Key-Policy Attribute-Based Encryption With Switchable Attributes for Fine-Grained Access Control of Encrypted Data

Download PDF
Open Webpage

Fucai Luo, Haiyan Wang, Xingfu Yan, Jiahui Wu

Published: 01 Jan 2024, Last Modified: 05 Mar 2025IEEE Trans. Inf. Forensics Secur. 2024EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: Fine-grained access control systems facilitate granting differential access rights to a set of users and allow flexibility in specifying the access rights of individual users. As an important fine-grained access control technique, key-policy attribute-based encryption (KP-ABE) has been introduced to achieve fine-grained access control over encrypted data, where each ciphertext is associated with an attribute set such that users satisfying the attribute set can decrypt the ciphertext. In the real-world application scenarios of KP-ABE, various situations such as users leaving the system, compromise of users’ private keys, and business requirements frequently occur, necessitating the revocation of decryption rights for large-scale users. To address the user revocation, numerous revocable KP-ABE schemes have been proposed. However, existing revocable KP-ABE schemes are vulnerable to quantum computer attacks. More importantly, existing solutions fail to address the user addition, where users capable of decrypting certain ciphertexts would like to grant decryption rights to others; this is a highly common requirement, such as changes in user decryption permissions and business needs. This paper explores a potentially new avenue of research to address the above issues by introducing a novel cryptographic primitive called key-policy ABE with switchable attributes (KP-ABE-SA). In the KP-ABE-SA system, each ciphertext linked to an attribute set can be transformed into one associated with another (distinct) attribute set, enabling both user revocation and addition. Furthermore, to withstand quantum computer attacks, we construct a KP-ABE-SA scheme based on the Learning with Errors (LWE) assumption, which is widely believed to be quantum-resistant. Finally, we conduct a comprehensive performance evaluation of our LWE-based KP-ABE-SA scheme, and the experimental results show that the proposed LWE-based KP-ABE-SA scheme is efficient and practical.