密文政策之屬性加密機制為一種存取控制機制，可以讓資料提供者自己決定屬性存取政策(Access policy)來加密想傳送給接收者之訊息，如果接收者的私鑰所擁有的屬性滿足屬性存取政策，則接收者即可解開密文。本篇論文探討了密文政策之屬性加密機制與植基於身份之加密機制之間的關係，並提出轉換方法來把屬性存取政策與身份字串之間互相轉換。藉由本論文所提出的轉換方式，我們可以透過基於身份加密機制來建構屬性加密機制，而該屬性加密機制也能夠繼承基於身份加密機制所擁有之特性，例如固定密文長度、匿名性、支援萬用字元等，反之亦然。此外，藉由本論文的轉換方法，我們也可以提出第一個擁有支援萬用字元的屬性存取政策以及密文或私鑰長度為常數之屬性加密機制。最後，我們也提供針對機密性與匿名性之選擇密文攻擊安全的證明。

Ciphertext-policy attribute-based encryption (CP-ABE) is an access control mechanism where a data provider encrypts a secret message and then sends the ciphertext to the receivers according to the access policy which she/he decides. If the attributes of the receivers match the access policy, then they can decrypt the ciphertext. This thesis shows a relation between ABE and identity-based encryption (IBE), and presents a bi-directional conversion between an access structure and identities. By the proposed conversion, the ABE scheme constructed from an IBE scheme will inherit the features, such as constant-size ciphertexts and anonymity, from the IBE scheme, and vice versa. It turns out that the proposed conversion also gives the first ABE achieving access structures with wildcard and constant-size ciphertexts/private keys. Finally, we prove the CCA security for confidentiality and anonymity.

論文審定書 i
Acknowledgments iv
摘要 v
Abstract vi
List of Figures ix
Chapter 1 Introduction 1
1.1 Contributions 2
1.2 Organization 3
Chapter 2 Related Works 4
2.1 Constant-size ciphertexts/private keys 4
2.2 Hidden access policy 4
2.3 Hidden access policy and constant-size ciphertexts/private keys 5
Chapter 3 Preliminaries 6
3.1 Access Structures 6
3.2 Definition 7
3.2.1 Ciphertext-Policy Attribute-Based Encryption 7
3.2.2 Identity-based Encrytion 7
3.2.3 Identity-based Broadcast Encrytion 8
3.3 Security Model 8
3.3.1 CCA Security Game for CP-ABE 9
3.3.2 CCA Security Game for CP-ABE with Hidden Policy 9
3.3.3 CCA Security Game for IBBE 10
3.3.4 CCA Security Game for Anonymous IBBE 11
Chapter 4 Our Construction 12
4.1 The Relationship Between IBE and AND-gate-only ABE 12
4.1.1 Conversion Between Access Structures and Identities 12
4.1.2 ABE from IBE 14
4.1.3 IBE from ABE 15
4.1.4 Discussion 16
4.2 The Relationship Between IBBE and ABE with DNF 17
4.2.1 Conversion Between an Access Structure in DNF and a Set of Identities 17
4.2.2 ABE from IBBE 18
4.2.3 IBBE from ABE 20
4.2.4 Discussion 21
Chapter 5 Security Proofs 23
5.1 The Security Proof for Confidentiality 23
5.1.1 The ABE Scheme from an IBBE Scheme 23
5.1.2 The IBBE Scheme from an ABE Scheme 24
5.2 The Security Proof for Anonymity 26
5.2.1 The ABE Scheme with Hidden Access Policies from an Anonymous IBBE Scheme 26
5.2.2 The Anonymous IBBE Scheme from an ABE Scheme with Hidden Access Policies 28
Chapter 6 Conclusion 30
Bibliography 31

[1] N. Attrapadung, B. Libert, and E. de Panafieu. Expressive key-policy attribute-based encryption with constant-size ciphertexts. In International Workshop on Public Key Cryptography, pages 90–108. Springer, 2011.
[2] A. Balu and K. Kuppusamy. Ciphertext policy attribute based encryption with anonymous
access policy. arXiv preprint arXiv:1011.0527, 2010.
[3] A. Balu and K. Kuppusamy. Privacy preserving ciphertext policy attribute based encryption. In Recent Trends in Network Security and Applications, pages 402–409. Springer, 2010.
[4] A. Beimel. Secure schemes for secret sharing and key distribution. PhD thesis, Israel Institute of Technology, Technion, Haifa, Israel, 1996.
[5] J. Bethencournt, A. Sahai, and B. Waters. Ciphertext-policy attribute-based encryption. In Proceedings of the 2007 IEEE Symposium on Security and Privacy, SP ’07, pages 321–334, 2007.
[6] X. Boyen and B. Waters. Anonymous hierarchical identity-based encryption (without random oracles). In Advances in Cryptology-CRYPTO 2006, pages 290–307. Springer, 2006.
[7] C. Chen, J. Chen, H. W. Lim, Z. Zhang, D. Feng, S. Ling, and H. Wang. Fully secure attribute-based systems with short ciphertexts/signatures and threshold access structures. In Cryptographers’ Track at the RSA Conference, pages 50–67. Springer, 2013
[8] C. Chen, Z. Zhang, and D. Feng. Efficient ciphertext policy attribute-based encryption with constant-size ciphertext and constant computation-cost. In Provable Security, pages 84–101. Springer, 2011.
[9] L. Cheung and C. Newport. Provably secure ciphertext policy abe. In Proceedings of the 14th ACM conference on Computer and communications security, pages 456–465. ACM, 2007.
[10] C. Delerablée. Identity-based broadcast encryption with constant size ciphertexts and private keys. In Advances in Cryptology–ASIACRYPT 2007, pages 200–215. Springer, 2007.
[11] N. Doshi and D. Jinwal. Hidden access structure ciphertext policy attribute based encryption with constant length ciphertext. In International Conference on Advanced Computing, Networking and Security, pages 515–523. Springer, 2011.
[12] K. Emura, A. Miyaji, A. Nomura, K. Omote, and M. Soshi. A ciphertext-policy attributebased encryption scheme with constant ciphertext length. International Journal of Applied
Cryptography, 2(1):46–59, 2010.
[13] A. Ge, R. Zhang, C. Chen, C. Ma, and Z. Zhang. Threshold ciphertext policy attributebased encryption with constant size ciphertexts. In Australasian Conference on Information Security and Privacy, pages 336–349. Springer, 2012.
[14] C. Gentry. Practical identity-based encryption without random oracles. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages
445–464. Springer, 2006.
[15] V. Goyal, A. Jain, O. Pandey, and A. Sahai. Bounded ciphertext policy attribute based
encryption. In Automata, languages and programming, pages 579–591. Springer, 2008.
[16] V. Goyal, O.Pandey, A. Sahai, and B. Waters. Attribute-based encryption for fine-grained
access control of encrypted data. In Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS ’06, pages 89–98, 2006.
[17] F. Guo, Y. Mu, W. Susilo, D. S. Wong, and V. Varadharajan. Cp-abe with constant-size
keys for lightweight devices. IEEE transactions on information forensics and security,
9(5):763–771, 2014.
[18] J. Herranz, F. Laguillaumie, and C. Ràfols. Constant size ciphertexts in threshold
attribute-based encryption. In International Workshop on Public Key Cryptography, pages
19–34. Springer, 2010.
[19] A. Kiayias and K. Samari. Lower bounds for private broadcast encryption. In International Workshop on Information Hiding, pages 176–190. Springer, 2012.
[20] J. Lai, R. H Deng, and Y. Li. Fully secure cipertext-policy hiding cp-abe. In Information
Security Practice and Experience, pages 24–39. Springer, 2011.
[21] X. Li, D. Gu, Y. Ren, N. Ding, and K. Yuan. Efficient ciphertext-policy attribute based
encryption with hidden policy. In International Conference on Internet and Distributed
Computing Systems, pages 146–159. Springer, 2012.
[22] X. Liang, Z. Cao, H. Lin, and D. Xing. Provably secure and efficient bounded ciphertext
policy attribute based encryption. In Proceedings of the 4th International Symposium on
Information, Computer, and Communications Security, pages 343–352. ACM, 2009.
[23] S. Müller and S. Katzenbeisser. Hiding the policy in cryptographic access control. In
Security and Trust Management, pages 90–105. Springer, 2011.
[24] T. Nishide, K. Yoneyama, and K. Ohta. Attribute-based encryption with partially hidden encryptor-specified access structures. In Applied cryptography and network security,
pages 111–129. Springer, 2008.
[25] R. Ostrovsky, A. Sahai, and B. Waters. Attribute-based encryption with non-monotonic
access structures. In Proceedings of the 14th ACM conference on Computer and communications security, pages 195–203. ACM, 2007.
[26] M. Padhya and D. Jinwala. A novel approach for searchable cp-abe with hidden
ciphertext-policy. In Information Systems Security, pages 167–184. Springer, 2014.
[27] T. V. X. Phuong, G. Yang, and W. Susilo. Poster: Efficient ciphertext policy attribute based
encryption under decisional linear assumption. In Proceedings of the 2014 ACM SIGSAC
Conference on Computer and Communications Security, pages 1490–1492. ACM, 2014.
[28] T. V. X. Phuong, G. Yang, and W. Susilo. Hidden ciphertext policy attribute-based encryption under standard assumptions. IEEE Transactions on Information Forensics and
Security, 11(1):35–45, 2016.
[29] Y. S. Rao and R. Dutta. Recipient anonymous ciphertext-policy attribute based encryption.
In Information Systems Security, pages 329–344. Springer, 2013.
[30] A. Sahai and B. Waters. Fuzzy identity-based encryption. In Proceedings of the 24th Annual International Conference on Theory and Applications of Cryptographic Techniques,
EUROCRYPT’05, pages 457–473, 2005.
[31] P. V. X. Tran, T. N. Dinh, and A. Miyaji. Efficient ciphertext-policy abe with constant
ciphertext length. In 2012 7th International Conference on Computing and Convergence
Technology (ICCCT), pages 543–549. IEEE, 2012.
[32] Z. Wang and M. He. Cp-abe with hidden policy from waters efficient construction. International Journal of Distributed Sensor Networks, 2016:11, 2016.
[33] B. Waters. Ciphertext-policy attribute-based encryption: An expressive, efficient, and
provably secure realization. In Public Key Cryptography, Lecture Notes in Computer
Science, pages 53–70, 2011.
[34] R. Xu and B. Lang. A cp-abe scheme with hidden policy and its application in cloud
computing. International Journal of Cloud Computing, 4(4):279–298, 2015.
[35] R. Xu, Y. Wang, and B. Lang. A tree-based cp-abe scheme with hidden policy supporting
secure data sharing in cloud computing. In Advanced Cloud and Big Data (CBD), 2013
International Conference on, pages 51–57. IEEE, 2013.
[36] U. C. Yadav. Ciphertext-policy attribute-based encryption with hiding access structure.
In 2015 IEEE International Advance Computing Conference (IACC), pages 6–10. IEEE,
2015.
[37] S. Yu, K. Ren, and W. Lou. Attribute-based content distribution with hidden policy. In
Secure Network Protocols, 2008. NPSec 2008. 4th Workshop on, pages 39–44. IEEE,
2008.
[38] F. Zeng and C. Xu. Attribute-based encryption with hidden threshold access structure.
Computer Modelling and New Technologies, 18(12):19–22, 2014.
[39] L. Zhang, Y. Hu, and Q. Wu. Adaptively secure identity-based broadcast encryption
with constant size private keys and ciphertexts from the subgroups. Mathematical and
computer Modelling, 55(1):12–18, 2012.
[40] Y. Zhang, D. Zheng, X. Chen, J. Li, and H. Li. Computationally efficient ciphertext-policy
attribute-based encryption with constant-size ciphertexts. In International Conference on
Provable Security, pages 259–273. Springer, 2014.
[41] Y. Zhang, D. Zheng, X. Chen, J. Li, and H. Li. Efficient attribute-based data sharing in
mobile clouds. Pervasive and Mobile Computing, 28:135–149, 2016.
[42] Z. Zhou and D. Huang. On efficient ciphertext-policy attribute based encryption and
broadcast encryption. In Proceedings of the 17th ACM conference on Computer and
communications security, pages 753–755. ACM, 2010.
[43] Z. Zhou, D. Huang, and Z. Wang. Efficient privacy-preserving ciphertext-policy attribute based-encryption and broadcast encryption. IEEE Transactions on Computers,
64(1):126–138, 2015.