Introduced at EuroCrypt'05, threshold attribute-based encryption (thABE) is a subclass of identity-based encryption which views each identity as a set of descriptive attributes. In order to decrypt a ciphertext c encrypted for a set ω of attributes, users must have attribute keys associated with a sufficiently large subset of ω. Applications of thABE include both biometric-based and role-based cryptographic access control. This paper presents an efficient and flexible thABE scheme which is provably secure in the random oracle model. Let d be a minimal number of attributes which a decryptor must have to decipher a ciphertext. The proposed scheme requires only two pairings for decryption (instead of d pairings as in the original thABE scheme). Moreover, the new scheme enables system engineers to specify various threshold values for distinct sets of attributes. Therefore, this paper describes a practical cryptographic mechanism to support both biometric-based and role-based access control.
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
Tel.: +1 703 830 6300
Fax: +1 703 830 2300 firstname.lastname@example.org
(Corporate matters and books only) IOS Press c/o Accucoms US, Inc.
For North America Sales and Customer Service
West Point Commons
Lansdale PA 19446
Tel.: +1 866 855 8967
Fax: +1 215 660 5042 email@example.com