crypto slides
TRANSCRIPT
-
8/10/2019 Crypto Slides
1/22
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
Ciphertext-Policy Attribute-Base
Encryption
(CP-ABE)
Muhannad Darnasser
Computer Sciences DepartmentRochester Institute of Technology
-
8/10/2019 Crypto Slides
2/22
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
Introduction
OutlineIntroduction
Background - Bilinear MapsCommentary
Applications - Bilinear Maps
Computational Diffie-Hellman problemDecisional Diffie-Hellman problem
CP-ABEHow it works
SetupEncryptKey GeneratorDecrypt
Questions
References
-
8/10/2019 Crypto Slides
3/22
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
Introduction
Introduction
What is the need for CP-ABE?
Public key Scheme.
Enhance key management.
One Encryption key, Multiple decryption keys. Encrypt for privileges not for users.
-
8/10/2019 Crypto Slides
4/22
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
Background - Bilinear Maps
Bilinear Maps
-
8/10/2019 Crypto Slides
5/22
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
Background - Bilinear Maps
Definition of a Bilinear Map
Definition
A bilinear mapfrom G1 G2 to G3 is a functione:G1 G2 G3 such that for all u G1, v G2, a, b Z,
e(ua, vb) =e(u, v)ab .
Where G1, G2, and G3 are cyclic groups of the same order.
-
8/10/2019 Crypto Slides
6/22
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
Background - Bilinear Maps
Admissible Bilinear Map
Definition
The mappere is admissible ife(g1, g2) is a generator for G3and it is efficiently Computable.
Those are the maps we are going to use.
-
8/10/2019 Crypto Slides
7/22
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
Background - Bilinear Maps
Commentary
Relationships BetweenG1,G2, andG3 G1, G2, and G3 are all isomorphic to one another since
they have the same order and are cyclic They are different groups in the sense that we represent
the elements and compute the operations differently Normally, however,G1=G2 (in addition to being
isomorphic) From now on we assume this unless otherwise noted Denote both by G =G1 =G2
G andG3 may have either composite or prime order Makes a difference in how they work / are used Most often prime order
IfG= G3 called a self-bilinear map Very powerful No known examples.
-
8/10/2019 Crypto Slides
8/22
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
Applications - Bilinear Maps
Computational Diffie-Hellman problem
Computational Diffie-Hellman problem CDHP The CDHP: given P, aP, bP in G, Find abP.
Giveng, ga, gb, to find ab use e(ga, gb) =e(g, g)ab tomove to another domain and use Discrete log to solve the
problem.
-
8/10/2019 Crypto Slides
9/22
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
Applications - Bilinear Maps
Decisional Diffie-Hellman problem
Decisional Diffie-Hellman problem DDHP DDHP: given P, aP, bP, cP in G, decide whether c = ab
(modulo the order of P).
Giveng, ga, gb, gc, determine whether c ab mod qby
just checking whethere(ga
, gb
) =e(g, gc
) e(ga, gb) =e(g, g)ab
?=e(g, g)c =e(g, gc)
C h P l A b B E (CP ABE)
-
8/10/2019 Crypto Slides
10/22
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
CP-ABE
CP-ABE
-
8/10/2019 Crypto Slides
11/22
Ci he te t P li Att ib te B se E ti (CP ABE)
-
8/10/2019 Crypto Slides
12/22
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
CP-ABE
How it works
How it works...Example Attributes: {Doctor,Nurse,A,B,C}.
Users: User1: {Doctor,A}.
User2: {Doctor, C
}.
User3: {Nurse,B}.
Access Tree:
Ciphertext Policy Attribute Base Encryption (CP ABE)
-
8/10/2019 Crypto Slides
13/22
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
CP-ABE
CP-ABE Functions Setup.
Encrypt.
Key Generator.
Decrypt. Delegate (will not be covered).
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
-
8/10/2019 Crypto Slides
14/22
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
CP-ABE
Setup
Setup Choose a bilinear G0 of prime Order p and generator g
Choose Random exponents, Zp PK= G0, g ,h=g
, f=g1/, e(g, g)
Master Key is(, g)
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
-
8/10/2019 Crypto Slides
15/22
Ciphertext Policy Attribute Base Encryption (CP ABE)
CP-ABE
Encrypt
Encrypt(PK,M,) M is the message to be encrypted.
is the tree access structure.
Choose polynomialqx for each node x in including the
leaves. the order of the polynomialqx is kx 1where kx is the
threshold of node x
For the Root R choose qR(0) =s where s is a random
number Zp and choose random points to completelyconstruct the polynomial.
For other nodes qx(0) =qparent(x)(index(x))
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
-
8/10/2019 Crypto Slides
16/22
Ciphertext Policy Attribute Base Encryption (CP ABE)
CP-ABE
Encrypt
Encrypt(PK,M,) Cont. CT = (, C=Me(g, g)s, C=hs,y Y :Cy =
gqy(0), Cy =H(att(y))qy(0))
Y is the set of the leaf Nodes.
H is a hash function defined as a random OracleH : {0, 1} G0
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
-
8/10/2019 Crypto Slides
17/22
p y yp ( )
CP-ABE
Key Generator
KeyGen(MK,S) Sis a list of attributes associated with the private key.
Choose r Zp Choose rj Zp for each attribute j S
SK= (D=g(+r)/,j S:Dj =g
r.H(j)rj , Dj =grj)
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
-
8/10/2019 Crypto Slides
18/22
( )
CP-ABE
Decrypt
Decrypt(CT,SK,x) DecryptNode(CT,SK,x) = e(Di,Cx)
e(Di,C
x)
= e(gr.H(i)ri ,gqx(0))
e(gri ,H(i)qx(0)) = e(g
r.gri ,gqx(0))
e(gri ,gqx(0)) = e(g,g)
rqx(0)+riqx(0)
e(g,g)riqx(0)
=e(g, g)rqx(0)
This function is a recursive, starting from the root nodeof the tree until the leaves.
if the attributes satisfies the tree then the Root will besatisfied
Recall: that qx(0) =s for the root. A= DecryptNode(CT,SK,r) =e(g, g)rqR(0) =
e(g, g)rs
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
-
8/10/2019 Crypto Slides
19/22
CP-ABE
Decrypt
Decrypt(CT,SK,x) Cont.
C/(e(C,D)/A) = C/(e(hs, g(+r)/)/e(g, g)rs)
=
Me(g,g)se(g,g)rs
e(g
s
,g
(+r)/
)=
Me(g,g)s+rs
e(g,g)s+rs
= M
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
-
8/10/2019 Crypto Slides
20/22
CP-ABE
Finally
CP-ABE was an improvement over KP-ABE. CP-ABE needs some fine grain access improvements.
CP-ABE also needs some improvements in keysrevocation.
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
-
8/10/2019 Crypto Slides
21/22
Questions
Questions
Ciphertext-Policy Attribute-Base Encryption (CP-ABE)
-
8/10/2019 Crypto Slides
22/22
References
References John Bethencourt, Amit Sahai, and Brent Waters.
Ciphertext-Police Attribute-Based Encryption. IEEESymposium on Security and Privacy 07, pp. 321-334,IEEE, 2007.
http://www.cs.berkeley.edu/~bethenco/
bilinear_maps.pdf Accessed: April/2012
http:
//www.larc.usp.br/~pbarreto/pblounge.html
Accessed: April/2012
http://www.cs.berkeley.edu/~bethenco/bilinear_maps.pdfhttp://www.cs.berkeley.edu/~bethenco/bilinear_maps.pdfhttp://www.cs.berkeley.edu/~bethenco/bilinear_maps.pdfhttp://www.cs.berkeley.edu/~bethenco/bilinear_maps.pdfhttp://www.larc.usp.br/~pbarreto/pblounge.htmlhttp://www.larc.usp.br/~pbarreto/pblounge.htmlhttp://www.larc.usp.br/~pbarreto/pblounge.htmlhttp://www.larc.usp.br/~pbarreto/pblounge.htmlhttp://www.larc.usp.br/~pbarreto/pblounge.htmlhttp://www.larc.usp.br/~pbarreto/pblounge.htmlhttp://www.cs.berkeley.edu/~bethenco/bilinear_maps.pdfhttp://www.cs.berkeley.edu/~bethenco/bilinear_maps.pdf