Abstract
The introduction of attribute-based encryption (ABE) targets to achieve the implementation of single-to-numerous encryption; however, the sole authority challenge and the issue of distributed management of attributes are bottlenecks to its realization. Multi-authority attribute-based encryption (MA-ABE) where various attribute authorities (which may be independent of each other) control different attribute universe and are involved in the administration of attribute keys for decryption provides the necessary platform to undertake the implementation of fine-grained access regulation over shared data while achieving single-to-numerous encryption. In recent years, research into MA-ABE has seen rapid advancement, and we believe that it is a suitable solution to thwarting the key escrow problem as well as the problem of distributed management of attributes. This paper offers a thorough survey and examines the state-of-the-art of some traditional ABE as well as multi-authority attribute-based encryption schemes over the past decade. Furthermore, the survey gives detailed insights on some essential techniques as well as some classic concretely constructed algorithms. Moreover, we discuss an extension (the different directions) of MA-ABE and its progress since its inception. We also provide design principles of MA-ABE and also show comparisons between existing works on areas as security, performance, and functionality. This paper also discusses several interesting open problems. As far as we can tell, no comparable survey on MA-ABE exists in literature so far.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Adelsbach A, Huber U, Sadeghi AR (2006) Property-based broadcast encryption for multi-level security policies. In: Won DH, Kim S (eds) Information security and cryptology—ICISC 2005: 8th international conference, Seoul, Korea, December 1–2, 2005, Revised Selected Papers. Springer, Berlin, pp 15–31. https://doi.org/10.1007/11734727_4
Apu K, Patrick PT, Sean WS (2007) Attribute-based publishing with hidden credentials and hidden policies. In: The 14th annual network and distributed system security symposium (NDSS ’07), pp 179–192 (to appear). http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.124.4180
Attrapadung N, Imai H (2009) Dual-policy attribute based encryption. In: Abdalla M, Pointcheval D, Fouque PA, Vergnaud D (eds) Applied cryptography and network security. ACNS 2009. Lecture notes in computer science, vol 5536. Springer, Berlin, Heidelberg, pp 168–185. https://doi.org/10.1007/978-3-642-01957-9_11
Bellare M, Desai A, Pointcheval D, Rogaway P (1998) Relations among notions of security for public-key encryption schemes. In Krawczyk H (eds) Advances in Cryptology — CRYPTO '98. CRYPTO 1998. Lecture notes in computer science, vol 1462. Springer, Berlin, Heidelberg, pp 26–45. https://doi.org/10.1007/BFb0055718
Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. 2007 IEEE symposium on security and privacy (SP '07), Berkeley, CA, USA, 2007, pp. 321–334. https://doi.org/10.1109/SP.2007.11
Boneh D., Franklin M. (2001) Identity-based encryption from the weil pairing. In: Kilian J. (eds) Advances in cryptology — CRYPTO 2001. CRYPTO 2001. Lecture notes in computer science, vol 2139. Springer, Berlin, Heidelberg, pp 213–229. https://doi.org/10.1007/3-540-44647-8_13
Boneh D, Boyen X, Goh EJ (2005) Hierarchical identity based encryption with constant size ciphertext. In Cramer R. (eds) Advances in cryptology – EUROCRYPT 2005. EUROCRYPT 2005. Lecture notes in computer science, vol 3494. Springer, Berlin, Heidelberg, pp 440–456. https://doi.org/10.1007/11426639_26
Boneh D, Goh EJ, Nissim K (2005) Evaluating 2-DNF formulas on ciphertexts. In: Kilian J (eds) Theory of cryptography. TCC 2005. Lecture notes in computer science, vol 3378. Springer, Berlin, Heidelberg, pp 325–341. https://doi.org/10.1007/978-3-540-30576-7_18
Boneh D et al (2018) Threshold cryptosystems from threshold fully homomorphic encryption. In: Shacham H, Boldyreva A. (eds) Advances in cryptology – CRYPTO 2018. CRYPTO 2018. Lecture notes in computer science, vol 10991. Springer, Cham, pp 565–596. https://doi.org/10.1007/978-3-319-96884-1_19
Boyen X (2007) Mesh signatures. In: Naor M (eds) Advances in cryptology - EUROCRYPT 2007. EUROCRYPT 2007. Lecture notes in computer science, vol 4515. Springer, Berlin, Heidelberg, pp 210–227. https://doi.org/10.1007/978-3-540-72540-4_12
Bradshaw RW, Holt JE, Seamons KE (2004) Concealing complex policies with hidden credentials. In: Proceedings of the 11th ACM conference on computer and communications security (CCS '04). Association for computing machinery, New York, NY, USA, 146–157. https://doi.org/10.1145/1030083.1030104
Camenisch J, Kohlweiss M, Rial A, Sheedy C (2009) Blind and anonymous identity-based encryption and authorised private searches on public key encrypted data. In: Jarecki S, Tsudik G (eds) Public key cryptography – PKC 2009. PKC 2009. Lecture notes in computer science, vol 5443. Springer, Berlin, Heidelberg, pp 196–214. https://doi.org/10.1007/978-3-642-00468-1_12
Chase M (2007) Multi-authority attribute based encryption. In: Vadhan SP (eds) Theory of cryptography. TCC 2007. Lecture notes in computer science, vol 4392. Springer, Berlin, Heidelberg, pp 515–534. https://doi.org/10.1007/978-3-540-70936-7_28
Chase M, Chow SS (2009) Improving privacy and security in multi-authority attribute-based encryption. In: Proceedings of the 16th ACM conference on computer and communications security (CCS '09). Association for computing machinery, New York, NY, USA, 121–130. https://doi.org/10.1145/1653662.1653678
Cheung L, Newport C (2007) Provably secure ciphertext policy ABE. In: Proceedings of the 14th ACM conference on computer and communications security (CCS '07). Association for computing machinery, New York, NY, USA, pp 456–465. https://doi.org/10.1145/1315245.1315302
Cui H, Deng RH, Liu JK, Yi X, Li Y (2018) Server-aided attribute-based signature with revocation for resource-constrained industrial-internet-of-things devices. IEEE Trans Ind Inform 14(8):3724–3732
Gardiyawasam Pussewalage HS, Oleshchuk VA (2017) A distributed multi-authority attribute based encryption scheme for secure sharing of personal health records. In; Proceedings of the 22nd ACM on symposium on access control models and technologies (SACMAT '17 Abstracts). Association for computing machinery, New York, NY, USA, pp 255–262. https://doi.org/10.1145/3078861.3078880
Ge A, Zhang J, Zhang R, Ma C, Zhang Z (2013) Security analysis of a privacy-preserving decentralized key-policy attribute-based encryption scheme. IEEE Trans Parallel Distrib Syst 24(11):2319–2321. https://doi.org/10.1109/TPDS.2012.328
Ge AJ, Ma CG, Zhang ZF (2012) Attribute-based signature scheme with constant size signature in the standard model. IET Inf Secur 6(2):47–54
Goldwasser S, Micali S (1984) Probabilistic encryption. J Comput Syst Sci 28(2):270–299. https://doi.org/10.1016/0022-0000(84)90070-9
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on computer and communications security (CCS '06). Association for computing machinery, New York, NY, USA, pp 89–98. https://doi.org/10.1145/1180405.1180418
Green M, Hohenberger S, Waters B (2011) Outsourcing the decryption of abe ciphertexts. In: USENIX security symposium, vol. 2011, No. 3
Guo R, Shi H, Zhao Q, Zheng D (2018) Secure attribute-based signature scheme with multiple authorities for blockchain in electronic health records systems. IEEE Access 6:11676–11686
Han J, Susilo W, Mu Y, Yan J (2012) Privacy-preserving decentralized key-policy attribute-based encryption. IEEE Trans Parallel Distrib Syst 23(11):2150–2162. https://doi.org/10.1109/TPDS.2012.50
Han J, Susilo W, Mu Y, Zhou J, Au MH (2014) PPDCP-ABE: Privacy-preserving decentralized ciphertext-policy attribute-based encryption. In: Kutyłowski M, Vaidya J (eds) Computer security - ESORICS 2014. ESORICS 2014. Lecture notes in computer science, vol 8713. Springer, Cham, pp 73–90. https://doi.org/10.1007/978-3-319-11212-1_5
Lewko A, Waters B (2011) Decentralizing attribute-based encryption. In: Paterson KG (eds) Advances in cryptology – EUROCRYPT 2011. EUROCRYPT 2011. Lecture notes in computer science, vol 6632. Springer, Berlin, Heidelberg, pp 568–588. https://doi.org/10.1007/978-3-642-20465-4_31
Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert H (ed) Advances in cryptology—EUROCRYPT 2010: 29th annual international conference on the theory and applications of cryptographic techniques, French Riviera, May 30–June 3, 2010. Proceedings. Springer, Berlin, pp 62–91. https://doi.org/10.1007/978-3-642-13190-5_4
Li J, Kim K (2010) Hidden attribute-based signatures without anonymity revocation. Inf Sci 180(9):1681–1689. https://doi.org/10.1016/j.ins.2010.01.008
Li J, Chen X, Chow SS, Huang Q, Wong DS, Liu Z (2018) Multi-authority fine-grained access control with accountability and its application in cloud. J Netw Comput Appl 112:89–96
Li J, Zhang Y, Ning J, Huang X, Poh GS, Wang D (2020) Attribute based encryption with privacy protection and accountability for CloudIoT. IEEE Trans Cloud Comput. https://doi.org/10.1109/TCC.2020.2975184
Li Q, Xiong H, Zhang F, Zeng S (2013) An expressive decentralizing kp-abe scheme with constant-size ciphertext. IJ Netw Secur 15(3):161–170
Li Q, Ma J, Li R, Xiong J, Liu X (2015) Large universe decentralized key-policy attribute-based encryption. Secur Commun Netw 8(3):501–509. https://doi.org/10.1002/sec.997
Li Q, Ma J, Li R, Liu X, Xiong J, Chen D (2016) Secure, efficient and revocable multi-authority access control system in cloud storage. Comput Secur 59:45–59
Lin H, Cao Z, Liang X, Shao J (2008) Secure threshold multi authority attribute based encryption without a central authority. In: Chowdhury DR., Rijmen V, Das A (eds) Progress in cryptology - INDOCRYPT 2008. INDOCRYPT 2008. lecture notes in computer science, vol 5365. Springer, Berlin, Heidelberg, pp 426–436. https://doi.org/10.1007/978-3-540-89754-5_33
Liu Y, Wang L, Li L, Yan X (2018) Secure and efficient multi-authority attribute-based encryption scheme from lattices. IEEE Access 7:3665–3674
Liu Z, Cao Z, Huang Q, Wong DS, Yuen TH (2011) Fully secure multi-authority ciphertext-policy attribute-based encryption without random oracles. In Atluri V, Diaz C (eds) Computer security – ESORICS 2011. ESORICS 2011. Lecture notes in computer science, vol 6879. Springer, Berlin, Heidelberg, pp 278–297. https://doi.org/10.1007/978-3-642-23822-2_16
Maji HK, Prabhakaran M, Rosulek M (2008) Attribute-based signatures: achieving attribute-privacy and collusion-resistance. IACR Cryptol. ePrint Arch., 2008, 328
Müller S, Katzenbeisser S, Eckert C (2009) Distributed attribute-based encryption. In: Lee PJ, Cheon JH (eds) Information security and cryptology – ICISC 2008. ICISC 2008. Lecture notes in computer science, vol 5461. Springer, Berlin, Heidelberg, pp 20–36. https://doi.org/10.1007/978-3-642-00730-9_2
Naor M, Yung M (1990) Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Proceedings of the twenty-second annual ACM symposium on theory of computing (STOC '90). Association for computing machinery, New York, NY, USA, 427–437. https://doi.org/10.1145/100216.100273
Okamoto T, Takashima K (2011) Efficient attribute-based signatures for non-monotone predicates in the standard model. In: Catalano D, Fazio N, Gennaro R, Nicolosi A (eds) Public key cryptography – PKC 2011. PKC 2011. Lecture notes in computer science, vol 6571. Springer, Berlin, Heidelberg, pp 35–52. https://doi.org/10.1007/978-3-642-19379-8_3
Okamoto T, Takashima K (2013) Decentralized attribute-based signatures. Springer, Berlin, pp 125–142. https://doi.org/10.1007/978-3-642-36362-7_9
Ostrovsky R, Sahai A, Waters B (2007) Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM conference on computer and communications security (CCS '07). Association for computing machinery, New York, NY, USA, pp 195–203. https://doi.org/10.1145/1315245.1315270
Rahulamathavan Y, Veluru S, Han J, Li F, Rajarajan M, Lu R (2016) User collusion avoidance scheme for privacy-preserving decentralized key-policy attribute-based encryption. IEEE Trans Comput 65(9):2939–2946. https://doi.org/10.1109/TC.2015.2510646
Rao YS, Dutta R (2013) Decentralized ciphertext-policy attribute-based encryption scheme with fast decryption. In: Communications and multimedia security: 14th IFIP TC 6/TC 11 international conference, CMS 2013, Magdeburg, Germany, September 25–26, 2013. Proceedings. Springer, Berlin, pp 66–81. https://doi.org/10.1007/978-3-642-40779-6_5
Rao YS, Dutta R (2017) Computational friendly attribute-based encryptions with short ciphertext. Theor Comput Sci 668:1–26. https://doi.org/10.1016/j.tcs.2016.12.030
Rouselakis Y, Waters B (2013) Practical constructions and new proof methods for large universe attribute-based encryption. In Proceedings of the 2013 ACM SIGSAC conference on computer & communications security (CCS '13). Association for computing machinery, New York, NY, USA, pp 463–474. https://doi.org/10.1145/2508859.2516672
Sahai A., Waters B (2005) Fuzzy identity-based encryption. In: Cramer R (eds) Advances in cryptology – EUROCRYPT 2005. EUROCRYPT 2005. Lecture notes in computer science, vol 3494. Springer, Berlin, Heidelberg, pp 457–473. https://doi.org/10.1007/11426639_27
Servos D, Osborn SL (2017) Current research and open problems in attribute-based access control. ACM Comput Surv 49(4):65:1-65:45. https://doi.org/10.1145/3007204
Shahandashti SF, Safavi-Naini R (2009) Threshold attribute-based signatures and their application to anonymous credential systems. Springer, Berlin, pp 198–216. https://doi.org/10.1007/978-3-642-02384-2_13
Shoup V (1997) Lower bounds for discrete logarithms and related problems. Springer, Berlin, pp 256–266. https://doi.org/10.1007/3-540-69053-0_18
Sookhak M, Yu FR, Khan MK, Xiang Y, Buyya R (2017) Attribute-based data access control in mobile cloud computing: taxonomy and open issues. Future Gener Comput Syst 72:273–287. https://doi.org/10.1016/j.future.2016.08.018
Stern J (2003) Why provable security matters? Springer, Berlin, pp 449–461. https://doi.org/10.1007/3-540-39200-9_28
Sun J, Su Y, Qin J, Hu J, Ma J (2019) Outsourced decentralized multi-authority attribute based signature and its application in IoT. IEEE Trans Cloud Comput. https://doi.org/10.1109/TCC.2019.2902380
Tan SY (2019) Correction to “improving privacy and security in decentralizing multi-authority attribute-based encryption in cloud computing”. IEEE Access 7:17045–17049
Wang M, Zhang Z, Chen C (2016a) Security analysis of a privacy-preserving decentralized ciphertext-policy attribute-based encryption scheme. Concurr Comput Pract Exp 28(4):1237–1245. https://doi.org/10.1002/cpe.3623
Wang S, Liang K, Liu JK, Chen J, Yu J, Xie W (2016b) Attribute-based data sharing scheme revisited in cloud computing. IEEE Trans Inf Forensics Secur 11(8):1661–1673. https://doi.org/10.1109/TIFS.2016.2549004
Waters B (2009) Dual system encryption: realizing fully secure IBE and HIBE under simple assumptions. Springer, Berlin, pp 619–636. https://doi.org/10.1007/978-3-642-03356-8_36
Xiong H, Bao Y, Nie X, Asoor YI (2019) Server-aided attribute-based signature supporting expressive access structures for industrial internet of things. IEEE Trans Ind Inform 16(2):1013–1023
Yang Y, Chen X, Chen H, Du X (2018) Improving privacy and security in decentralizing multi-authority attribute-based encryption in cloud computing. IEEE Access 6:18009–18021
Yuan E, Tong J (2005) Attributed based access control (ABAC) for Web services. IEEE International Conference on Web Services (ICWS'05), Orlando, FL, USA, 2005, p 569. https://doi.org/10.1109/ICWS.2005.25
Zhang K, Li H, Ma J, Liu X (2018) Efficient large-universe multi-authority ciphertext-policy attribute-based encryption with white-box traceability. Sci China Inf Sci 61(3):032102
Zhang L, Ren J, Mu Y, Wang B (2020) Privacy-preserving multi-authority attribute-based data sharing framework for smart grid. IEEE Access 8:23294–23307
Zhang X, Wu F, Yao W, Wang Z, Wang W (2019) Multi-authority attribute-based encryption scheme with constant-size ciphertexts and user revocation. Concurr Comput Pract Exp 31(21):e4678
Zhong H, Zhu W, Xu Y, Cui J (2018) Multi-authority attribute-based encryption access control scheme with policy hidden for cloud storage. Soft Comput 22(1):243–251
Acknowledgements
This work was supported in part by the Natural Science Foundation of China under Grant U1936101, in part by the 13th Five-Year Plan of National Cryptography Development Fund for Cryptographic Theory of China under Grant MMJJ20170204.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Oberko, P.S.K., Obeng, VH.K.S. & Xiong, H. A survey on multi-authority and decentralized attribute-based encryption. J Ambient Intell Human Comput 13, 515–533 (2022). https://doi.org/10.1007/s12652-021-02915-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-021-02915-5