ELiPS-based Ciphertext-Policy Attribute-Based Encryption September, 2024 Le Hoang Anh Graduate School of Natural Science and Technology (Doctor’s Course) OKAYAMA UNIVERSITY DOCTORAL THESIS ELiPS-based Ciphertext-Policy Attribute-Based Encryption Author : Le Hoang ANH Supervisor : Yasuyuki NOGAMI Co-supervisors: Yoshitaka TOYOTA Yukinobu FUKUSHIMA A dissertation submitted to OKAYAMA UNIVERSITY in fulfillment of the requirements for the degree of Doctor of Philosophy in Engineering in the Graduate School of Natural Science and Technology September, 2024 Declaration Authorship This dissertation and the work presented here for doctoral studies were conducted under the supervision of Professor Yasuyuki Nogami. I, Le Hoang Anh, declare that this thesis titled, “ELiPS-based Ciphertext-Policy Att- ribute-Based Encryption” and the work presented in it are my own. I confirm that: • The work presented in this thesis is the result of original research carried out by myself, in collaboration with others, while enrolled in the Gradu- ate School of Natural Science and Technology at Okayama University as a candidate for the degree of Doctor of Philosophy in Engineering. • This work has not been submitted for a degree or any other qualification at this University or any other institution.
• The published work of others cited in this thesis is clearly attributed. Where I have quoted from the work of others, the source is always given. With the exception of such quotations, this thesis is entirely my own work. • I have acknowledged all main sources of help to pursue this work.
• The experiments and results presented in this thesis and in the articles where I am the first author were conducted by myself. Signed: Date: i Abstract Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is an advanced cryptographic technique that enhances the flexibility and security of access control in data encryption. Unlike traditional encryption methods where access is determined by the possession of a single key, CP-ABE enables access based on a user’s attributes, providing a more fine-grained and expressive approach to data security. The CP-ABE scheme operates through four main functions such as setup, key generation, encryption, and decryption.
In the setup function, the algo- rithm generates a master key and a public key. The public key is distributed to users, while the master key is kept secret. The master key and public key are then used to create secret keys for users based on their attributes. These secret keys enable authorized users to decrypt ciphertexts that adhere to specified access policies, ensuring fine-grained access control over encrypted data.
In CP-ABE, data is encrypted under an access policy specified by the data owner. Access to the encrypted data is granted only if the user’s attributes satisfy the access policy embedded in the ciphertext. This approach integrates the encryption and access control processes, ensuring that only authorized users can decrypt the data. Therefore, CP-ABE is not only to encrypt data but also to provide fine- grained access control over encrypted data.
CP-ABE is a powerful crypto- graphic tool for keeping data safe in places like cloud storage, the Internet of Things (IoT), personal health records, and blockchain, using pairing-based cryptography. Cloud computing enables the storage and remote access of data via the internet. However, issues with access control and privacy arise when data is stored by a third party. On the other hand, IoT is a rapidly developing technology in the modern digital era.
The large amounts of data generated by the expanding IoT have led to a greater focus on privacy and data access control in security. To meet these requirements, CP-ABE is utilized to provide privacy and fine-grained access control in both cloud storage and IoT applications. Despite CP-ABE has various important applications, the original CP- ABE scheme relies on the pairing-based cryptography (PBC) library. The PBC library is an open-source library carrying out the essential mathematical ii operations in pairing-based cryptosystems.
Speed and portability are crucial considerations as the PBC library is intended to serve as the foundation for pairing-based cryptosystem implementations. It offers functions like elliptic curve arithmetic, hash-to-curve, and pairing. The PBC utilizes symmetric pairing, which offers a security level limited to 80 bits. This level of security is now considered outdated and vulnerable to various attacks, failing to meet the current demands for high-level security.
The Efficient Library for Pairing Systems (ELiPS), on the other hand, of- fers efficient operations related to pairing-based cryptography, delivering high performance while upholding a substantial security standard. Such cryptogra- phy involves mathematical pairings between points on an elliptic curve. The ELiPS library offers a range of functionalities, including point arithmetic op- erations, exponentiation, hash-to-curve, and pairing. ELiPS is specifically de- signed to support bilinear pairing using the BLS-12 curve, providing a 128-bit security level.
In our first study, to deal with the shortcomings of the original CP-ABE, we adopt and implement the ELiPS as an efficient library for pairing systems into the CP-ABE framework, namely ELiPS-based CP-ABE. However, the in- tegration process is not straightforward due to differences between PBC and ELiPS libraries, including function parameters, data types, and the type of pairing. Notably, ELiPS supports asymmetric pairing, while the original CP- ABE relies on symmetric pairing. To bridge this gap and ensure compatibility, we designed three procedures to adapt ELiPS for CP-ABE.
Our approach be- gins with the generation of a generator g. Then, we utilize Shirase’s method to transform asymmetric pairing to symmetric pairing, establishing compatibility between ELiPS and CP-ABE. Subsequently, we make several modifications to the CP-ABE framework and choose the appropriate ELiPS functions for inte- gration. Afterward, we validate our proposal through several experiments involv- ing data access authorization scenarios.
Firstly, we evaluate the efficacy of setup, key generation, encryption, and decryption in PBC-based CP-ABE, MCL-based CP-ABE, and ELiPS-based CP-ABE with a two-attribute sce- nario. The results show that the setup time in ELiPS-based CP-ABE reduces by 26.8% and in MCL-based CP-ABE decreases by 28.6% compared to PBC- iii based CP-ABE. In addition, the key generation time in MCL-based CP-ABE is lower than that in PBC-based CP-ABE by 74.8%, while in ELiPS-based CP- ABE, it is lower than other schemes by 2.6% compared to MCL-based CP-ABE and by 75.5% compared to PBC-based CP-ABE. Moreover, the results con- firm that the encryption time in ELiPS-based CP-ABE is the lowest among the three versions, namely PBC-based CP-ABE, MCL-based CP-ABE, and ELiPS-based CP-ABE.
Whereas encryption time in MCL-based CP-ABE de- creases by 74.0%, encryption time in ELiPS-based CP-ABE reduces by 75.3% compared to that in PBC-based CP-ABE. On the other hand, the decryption time for MCL-based CP-ABE and ELiPS-based CP-ABE increases by 31.7%, respectively, compared to the decryption time for PBC-based CP- ABE. Hence, further evaluation with increasing the number of attributes is necessary. Secondly, since the setup part is not affected by the number of attributes, we do not need to evaluate it further.
Instead, we focus on experi- ments and evaluations of key generation, encryption, and decryption with the numbers of attributes ranging from 2 to 20. The experimental results depict the key generation time in MCL-based CP-ABE is lower than that in PBC- based CP-ABE by 74.7%, while in ELiPS-based CP-ABE, it is lower than other schemes by 3.7% compared to MCL-based CP-ABE and by 75.6% com- pared to PBC-based CP-ABE. Encryption time in ELiPS-based CP-ABE is the lowest among the three versions. Encryption time in ELiPS-based CP-ABE decreases by 75.0% compared to that in PBC-based CP-ABE and reduces by 4.9% compared to that in MCL-based CP-ABE.
The decryption time of both MCL-based CP-ABE and ELiPS-based CP-ABE is higher than that of the PBC-based CP-ABE across scenarios. Overall, the experimental results confirm that our ELiPS-based CP-ABE performs comparably to the competitive MCL library, showcasing its efficiency and effectiveness in modern cryptographic applications. Additionally, com- pared to PBC-based CP-ABE, our ELiPS-based solution demonstrates reduced computational costs across most functions, except for decryption. Therefore, in the next study, we aim to reduce the decryption process time in ELiPS-based CP-ABE.
In ELiPS-based CP-ABE, the decryption part primarily utilizes in- version in the Lagrange coefficient part and pairing, which includes the Miller loop and final exponentiation. Both the final exponentiation and inversion are iv equivalent to the number of attributes. Performing these operations can be very expensive, especially when the number of attributes is large. In our second study, we further explore reducing the decryption process time in the initial version of ELiPS-based CP-ABE by proposing two optimiza- tion methods, such as minimizing the number of final exponentiations and in- versions.
The decryption cost comparison shows that our methods reduce the number of final exponentiations from 2n + 1 to 2 and the number of inversions from n + 1 to 2. The experimental results show that the equation with mini- mizing the number of final exponentiations reduces the execution time by an average of 43.6% compared to the original equation, and our proposed equation with minimizing the number of inversions decreases the execution time by an average of 74.4% compared to the equation without minimizing the number of inversions. In addition, we already successfully integrated these minimization methods into the ELiPS-based CP-ABE and implemented several scenarios, which increase the number of attributes from 5 to 100, to measure the decryp- tion time. The effectiveness of the proposal is confirmed through experimental analyses where the decryption time in the ELiPS-based with these optimiza- tions decreased by an average of 45.5% compared to the initial version of ELiPS-based CP-ABE.
In our third study, we further evaluate and analyze the impact of these optimizations on decryption efficiency. Moreover, we compare the ELiPS-based CP-ABE with these improvements to the initial version of ELiPS-based CP- ABE and the original PBC-based CP-ABE. As a result, the combination of both optimization techniques resulted in an average 43.1% overall reduction in decryption time compared to the initial version of the ELiPS-based CP-ABE scheme, while in total execution, it led to a 25. Furthermore, our optimized construction also outperformed the original PBC-based CP-ABE by an average of 53.8%, while providing a higher 128-bit security level.
Our research demonstrates that integrating the ELiPS library into the CP-ABE framework significantly enhances the efficiency and security of the CP-ABE scheme. By implementing optimization techniques, we further re- duced computational costs, particularly during the decryption process. This makes ELiPS-based CP-ABE a highly viable option for modern cryptographic applications, providing robust security and efficient performance. v Acknowledgments I would like to express my sincere gratitude to my supervisor, Professor Yasuyuki Nogami, for his support throughout my doctoral courses at Okayama University.
Without his extraordinary understanding and cooperation, I would not have been able to complete my doctoral research. I also appreciate my co- supervisors, Professor Yoshitaka Toyota, and Associate Professor Yukinobu Fukushima, who gave me a lot of effort to improve this thesis. They also gave me knowledge of electronics and networks through the classes in my courses. I would like to express my gratitude to Specially Appointed Assistant Professor Samsul Huda at the Green Innovation Center, Okayama University, for the in-depth discussion of scientific topics.
His strong work ethic and passion for research helped us publish some remarkable collaborative works. He was always there to help while any difficulty arose from attending conferences to publishing papers. I sincerely thank Assistant Professor Yuta Kodera who is my respected senior and gave me a lot of influence from his great attitude for research. I also appreciate other teachers who have imparted a lot of knowledge to me through the classes in my courses.
Special thanks also to student members of the Information Security Labo- ratory (Nogami Lab.) for creating a great work atmosphere and their generous support. My special thanks to Mr. Yuta Kawada for his kind support in dis- cussions, cooperation, and publishing papers. Thanks to MEXT, Japan for the scholarship that fulfilled my dream to pursue doctoral study in Japan.
I sincerely acknowledge all the funds that afforded me to join several conferences and conduct research activities. I am also grateful to all administrative officers of the Faculty of Engineer- ing who directly or indirectly made an impact on my doctoral course studies.