data owner encrypts the data under an access structure,and only the data user who satisfies the access structure can query and decrypt it.The data user can make a substring query on the whole ciphertext without setting keywords in advance.In addition,the outsourcing method is also introduced to reduce the local computation of the decryption process so that the outsourcing SSS-ABE scheme can be applied to IoT devices.

An Efficient Ciphertext-Policy Attribute-Based Encryption Scheme with Policy Update

Ciphertext-policy attribute-based encryption(CP-ABE)is a promising cryptographic solution to the problem for enforcing fine-grained access control over encrypted data in the cloud.However,when applying CP-ABE to data outsourcing scenarios,we have to address the challenging issue of policy updates because access control elements,such as users,attributes,and access rules may change frequently.In this paper,we propose a notion of access policy updatable ciphertext-policy attribute-based encryption(APU-CP-ABE)by combining the idea of ciphertext-policy attribute-based key encapsulation and symmetric proxy re-encryption.When an access policy update occurs,data owner is no longer required to download any data for re-encryption from the cloud,all he needs to do is generate a re-encryption key and produce a new encapsulated symmetric key,and then upload them to the cloud.The cloud server executes re-encryption without decryption.Because the re-encrypted ciphertext is encrypted under a completely new key,users cannot decrypt data even if they keep the old symmetric keys or parts of the previous ciphertext.We present an APU-CP-ABE construction based on Syalim et al.’s[Syalim,Nishide and Sakurai(2017)]improved symmetric proxy re-encryption scheme and Agrawal et al.’s[Agrawal and Chase(2017)]attribute-based message encryption scheme.It requires only 6 bilinear pairing operations for decryption,regardless of the number of attributes involved.This makes our construction particularly attractive when decryption is time-critical.

APPLSS:Adaptive Privacy Preserved Location Sharing Scheme Based on Attribute-Based Encryption

Unauthorized access to location information in location-based service is one of the most critical security threats to mobile Internet.In order to solve the problem of quality of location sharing while keeping privacy preserved,adaptive privacy preserved location sharing scheme called APPLSS is proposed,which is based on a new hierarchical ciphertext-policy attribute-based encryption algorithm.In the algorithm,attribute authority sets the attribute vector according to the attribute tags of registration from the location service providers.Then the attribute vector can be adaptively transformed into an access structure to control the encryption and decryption.The APPLSS offers a natural hierarchical mechanism in protecting location information when partially sharing it in mobile networks.It allows service providers access to end user’s sensitive location more flexibly,and satisfies a sufficient-but-no-more strategy.For end-users,the quality of service is obtained while no extra location privacy is leaked.To improve service response performance,outsourced decryption is deployed to avoid the bottlenecks of the service providers and location information providers.The performance analysis and experiments show that APPLSS is an efficient and practical location sharing scheme.

Authorized Attribute-Based Encryption Multi-Keywords Search with Policy Updating

Attribute-based encryption is cryptographic techniques that provide flexible data access control to encrypted data content in cloud storage.Each trusted authority needs proper management and distribution of secret keys to the user’s to only authorized user’s attributes.However existing schemes cannot be applied multiple authority that supports only a single keywords search compare to multi keywords search high computational burden or inefficient attribute’s revocation.In this paper,a ciphertext policy attribute-based encryption(CP-ABE)scheme has been proposed which focuses on multi-keyword search and attribute revocation by new policy updating feathers under multiple authorities and central authority.The data owner encrypts the keywords index under the initial access policy.Moreover,this paper addresses further issues such as data access,search policy,and confidentiality against unauthorized users.Finally,we provide the correctness analysis,performance analysis and security proof for chosen keywords attack and search trapdoor in general group model using DBDH and DLIN assumption.

Towards accountable authority attribute-based encryption

An accountable authority attribute-based encryption(A-ABE)scheme is presented in this paper.The notion of accountable authority identity-based encryption(A-IBE)was first introduced by Goyal at Crypto'07.It is a novel approach to mitigate the(inherent)key escrow problem in identity-based cryptosystems.In this work,the concept of accountable authority to attribute-based encryption(ABE)setting is generalized for the first time,and then a construction is given.The scheme non-trivially integrates an A-IBE scheme proposed by Libert et al.with an ABE scheme.In our construction,a user will be identified by a pair(id,ω),where id denotes the user's identity andωdenotes the set of attributes associated to the user.In addition,our construction is shown to be secure under some reasonable assumptions.

Quantum-Resistant Multi-Feature Attribute-Based Proxy Re-Encryption Scheme for Cloud Services

Cloud-based services have powerful storage functions and can provide accurate computation.However,the question of how to guarantee cloud-based services access control and achieve data sharing security has always been a research highlight.Although the attribute-based proxy re-encryption(ABPRE)schemes based on number theory can solve this problem,it is still difficult to resist quantum attacks and have limited expression capabilities.To address these issues,we present a novel linear secret sharing schemes(LSSS)matrix-based ABPRE scheme with the fine-grained policy on the lattice in the research.Additionally,to detect the activities of illegal proxies,homomorphic signature(HS)technology is introduced to realize the verifiability of re-encryption.Moreover,the non-interactivity,unidirectionality,proxy transparency,multi-use,and anti-quantum attack characteristics of our system are all advantageous.Besides,it can efficiently prevent the loss of processing power brought on by repetitive authorisation and can enable precise and safe data sharing in the cloud.Furthermore,under the standard model,the proposed learning with errors(LWE)-based scheme was proven to be IND-sCPA secure.

Efficient Multi-Authority Attribute-Based Searchable Encryption Scheme with Blockchain Assistance for Cloud-Edge Coordination

Cloud storage and edge computing are utilized to address the storage and computational challenges arising from the exponential data growth in IoT.However,data privacy is potentially risky when data is outsourced to cloud servers or edge services.While data encryption ensures data confidentiality,it can impede data sharing and retrieval.Attribute-based searchable encryption(ABSE)is proposed as an effective technique for enhancing data security and privacy.Nevertheless,ABSE has its limitations,such as single attribute authorization failure,privacy leakage during the search process,and high decryption overhead.This paper presents a novel approach called the blockchain-assisted efficientmulti-authority attribute-based searchable encryption scheme(BEM-ABSE)for cloudedge collaboration scenarios to address these issues.BEM-ABSE leverages a consortium blockchain to replace the central authentication center for global public parameter management.It incorporates smart contracts to facilitate reliable and fair ciphertext keyword search and decryption result verification.To minimize the computing burden on resource-constrained devices,BEM-ABSE adopts an online/offline hybrid mechanism during the encryption process and a verifiable edge-assisted decryption mechanism.This ensures both low computation cost and reliable ciphertext.Security analysis conducted under the random oracle model demonstrates that BEM-ABSE is resistant to indistinguishable chosen keyword attacks(IND-CKA)and indistinguishable chosen plaintext attacks(INDCPA).Theoretical analysis and simulation results confirm that BEM-ABSE significantly improves computational efficiency compared to existing solutions.

Attribute-Based Authentication Scheme from Partial Encryption for Lattice with Short Key

Wireless network is the basis of the Internet of things and theintelligent vehicle Internet. Due to the complexity of the Internet of things andintelligent vehicle Internet environment, the nodes of the Internet of thingsand the intelligent vehicle Internet are more vulnerable to malicious destructionand attacks. Most of the proposed authentication and key agreementprotocols for wireless networks are based on traditional cryptosystems such aslarge integer decomposition and elliptic curves. With the rapid developmentof quantum computing, these authentication protocols based on traditionalcryptography will be more and more threatened, so it is necessary to designsome authentication and key agreement protocols that can resist quantumattacks. In this paper, an anti-quantum authentication scheme for wirelessnetworks based on lattice cryptosystem is constructed. In the attribute-basedauthentication scheme, the length of the authenticated public-private keypair depends on the maximum order and complexity of the formula in thealgorithm. In the attribute-based authentication scheme, there is a certaincorrelation between the authenticated data and the attribute value of theuser in the scheme. We show that the attribute-based authentication schemegives an attribute-based with smaller public-private key pairs. The securityof the attribute-based authentication scheme is based on the sub-exponentialhard problem of the LWE (Learning With Errors). The Q-poly made bythe adversary in the scheme, and our attribute-based authentication schemeguarantees that private data about user attributes and ciphertext cannot beobtained by malicious attackers.

Attribute-Based Encryption for Circuits on Lattices

In the previous construction of attributed-based encryption for circuits on lattices, the secret key size was exponential to the number of AND gates of the circuit. Therefore, it was suitable for the shallow circuits whose depth is bounded. For decreasing the key size of previous scheme, combining the techniques of Two-to-One Recoding （TOR）, and sampling on lattices, we propose a new Key-Policy Attribute-Based Encryption （KP-ABE） scheme for circuits of any arbitrary polynomial on lattices, and prove that the scheme is secure against chosen plaintext attack in the selective model under the Learning With Errors （LWE） assumptions. In our scheme, the key size is proportional to the number of gates or wires in the circuits.

Fully Secure Revocable Attribute-Based Encryption

Distributed information systems require complex access control which depends upon attributes of protected data and access policies.Traditionally,to enforce the access control,a file server is used to store all data and act as a reference to check the user.Apparently,the drawback of this system is that the security is based on the file server and the data are stored in plaintext.Attribute-based encryption(ABE) is introduced first by Sahai and Waters and can enable an access control mechanism over encrypted data by specifying the users’ attributes. According to this mechanism,even though the file server is compromised,we can still keep the security of the data. Besides the access control,user may be deprived of the ability in some situation,for example paying TV.More previous ABE constructions are proven secure in the selective model of security that attacker must announce the target he intends to attack before seeing the public parameters.And few of previous ABE constructions realize revocation of the users’ key.This paper presents an ABE scheme that supports revocation and has full security in adaptive model.We adapt the dual system encryption technique recently introduced by Waters to ABE to realize full security.

Ciphertext-Policy Attribute-Based Encryption for General Circuits from Bilinear Maps

In this paper, we present the first ciphertext-policy attribute-based encryption （CP-ABE） scheme for polynomial-size general circuits based on bilinear maps which is more suitable for practical use and more efficient than multilinear maps. Our scheme uses a top-down secret sharing and FANOUT gate to resist the ＂backtracking attack＂ which is the main barrier expending access tree to general circuit. In the standard model, selective security of our scheme is proved. Comparing with current scheme for general circuits from bilinear maps, our work is more efficient.

ABDKS:attribute-based encryption with dynamic keyword search in fog computing

Attribute-based encryption with keyword search(ABKS)achieves both fine-grained access control and keyword search.However,in the previous ABKS schemes,the search algorithm requires that each keyword to be identical between the target keyword set and the ciphertext keyword set,otherwise the algorithm does not output any search result,which is not conducive to use.Moreover,the previous ABKS schemes are vulnerable to what we call a peer-decryption attack,that is,the ciphertext may be eavesdropped and decrypted by an adversary who has sufficient authorities but no information about the ciphertext keywords.In this paper,we provide a new system in fog computing,the ciphertext-policy attribute-based encryption with dynamic keyword search(ABDKS).In ABDKS,the search algorithm requires only one keyword to be identical between the two keyword sets and outputs the corresponding correlation which reflects the number of the same keywords in those two sets.In addition,our ABDKS is resistant to peer-decryption attack,since the decryption requires not only sufficient authority but also at least one keyword of the ciphertext.Beyond that,the ABDKS shifts most computational overheads from resource constrained users to fog nodes.The security analysis shows that the ABDKS can resist Chosen-Plaintext Attack(CPA)and Chosen-Keyword Attack(CKA).

A Hierarchical Attribute-Based Encryption Scheme

According to the relation of an attribute set and its subset,the author presents a hierarchical attribute-based encryption scheme in which a secret key is associated with an attribute set.A user can delegate the private key corresponding to any subset of an attribute set while he has the private key corresponding to the attribute set.Moreover,the size of the ciphertext is constant,but the size of private key is linear with the order of the attribute set in the hierarchical attribute-based encryption scheme.Lastly,we can also prove that this encryption scheme meets the security of IND-sSETCPA in the standard model.

An Attribute-Based Encryption Scheme Based on Unrecognizable Trapdoors

Attribute-Based Encryption (ABE) has been widely used for ciphertext retrieval in the cloud environment.However,bi-flexible attribute control and privacy keywords are difficult problems that have yet to be solved.In this paper,we introduce the denial of access policy and the mutual matching algorithm of a dataset used to realize bidirectional control of attributes in the cloud server.To solve the problem of keyword privacy,we construct a security trapdoor by adding random numbers that effectively resist keyword guessing attacks from cloud servers and external attackers.System security is reduced to the Deterministic Bilinear Diffie-Hellman (DBDH) hypothesis problem.We validate our scheme through theoretical security analysis and experimental verification.Experiments are conducted on a real dataset,and results show that the scheme has higher security and retrieval efficiency than previous methods.

A lightweight symmetric image encryption cryptosystem in wavelet domain based on an improved sine map

In the era of big data,the number of images transmitted over the public channel increases exponentially.As a result,it is crucial to devise the efficient and highly secure encryption method to safeguard the sensitive image.In this paper,an improved sine map(ISM)possessing a larger chaotic region,more complex chaotic behavior and greater unpredictability is proposed and extensively tested.Drawing upon the strengths of ISM,we introduce a lightweight symmetric image encryption cryptosystem in wavelet domain(WDLIC).The WDLIC employs selective encryption to strike a satisfactory balance between security and speed.Initially,only the low-frequency-low-frequency component is chosen to encrypt utilizing classic permutation and diffusion.Then leveraging the statistical properties in wavelet domain,Gaussianization operation which opens the minds of encrypting image information in wavelet domain is first proposed and employed to all sub-bands.Simulations and theoretical analysis demonstrate the high speed and the remarkable effectiveness of WDLIC.

Attribute-based encryption resilient to continual auxiliary leakage with constant size ciphertexts

For leakage-resilient ciphertext-policy attribute-based encryption （CP-ABE） at present, the size of the ciphertexts in most of them relies on the number of attributes. How to overcome this shortcoming is a challenge problem. Based on the Goldreich-Levin theorem and dual system encryption, an efficient CP-ABE scheme with constant size ciphertexts is proposed in this paper. It can tolerate leakage on master secret key and attribute-based secret keys with auxiliary inputs. Furthermore, the proposed scheme can be realized as resilience against continual leakage if keys are periodically updated. Under some static assumptions instead of other strong assumptions, the introduced scheme achieves adaptively security in the standard model.

A chaotic hierarchical encryption/watermark embedding scheme for multi-medical images based on row-column confusion and closed-loop bi-directional diffusion

Security during remote transmission has been an important concern for researchers in recent years.In this paper,a hierarchical encryption multi-image encryption scheme for people with different security levels is designed,and a multiimage encryption(MIE)algorithm with row and column confusion and closed-loop bi-directional diffusion is adopted in the paper.While ensuring secure communication of medical image information,people with different security levels have different levels of decryption keys,and differentiated visual effects can be obtained by using the strong sensitivity of chaotic keys.The highest security level can obtain decrypted images without watermarks,and at the same time,patient information and copyright attribution can be verified by obtaining watermark images.The experimental results show that the scheme is sufficiently secure as an MIE scheme with visualized differences and the encryption and decryption efficiency is significantly improved compared to other works.