Luan Ibraimi, Muhammad Asim, Milan Petković


Ciphertext policy attribute based encryption is an encryption technique where the data is encrypted according to an access policy over attributes. Users who have a secret key associated with a set of attributes which satisfy the access policy can decrypt the encrypted data. However, one of the drawbacks of the CP-ABE is that it does not support updating access control policies without decrypting the encrypted data.We present a new variant of the CP-ABE scheme called ciphertext policy attribute based proxy re-encryption (CP-ABPRE). The proposed scheme allows to update the access control policy of the encrypted data without decrypting the ciphertext. The scheme uses a semitrusted entity called proxy to re-encrypt the encrypted data according to a new access control policy such that only users who satisfy the new policy can decrypt the data. The construction of our scheme is based on prime order bilinear groups. We give a formal definition for semantic security and provide a security proof in the generic group model.


  1. Benaloh, J. and Leichter, J. (1995). Generalized secret sharing and monotone functions. In S.Goldwasser , editor, Proceedings of Eurocrypt 1998, volume 403 of LNCS, pages 27-35. Springer-Verlag, 1995.
  2. Bethencourt, J. and Sahai, A. and Waters, B. Ciphertextpolicy attribute-based encryption. In D. Shands, editor, Proceedings of the 2007 IEEE Symposium on Security and Privacy, pages 321-334. IEEE Computer Society Washington, DC, USA, 2007.
  3. Blaze, M. and Bleumer, G., and Strauss, M. Divertible Protocols and Atomic Proxy Cryptography. In K Nyberg, editor, Proceedings of Eurocrypt 1998, volume 1403 of LNCS, pages 127-144. Springer-Verlag, 1998.
  4. Boneh, D. and Franklin, M. Identity-based encryption from the weil pairing. In J. Kilian, editor, Proceedings of Crypto 2001, volume 2139 of LNCS, pages 213-229. Springer-Heidelberg, 2001.
  5. Cheung, L. and Newport, C. Provably secure ciphertext policy ABE. In Proceedings of the 14th ACM Conference on Computer and Communications Security, pages 456-465. ACM, 2007.
  6. ElGamal, T. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE transactions on information theory, 31(4):469-472, 1985.
  7. Goyal, V. and Pandey, O. and Sahai, A. and Waters, B. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM Conference on Computer and Communications Security, pages 89-98. ACM, 2006.
  8. Green, M. and Ateniese, G. Identity-based proxy reencryption. In J. Katz and M. Yung, editors, Proceedings of Applied Cryptography and Network Security, volume 4521 of LNCS, pages 288-306. SpringerHeidelberg, 2007.
  9. Guo, S. and Zeng, Y. and Wei, J. and Xu, Q. Attribute-based re-encryption scheme in the standard model. Wuhan University Journal of Natural Sciences, 13(5):621-625, 2008.
  10. Ibraimi, L. and Tang, Q. and Hartel, P. and Jonker, W. Efficient and provable secure ciphertext-policy attributebased encryption schemes. In F. Bao, H. Li, and G. Wang, editors, Proceedings of Information Security Practice and Experience, volume 5451 of LNCS, pages 1-12. Springer-Heidelberg, 2009.
  11. Ivan, A. and Dodis, Y. Proxy Cryptography Revisited. In Proceedings of the Network and Distributed System Security Symposium. The Internet Society, 2003.
  12. Jakobsson, M. On quorum controlled asymmetric proxy re-encryption. In H. Imai and Y. Zheng, editors, Proceedings of Public Key Cryptography, volume 1560 of LNCS, pages 112-121. Springer-Heidelberg, 1999.
  13. Liang, X. and Cao, Z. and Lin, H. and Shao, J. Attribute based proxy re-encryption with delegating capabilities. In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pages 276-286. ACM, 2009.
  14. Mambo, M. and Okamoto, E. Proxy cryptosystems: delegation of the power to decrypt ciphertexts. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 80(1):54- 63, 1997.
  15. Matsuo, T. Proxy Re-encryption Systems for IdentityBased Encryption. In T. Takagi, T. Okamoto, E. Okamoto, and T. Okamoto, editors, Proceedings of Sahai, A. and Waters, B. Fuzzy identity-based encryption. In R. Cramer, editor, Proceedings of Eurocrypt 2005, volume 3494 of LNCS, pages 457-473. Springer-Heidelberg, 2005.
  16. Shoup, V. Lower Bounds for Discrete Logarithms and Related Problems. In F. Walter, editor, Proceedings of Eurocrypt 1997.
  17. Zhou, L. and Marsh, M. A. and Schneider, F. B. and Redz, A. Distributed blinding for ElGamal re-encryption. In Proceedings of 25th IEEE International Conference on Distributed Computing Systems, pages 815-824. IEEE Computer Society, 2005.

Paper Citation

in Harvard Style

Ibraimi L., Asim M. and Petković M. (2010). AN ENCRYPTION SCHEME FOR A SECURE POLICY UPDATING . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010) ISBN 978-989-8425-18-8, pages 399-408. DOI: 10.5220/0002994703990408

in Bibtex Style

author={Luan Ibraimi and Muhammad Asim and Milan Petković},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)},

in EndNote Style

JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)
SN - 978-989-8425-18-8
AU - Ibraimi L.
AU - Asim M.
AU - Petković M.
PY - 2010
SP - 399
EP - 408
DO - 10.5220/0002994703990408