Ciphertext Policy Attribute Authentication Scheme Based on Linear Codes

2017 2nd International Conference on Information Technology and Industrial Automation (ICITIA 2017) ISBN: 978-1-60595-469-1

Ciphertext-Policy Attribute Authentication

Scheme Based on Linear Codes

Yun Song and Zhihui Li

ABSTRACT

Attribute-based authentication (ABA) schemes are mainly constructed on the basis of Lagrange interpolation polynomial, in which the same attributes number of participants of authentication must be greater than or equal to it, and moreover, this threshold is unalterable during once system generation. In this paper, we construct a flexible and efficient attribute-based authentication scheme, which is based on a secret sharing method called Linear Codes Secret Sharing Scheme. This scheme breaks the threshold limit and enjoys diverse authentication participants’ attribute sets by constructing the access structures on linear codes.

INTRODUCTION

Policy based ABE (KP-ABE) [6] and ciphertext-Policy based ABE (CP-ABE) [7]. In KP-ABE, each ciphertext is labeled by the encryptor with a set of descriptive attributes, and access policies over these attributes are ascribed to users’ secret keys. The encryptor only needs to know the public attributes of the potential decryptors. In CP-ABE, the ciphertext is associated with an access structure and the encrypting party determines the policy under which type of ciphertext can be decrypted, while each private key is labeled with a set of attributes.

Up to date, since in most of CP-ABE schemes, the secret exponent s is shared by Shamir’s secret sharing scheme, ciphertext-Policy Attribute authentication schemes are mainly constructed on the basis of Lagrange interpolation polynomial. In this paper, we present a new ciphertext-Policy attribute authentication scheme based on Linear Codes Secret Sharing Scheme, which supports more generic attribute access policy. The primary technique of this scheme is that we construct a user's private key as a set of private key components. We use Massey's linear codes method to perform secret sharing [8], which distributes the shares of a master secret in the exponents of the user's private key components, and establish a one-to-one correspondence between the attribute sets and the minimal access structures. By constructing the access structures on the linear codes, our attribute authentication scheme can break the threshold limit.

ATTRIBUTE AUTHENTICATION SCHEME ON LINEAR CODES

Description

In this section, based on coding theory, we present an attribute-based authentication scheme for general attribute sets. Our scheme consists of three algorithms: Set up, Key Generation, Attribute based Authentication (ABA). A detailed description follows.

Setup: Let G1 _{be a bilinear group of prime order} p_{, and let} g _{be a generator of}

1

G _{. In addition, let} e G: ₁G₁G_{2 denote the bilinear map. A security parameter,}  , will determine the size of the groups. Define the universe of attributes



1, 2,..., 1



A n

. According to the secret sharing schemes based on linear codes[9,10], let  be the access structure of the secret sharing scheme based on C; then











1,..., 1,..., m



A i im Pi Pi

−

For each attribute iA, choose a number li _{uniformly at random from} Zp_{, for}

1  i n 1_{. Then choose} y _{uniformly at random from} Zp_{. These parameters can}

be used to generate the master key and system public parameters PK as follows:





1 1

1 ,..., 1 , ,

n y

l l

n

L g L g  Y e g g



   . (2)

The public parameter PK is published as:

PK 



L1,...,Ln1,Y



_.(3)

The master key MK is



1,..., n 1,



MK  l l _ y

.(4)

Key Generation: Let Ap _{be an attribute set of the user P, where} ApA_{. Let}

C _{be an [n,k;p] code with generator matrix} G



g g0, 1, ,gn1



k n _{. Randomly}

choose a vector



0,..., 1



k

k p

u u _ F

 

u

such that yug0_{. Then the private key}

consists of the components,

 

i i Ap

D _

where

i

i

l i

D g

ug

for every iAp_.

ABA: Here, Ap _{is a set of attributes of P who is to be authenticated and the}

private key to P1 _{consists of the components,}

 

i i Ap

D _

, where

i

i

l i

D g

ug

for every

p

iA

. H() is public collision-resistant hash function. The authentication process is as follows:

(1) P acts as the authentication sponsor and claims possessing a set of attributes to the authentication system.

(2) Authentication system responds to the request from P, and starts the authentication process:

-Choose a random value x, MZp _{and compute}

 

p

x i _{i A}

L

  _

. -Compute EM Y x.

-Send



E,



to P.

-Compute



,



i p

i i A

e D 

 







, where the coefficients satisfy

0 p i i i A   



g g .

The coefficients i _{can be calculated publicly by} P2_.

-Compute M H E



/



and send it to the authentication system.

(4) The authentication system computes H M

 

. If H M

 

M, then authentication succeeds; otherwise the system rejects it.

Correctness of Our Proposed Scheme

Theorem 1. The attribute authentication scheme based on linear codes can make

a user pass the authentication, whose attribute set Ap _{satisfies access structures.}

Proof. By ABA,



,



i p

i i A

e D 

 







and

 

p

x i _{i A}

L   _ . Besides, i i l i

D g

ug

according to Key Generation Algorithm. Hence,



,



, i i i _i p p xl l i

i A i A

e D e g g

          _{ }  





ug



,



, i i i Ap i i p x x i A

e g g e g g

         _ _  



ug ug

. (5)

Because Ap _{is an authorized subset in} A _{and the coefficients} i _satisfy

0 p i i i A   



g g

, we have 0

i i

i Ap y

g g g

     ug ug . Hence,



,





,



xy

y x x

e g g e g g Y

   

, (6)

and then



/





/ x



 

M H E  H E Y H M . (7)

By the above, it suffices to show that our authentication scheme is verified correctly.

i

CONCLUSION

In this paper, we introduced the theory of the secret sharing scheme based on linear codes into the attribute-based authentication scheme and proposed a new attribute-based authentication scheme. The needs of complex attribute applications were met via the introduction of general access structures corresponding to attribute sets of our scheme based on linear codes. The analysis of our scheme demonstrates that our attribute approach is an attractive solution for providing confidentiality and authenticity.

ACKNOWLEDGMENTS

This work was supported by the National Natural Science Foundation of China (61602291, 11601302, 11501343) and the Fundamental Research Funds for the Central Universities (GK201603087).

REFERENCES

1. Sahai A, Waters B. Fuzzy identity-based encryption, in: R. Cramer (Ed.), EUROCRYPT, 2005, pp. 457-473.

2. Waters B. Ciphertext policy attribute based encryption: an expressive, efficient, and provably secure realization, in: PKC, 2011, pp. 53-70.

3. Shi YF, Zheng QJ, Liu JQ, Han Z. Directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation, Inform. Sci. 295(2015) 221-231.

4. Balu A, Kuppusamy K. An expressive and provably secure ciphertext-policy attribute-based encryption, Inf. Sci. 276 (2014) 354-362.

5. Yao XX, Chen Z, Tian Y. A lightweight attribute-based encryption scheme for the Internet of Things, Future Generation Comp. Sys. 49(2015) 104-112.

6. Goyal V, Pandey O, Sahai A, Waters B. Attribute-based encryption for fine grained access control of encrypted data, in: ACM Conference on Computer and Communication Security, 2006, pp. 89-98.

7. Bethencourt J, Sahai A, Waters B. Ciphertext policy attribute based encryption, in: IEEE Symposium on Security and privacy, 2007, pp. 321-334.

8. Massey JL. Some applications of coding theory in cryptography. Cryptography and Coding IV, England: Formara Ltd. 1995.

9. Li ZH, Xue T, Lai H. Secret sharing schemes from binary linear codes. Inform. Sci. 181(22)(2010) 4412-4419.