TY - JOUR
T1 - Implementation and Evaluation of a Lattice-Based Key-Policy ABE Scheme
AU - Dai, Wei
AU - Doroz, Yarkin
AU - Polyakov, Yuriy
AU - Rohloff, Kurt
AU - Sajjadpour, Hadi
AU - Savas, Erkay
AU - Sunar, Berk
N1 - Funding Information:
Manuscript received June 28, 2017; revised October 4, 2017; accepted November 9, 2017. Date of publication December 4, 2017; date of current version January 29, 2018. The work of W. Dai, Y. Doröz, and B. Sunar was supported by the US National Science Foundation CNS Award #1561536. The work of Y. Polyakov, K. Rohloff, H. Sajjadpour, and E. Savas¸’s was supported in part by the Defense Advanced Research Projects Agency and in part by the Army Research Laboratory under Contract W911NF-15-C-0226 and Contract W911NF-15-C-0233. The associate editor coordinating the review of this manuscript and approving it for publication was Prof. Qian Wang. (Corresponding author: Kurt Rohloff.) W. Dai, Y. Doröz, and B. Sunar are with Worcester Polytechnic Institute, Worcester, MA 01609 USA (e-mail: wdai@wpi.edu; ydoroz@wpi.edu; sunar@wpi.edu).
Publisher Copyright:
© 2005-2012 IEEE.
PY - 2018/5
Y1 - 2018/5
N2 - In this paper, we report on our implementation of a lattice-based key-policy attribute-based encryption (KP-ABE) scheme, which uses short secret keys. The particular KP-ABE scheme can be used directly for attribute-based access control applications, as well as a building block in more involved applications and cryptographic schemes, such as audit log encryption, targeted broadcast encryption, functional encryption, and program obfuscation. We adapt a recently proposed KP-ABE scheme based on the learning with errors (LWE) problem to a more efficient scheme based on the ring learning with errors (RLWE) problem, and demonstrate an implementation that can be used in practical applications. Our state-of-the-art implementation on graphics processing units shows that the homomorphic public key and ciphertext evaluation operations, which dominate the execution time of the KP-ABE scheme, can be performed in a reasonably short amount of time. Our practicality results also hold when scaled to a relatively large number of attributes. To the best of our knowledge, this is the first KP-ABE implementation that supports both ciphertext and public key homomorphism, and the only experimental practicality results reported in this paper.
AB - In this paper, we report on our implementation of a lattice-based key-policy attribute-based encryption (KP-ABE) scheme, which uses short secret keys. The particular KP-ABE scheme can be used directly for attribute-based access control applications, as well as a building block in more involved applications and cryptographic schemes, such as audit log encryption, targeted broadcast encryption, functional encryption, and program obfuscation. We adapt a recently proposed KP-ABE scheme based on the learning with errors (LWE) problem to a more efficient scheme based on the ring learning with errors (RLWE) problem, and demonstrate an implementation that can be used in practical applications. Our state-of-the-art implementation on graphics processing units shows that the homomorphic public key and ciphertext evaluation operations, which dominate the execution time of the KP-ABE scheme, can be performed in a reasonably short amount of time. Our practicality results also hold when scaled to a relatively large number of attributes. To the best of our knowledge, this is the first KP-ABE implementation that supports both ciphertext and public key homomorphism, and the only experimental practicality results reported in this paper.
KW - GPU computing
KW - Lattice-based cryptography
KW - RLWE
KW - attribute-based encryption
UR - http://www.scopus.com/inward/record.url?scp=85037626836&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85037626836&partnerID=8YFLogxK
U2 - 10.1109/TIFS.2017.2779427
DO - 10.1109/TIFS.2017.2779427
M3 - Article
AN - SCOPUS:85037626836
SN - 1556-6013
VL - 13
SP - 1169
EP - 1184
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
IS - 5
M1 - 8125711
ER -