Abstract

Abstract. As a recently proposed public key primitive, attribute-based encryption (ABE) (in-cluding Ciphertext-policy ABE (CP-ABE) and Key-policy ABE (KP-ABE)) is a highly promis-ing tool for secure fine-grained access control. For the purpose of secure access control, there is, however, still one critical functionality missing in the existing ABE schemes, which is the preven-tion of key abuse. In particular, two kinds of key abuse problems are considered in this paper, i) illegal key sharing among colluding users and ii) misbehavior of the semi-trusted attribute authority including illegal key (re-)distribution. Both problems are extremely important as in an ABE-based access control system, the attribute private keys directly imply users ’ privileges to the protected resources. To the best of our knowledge, such key abuse problems exist in all current ABE schemes as the attribute private keys assigned to the users are never designed to be linked to any user specific information except the commonly shared user attributes. To be concrete, we focus on the prevention of key abuse in CP-ABE in this paper 3. The notion of accountable CP-ABE (CP-A2BE, in short) is first proposed to prevent illegal key sharing among colluding users. The accountability for user is achieved by embedding additional user specific information in the attribute private key issued to the user. To further obtain accountability for the attribute authority as well, the notion of Strong CP-A2BE is proposed, allowing each attribute private key to be linked to the corresponding user’s secret that is unknown to the attribute authority. We show how to construct such a Strong CP-A2BE scheme and prove its security based on the computational Diffie-Hellman assumption.