Abstract
Attribute-based encryption (ABE) is a type of encryption derived from identity-based encryption, implementing access control over encrypted data based on attributes rather than on specific identities. SM9 is the Chinese national standard for identity-based cryptography. This paper presents two novel key-policy attribute-based encryption (KP-ABE) designs based on SM9. The first scheme operates in a small attribute universe, while the second scheme caters to a large universe where the size of public parameters is only proportional to the maximum number of attributes used for encryption. Both schemes have a similar private-key/ciphertext structure to the original SM9 identity-based encryption algorithm, enabling effective integration into information systems built on SM9. Further, both schemes are selectively secure under the (f, g)-GDDHE assumption. Extensive experiments show that both schemes are comparable to other classical KP-ABE schemes, in terms of the communication and computational costs. We believe the proposed schemes will expedite the implementation of SM9 in distributed computing systems such as cloud computing and blockchain.
Article PDF
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Avoid common mistakes on your manuscript.
References
Fiat A, Naor M. Broadcast encryption. In Proc. the 13th Annual International Cryptology Conference on Advances in Cryptology, Aug. 1993, pp.480–491. DOI: https://doi.org/10.1007/3-540-48329-240.
Sahai A, Waters B. Fuzzy identity-based encryption. In Proc. the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 2005, pp.457–473. DOI: https://doi.org/10.1007/1142663927.
Goyal V, Pandey O, Sahai A, Waters B. Attribute-based encryption for fine-grained access control of encrypted data. In Proc. the 13th ACM Conference on Computer and Communications Security, Oct. 30-Nov. 3, 2006, pp.89–98. DOI: https://doi.org/10.1145/1180405.1180418.
Lai J C, Huang X Y, He D B. An efficient identity-based broadcast encryption scheme based on SM9. Chinese Journal of Computers, 2021, 44(5): 897–907. DOI: https://doi.org/10.11897/SP.J.1016.2021.00897. (in Chinese)
Sun S, Ma H, Zhang R, Xu W. Server-aided immediate and robust user revocation mechanism for SM9. Cybersecurity, 2022, 3(1): Article No. 12. DOI: https://doi.org/10.1186/S42400-020-00054-6.
Cheng Z. Security analysis of SM9 key agreement and encryption. In Proc. the 14th International Conference on Information Security and Cryptology, Dec. 2018, pp.3–25. DOI: https://doi.org/10.1007/978-3-030-14234-6_1.
Fujisaki E, Okamoto T. Secure integration of asymmetric and symmetric encryption schemes. In Proc. the 19th Annual International Cryptology Conference on Advances in Cryptology, Aug. 1999, pp.537–554. DOI: https://doi.org/10.1007/3-540-48405-1_34.
Boneh D, Boyen X. Efficient selective-ID secure identity-based encryption without random oracles. In Proc. the 2004 International Conference on the Theory and Applications of Cryptographic Techniques, May 2004, pp.223–238. DOI: https://doi.org/10.1007/978-3-540-24676-3_14.
Shamir A. Identity-based cryptosystems and signature schemes. In Advances in Cryptology, Blakley G R, Chaum D (eds.), Springer, 1985, pp.47–53. DOI: https://doi.org/10.1007/3-540-39568-7_5.
Boneh D, Franklin M. Identity-based encryption from the Weil pairing. In Proc. the 21st Annual International Cryptology Conference on Advances in Cryptology, Aug. 2001, pp.213–229. DOI: https://doi.org/10.1007/3-540-44647-8_13.
Canetti R, Halevi S, Katz J. A forward-secure public-key encryption scheme. In Proc. the 2003 International Conference on the Theory and Applications of Cryptographic Techniques, May 2003, pp.255–271. DOI: https://doi.org/10.1007/3-540-39200-9_16.
Park J H, Lee K, Lee D H. New chosen-ciphertext secure identity-based encryption with tight security reduction to the bilinear Diffie-Hellman problem. Information Sciences, 2015, 325: 256–270. DOI: https://doi.org/10.1016/J.INS.2015.07.011.
Ma S. Identity-based encryption with outsourced equality test in cloud computing. Information Sciences, 2016, 328: 389–402. DOI: https://doi.org/10.1016/J.INS.2015.08.053.
Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption. In Proc. the 2007 IEEE Symposium on Security and Privacy, May 2007, pp.321–334. DOI: https://doi.org/10.1109/SP.2007.11.
Ostrovsky R, Sahai A, Waters B. Attribute-based encryption with non-monotonic access structures. In Proc. the 14th ACM Conference on Computer and Communications Security, Oct. 31-Nov. 2, 2007, pp.195–203. DOI: https://doi.org/10.1145/1315245.1315270.
Garg S, Gentry C, Halevi S, Sahai A, Waters B. Attribute-based encryption for circuits from multilinear maps. In Proc. the 33rd Annual Cryptology Conference on Advances in Cryptology, Aug. 2013, pp.479–499. DOI: https://doi.org/10.1007/978-3-642-40084-1_27.
Tiplea F L, Drăgan C C. Key-policy attribute-based encryption for Boolean circuits from bilinear maps. In Proc. the 1st International Conference on Cryptography and Information Security in the Balkans, Oct. 2014, pp.175–193. DOI: https://doi.org/10.1007/978-3-319-21356-9_12.
Drăgan C C, Tiplea F L. Key-policy attribute-based encryption for general Boolean circuits from secret sharing and multi-linear maps. In Proc. the 2nd International Conference on Cryptography and Information Security in the Balkans, Sept. 2015, pp.112–133. DOI: https://doi.org/10.1007/978-3-319-29172-7_8.
Hu P, Gao H. A key-policy attribute-based encryption scheme for general circuit from bilinear maps. International Journal of Network Security, 2017, 19(5): 704–710. DOI: https://doi.org/10.6633/IJNS.201709.19(5).07.
Bolocan D. Key-policy attribute-based encryption scheme for general circuits. Proceedings of the Romanian Academy, Series A-Mathematics Physics Technical Sciences Information Science, 2020, 21(1): 11–19.
Li C, Shen Q, Xie Z, Dong J, Feng X, Fang Y, Wu Z. Hierarchical and non-monotonic key-policy attribute-based encryption and its application. Information Sciences, 2022, 611: 591–627. DOI: https://doi.org/10.1016/J.INS.2022.08.014.
Lewko A, Waters B. Unbounded HIBE and attribute-based encryption. In Proc. the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 2011, pp.547–567. DOI: https://doi.org/10.1007/978-3-642-20465-4_30.
Lewko A. Tools for simulating features of composite order bilinear groups in the prime order setting. In Proc. the 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Apr. 2012, pp.318–335. DOI: https://doi.org/10.1007/978-3-642-29011-4_20.
Okamoto T, Takashima K. Fully secure unbounded inner-product and attribute-based encryption. In Proc. the 18th International Conference on the Theory and Application of Cryptology and Information Security, Dec. 2012, pp.349–366. DOI: https://doi.org/10.1007/978-3-642-34961-4_22.
Ma H, Peng T, Liu Z. Directly revocable and verifiable key-policy attribute-based encryption for large universe. International Journal of Network Security, 2017, 19(2): 272–284. DOI: https://doi.org/10.6633/IJNS.201703.19(2).12.
Ye Y, Cao Z, Shen J. Unbounded key-policy attribute-based encryption with black-box traceability. In Proc. the 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Dec. 29–Jan. 1, 2020, pp.1655–1663. DOI: https://doi.org/10.1109/TrustCom50675.2020.00228.
Attrapadung N, Libert B, de Panafieu E. Expressive key-policy attribute-based encryption with constant-size ciphertexts. In Proc. the 14th International Conference on Practice and Theory in Public Key Cryptography, Mar. 2011, pp.90–108. DOI: https://doi.org/10.1007/978-3-642-19379-8_6.
Hohenberger S, Waters B. Attribute-based encryption with fast decryption. In Proc. the 16th International Conference on Practice and Theory in Public-Key Cryptography, Feb. 26–Mar. 1, 2013, pp.162–179. DOI: https://doi.org/10.1007/978-3-642-36362-7_11.
Lai J, Deng R H, Li Y, Weng J. Fully secure key-policy attribute-based encryption with constant-size ciphertexts and fast decryption. In Proc. the 9th ACM Symposium on Information, Computer and Communications Security, Jun. 2014, pp.239–248. DOI: https://doi.org/10.1145/2590296.2590334.
Zhang K, Gong J, Tang S, Chen J, Li X, Qian H, Cao Z. Practical and efficient attribute-based encryption with constant-size ciphertexts in outsourced verifiable computation. In Proc. the 11th ACM on Asia Conference on Computer and Communications Security, May 30–Jun. 3, 2016, pp.269–279. DOI: https://doi.org/10.1145/2897845.2897858.
Kim J, Susilo W, Guo F, Au M H, Nepal S. An efficient KP-ABE with short ciphertexts in prime OrderGroups under standard assumption. In Proc. the 2017 ACM on Asia Conference on Computer and Communications Security, Apr. 2017, pp.823–834. DOI: https://doi.org/10.1145/3052973.3053003.
Rao Y S, Dutta R. Computational friendly attribute-based encryptions with short ciphertext. Theoretical Computer Science, 2017, 668: 1–26. DOI: https://doi.org/10.1016/J.TCS.2016.12.030.
Obiri I A, Xia Q, Xia H, Obour Agyekum K O B, Asamoah K O, Sifah E B, Zhang X, Gao J. A fully secure KP-ABE scheme on prime-order bilinear groups through selective techniques. Security and Communication Networks, 2020, 2020: 8869057. DOI: https://doi.org/10.1155/2020/8869057.
Boucenna F, Nouali O, Kechid S, Tahar Kechadi M. Secure inverted index based search over encrypted cloud data with user access rights management. Journal of Computer Science and Technology, 2019, 34(1): 133–154. DOI: https://doi.org/10.1007/S11390-019-1903-2.
Xue L, Yu Y, Li Y, Au M H, Du X, Yang B. Efficient attribute-based encryption with attribute revocation for assured data deletion. Information Sciences, 2019, 479: 640–650. DOI: https://doi.org/10.1016/J.INS.2018.02.015.
You L, Wang L. Hierarchical authority key-policy attribute-based encryption. In Proc. the 16th International Conference on Communication Technology (ICCT), Oct. 2015, pp.868–872. DOI: https://doi.org/10.1109/ICCT.2015.7399963.
Lai J, Huang X, He D, Guo F. An efficient hierarchical identity-based encryption based on SM9. SCIENTIA SINICA Informationis, 2023, 53(5): 918–930. DOI: https://doi.org/10.1360/SSI-2022-0163. (in Chinese)
Tang F, Ling G W, Shan J Y. Additive homomorphic encryption schemes based on SM2 and SM9. Journal of Cryptologic Research, 2022, 9(3): 535–549. DOI: https://doi.org/10.13868/j.cnki.jcr.000532. (in Chinese)
Shi Y, Ma Z, Qin R, Wang X, Wei W, Fan H. Implementation of an attribute-based encryption scheme based on SM9. Applied Sciences, 2019, 9(15): 3074. DOI: https://doi.org/10.3390/app9153074.
Ji H, Zhang H, Shao L, He D, Luo M. An efficient attribute-based encryption scheme based on SM9 encryption algorithm for dispatching and control cloud. Connection Science, 2021, 33(4): 1094–1115. DOI: https://doi.org/10.1080/09540091.2020.1858757.
Chen L, Cheng Z. Security proof of Sakai-Kasahara’s identity-based encryption scheme. In Proc. the 10th IMA International Conference on Cryptography and Coding, Dec. 2005, pp.442–459. DOI: https://doi.org/10.1007/11586821_29.
Delerablée C. Identity-based broadcast encryption with constant size ciphertexts and private keys. In Proc. the 13th International Conference on the Theory and Application of Cryptology and Information Security, Dec. 2007, pp.200–215. DOI: https://doi.org/10.1007/978-3-540-76900-2_12.
Boneh D, Boyen X, Goh E J. Hierarchical identity based encryption with constant size ciphertext. In Proc. the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 2005, pp.440–456. DOI: https://doi.org/10.1007/11426639_26.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of Interest Xin-Yi Huang is an editorial board member for Journal of Computer Science and Technology, and was not involved in the editorial review of this article. All authors declare that there are no other competing interests.
Additional information
This work was supported by the National Natural Science Foundation of China under Grant Nos. 62032005, 62372108, and 61972094.
Xiao-Hong Liu received her M.S. degree in mathematics and applied mathematics from Shaanxi Normal University, Xi’an, in 2014. She is a Ph.D. candidate in cyber security at Fujian Normal University, Fuzhou. Her research interests include cryptography and information security.
Xin-Yi Huang received his Ph.D. degree from the School of Computer Science and Software Engineering, University of Wollongong, Australia, in 2009. He is currently a professor with the College of Cyber Security, Jinan University, China. His research interests include cryptography and information security.
Wei Wu received her Ph.D. degree from the University of Wollongong, Wollongong, in 2011. She is currently a senior lecturer at the College of Education Sciences, The Hong Kong University of Science and Technology (Guangzhou), Guangzhou. Her research interests include new public key cryptography systems and secure server-aided computation.
Jian-Ting Ning received his Ph.D. degree from the Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, in 2016. He is currently with the School of Cyber Science and Engineering, Wuhan University, Wuhan, and the Faculty of Data Science, City University of Macau, Macau. His research interests include applied cryptograhy and information security.
Electronic supplementary material
Rights and permissions
About this article
Cite this article
Liu, XH., Huang, XY., Wu, W. et al. Key-Policy Attribute-Based Encryption Based on SM9. J. Comput. Sci. Technol. 40, 267–282 (2025). https://doi.org/10.1007/s11390-024-3726-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11390-024-3726-z