A threshold-based key generation approach for ciphertext-policy attribute-based encryption

摘要

Ciphertext-policy attribute-based encryption (CP-ABE) is proposed to provide identity-based access control which is suitable for cloud storage services. In CP-ABE, because the authority is responsible for key management, it must be trusted. There is only one authority in CP-ABE. Thus, CP-ABE may suffer a single point of failure. Although multi-authority ABE could solve this problem, attackers still can execute collusion attacks to compromise authorities. Thus, in this paper, we propose the threshold-based key generation approach (TKGA) for ciphertext-policy attribute-based encryption (CP-ABE). TKGA is a multi-authority approach which utilize the technologies of functional encryption and (n, k)-secret sharing. TKGA could efficiently impede collusion attacks because no single authority can directly generate secret keys. Thus, TKGA can be compromised if and only if at least k of n authorities are compromised by attackers. According to our security and performance evaluation, although TKGA has additional computation and communication overhead, TKGA can improve security by impeding collusion attacks.