Collusion-Free Policy-Based Encryption

A policy-based encryption scheme allows a user to encrypt a message with respect to a credential-based policy formalized as monotone boolean expression written in standard normal form. The encryption is so that only a user having access to a qualified set of credentials for the policy is able to successfully decrypt the message. An inherent property of policy-based encryption is that in addition to the recipient an encrypted message is intended for, any collusion of credential issuers or end users who are able to collect a qualified set of credentials for the policy used to encrypt the message can decrypt it as well. In some applications, the collusion property may be acceptable or even useful. However, for most other applications it is undesirable. In this paper, we present a collusion-free policy-based encryption primitive, called policy-based public-key encryption. We provide precise definition for the new primitive as well as for the related security model. Then, we describe a concrete implementation using pairings over elliptic curves and prove its security in the random oracle model.