Method for attribute based broadcast encryption with permanent revocation
First Claim
1. A method of modifying the four stages of the Cipher-text Policy Attribute-Based Encryption (CP-ABE) method that allows a broadcaster to send encrypted data to a set of users such that only a subset of authorized users can decrypt the data, wherein the method supports permanent revocation of users;
- the modified CP-ABE method comprising;
a) in the setup stage—
the broadcaster adds a secret random component CTRε
Zp to random secrets α
,β
ε
Zp included in a master key MK, which is used to produce a public key PK;
b) in the key generation stage—
a component Ei=e(g,g)ri·
CTR, which securely encapsulates the random control component CTR, is added to a set of attributes of a user that encodes the state of each user Ui to generate the secret private key SK that the broadcaster sends to Ui, wherein g is a random generator of a bilinear group G0 of prime order p, e;
G0×
G0→
G1 is a proper bilinear map, ri is a random number chosen from Zp is a different random integer for each user, and CTRε
Zp is the global state;
c) in the encrypt stage;
the broadcaster uses an algorithm that includes a random secret for sharing sε
zp to construct a ciphertext, the global secret key is encrypted by the private keys of the subset of authorized users, the broadcaster updates the global state by
CTR=CTR+s and the broadcaster updates s upon a revocation event as
s2=−
s−
CTR mod p and shares s2 with non-revoked users from an updated set of attributes; and
d) in the decrypt stage;
user i computes a parameter
Ai=e(g,g)ris and then user i updates its local state by
Ei=Ei·
Ai=e(g,g)riCTR·
e(g,g)ris=e(g,g)ri(CTR+s).
2 Assignments
0 Petitions
Accused Products
Abstract
The invention is a method for broadcast encryption that allows a broadcaster to send encrypted data to a set of users such that only a subset of authorized users can decrypt said data. The method comprises modifications to the four stages of the basic Cipher-text Policy Attribute-Based Encryption techniques. The method can be adapted to transform any Attribute-Based Encryption scheme that supports only temporary revocation into a scheme that supports the permanent revocation of users.
7 Citations
2 Claims
-
1. A method of modifying the four stages of the Cipher-text Policy Attribute-Based Encryption (CP-ABE) method that allows a broadcaster to send encrypted data to a set of users such that only a subset of authorized users can decrypt the data, wherein the method supports permanent revocation of users;
-
the modified CP-ABE method comprising; a) in the setup stage—
the broadcaster adds a secret random component CTRε
Zp to random secrets α
,β
ε
Zp included in a master key MK, which is used to produce a public key PK;b) in the key generation stage—
a component Ei=e(g,g)ri ·
CTR, which securely encapsulates the random control component CTR, is added to a set of attributes of a user that encodes the state of each user Ui to generate the secret private key SK that the broadcaster sends to Ui, wherein g is a random generator of a bilinear group G0 of prime order p, e;
G0×
G0→
G1 is a proper bilinear map, ri is a random number chosen from Zp is a different random integer for each user, and CTRε
Zp is the global state;c) in the encrypt stage;
the broadcaster uses an algorithm that includes a random secret for sharing sε
zp to construct a ciphertext, the global secret key is encrypted by the private keys of the subset of authorized users, the broadcaster updates the global state by
CTR=CTR+sand the broadcaster updates s upon a revocation event as
s2=−
s−
CTR mod pand shares s2 with non-revoked users from an updated set of attributes; and d) in the decrypt stage;
user i computes a parameter
Ai=e(g,g)ri sand then user i updates its local state by
Ei=Ei·
Ai=e(g,g)ri CTR·
e(g,g)ri s=e(g,g)ri (CTR+s). - View Dependent Claims (2)
-
Specification