Using Threshold Attribute-based Encryption for Practical Biometric-based Access Control

Threshold attribute-based encryption (thABE) is a variant of identity-based encryption which views identities as sets of descriptive attributes. If a thABE ciphertext c is computed for a set ω of attributes, then, to decrypt c, a user must have keys associated with a sufficiently large subset of ω. One application of thABE is biometric-based access control (BBAC). Practical BBAC applications impose the following constraints on the design of thABE schemes: first, a suitable thABE scheme must have an efficient decryption procedure; second, the proposed scheme must prevent colluding users from being able to decrypt ciphertexts which none of them could decrypt; third, the designed scheme must provide a mechanism whereby encryptors can, at encryption time, specify multiples sets of attributes with their corresponding threshold values. To the best of our knowledge, no scheme is known that simultaneously satisfies the aforementioned requirements. This paper describes an efficient and collusion-resistant thABE scheme featuring dynamically-specifiable threshold values. The proposed scheme is proven secure in the random oracle model, and its efficiency and flexibility are compared with Sahai and Waters’thABE scheme.