Verifiable Attribute Based Encryption

In this paper, we propose the notion of Verifiable Attribute-Based Encryption (VABE) and give two constructs of key-policy VABE. One is with a single authority, and the other is with multi authorities. Not only our schemes are proved secure as the previous ABE schemes, they also provide a verification property. This could not be trivially solved, such as trying random decryption. Adding the verification property has a few advantages: first, it allows the user to immediately check the correctness of the keys, if not, he only needs the authority to resend the corresponding shares, especially, in multiauthority case, if the key does not pass the check, the user only needs to ask the particular authority to resend its own part, without need to go to all the authorities; second, if the keys pass the verification but the user still does not rightly decrypt out the message, something might be wrong with the attributes or ciphertexts, then, the user has to contact with the encryptor; third, the trick used in this paper could also be used in the ciphertext-policy scenario. We formalize the notion of VABE and prove our schemes in our model.