Attribute-based encryption (ABE) schemes provide a finegrained access control mechanism over encrypted data, and are useful for cloud online-storage services, or Pay-TV systems and so on. To apply ABE for such services, key exposure protection mechanisms are necessary. Unfortunately, standard security notions of ABE offer no protection against key exposure. One solution to this problem is to give forward security to ABE schemes. In forward secure cryptographic schemes, even if a secret key is exposed, messages encrypted during all time periods prior to the key leak remain secret. In this paper we propose an efficient Forward Secure Ciphertext-Policy Attribute-Based Encryption (FS-CP-ABE) which is efficient and fully secure. To construct efficient FS-CP-ABE, we first introduce a new cryptographic primitive called Ciphertext-Policy Attribute-Based Encryption with Augmented Hierarchy (CP-ABE-AH). Intuitively, CP-ABE-AH is an encryption scheme with both hierarchical identity based encryption and CP-ABE properties. Then we show that FS-CP-ABE can be constructed from CP-ABE-AH generically. We give the security definition of FS-CP-ABE, and security proofs based on three complexity assumptions. The size of public parameter is O(logT), and the secret key size is O(log~2T) where T is the number of time slots.
展开▼
