Combining ABCs with ABE: Privacy-Friendly Key Generation for Smart Card Based Attribute-Based Encryption

Attribute-Based Credential (ABC) schemes provide a privacy-friendly method to perform authentication. In such a system the user does not necessarily have to identify himself, but may reveal only partial information about him, i.e., attributes the user possesses. The use of this technique is a proper solution for several kinds of authentication where no full identification is required, e.g., buying liquor at the liquor store or opening the door to an office building. However, using Attribute-Based Encryption (ABE) provides some advantages of ABCs in the case of data protection. Ciphertext-Policy ABE schemes allow a user to define an access policy over an encrypted file, so that only the individuals possessing the right attributes can decrypt the file. The data authorization takes place when a user tries to decrypt a file; data access does not involve an on-line party such as would be required by an ABC system. A smart card implementation of the Identity Mixer (idemix) credentials system exists, making it feasible to implement the ABC system. Little progress has been made to create an ABE scheme that is suitable to run in a similar environment. Most ABE schemes require computationally complex decryption algorithms that take too much time to run on current smart cards. Moreover, many multi-authority ABE schemes violate the user’s privacy by requiring the user to reveal his unique identifier, enabling authorities to profile its users. We create an overview of different types of ABE schemes and describe several schemes in terms of security and efficiency. Using our classification, we select the [LW11] decentralized multi-authority ABE scheme that we can adapt to meet our requirements. We propose a Blind Key Generation protocol that provides a way to do privacy-friendly key issuance without the user having to reveal his identifier. We prove this protocol to be secure against three different types of attackers using the security definitions introduced by Green and Hohenberger [GH07]. Additionally, we propose an Off-card Decrypt protocol. This protocol enables us to outsource some of the most complex operations to a trusted device, yet safely store the decryption keys on the smart card and never reveal them.