News Highlights:
- Constructed a complex registered attribute-based encryption system using easy-to-analyze component techniques.
- Eliminated the security risk of “master secret key” leakage.
- Removed restrictions on access control policies, allowing the use of “NOT,” repeated attributes, and flexible policy creation.
NTT Corporation (Chiyoda Ward, Tokyo; President: Akira Shimada) has developed a groundbreaking encryption method that enables practical access control in registered attribute-based encryption, overcoming limitations of conventional methods. Registered attribute-based encryption is an advanced form of attribute-based encryption designed to address security concerns in public key encryption with access control. This breakthrough, combining both security and practical access control, was presented at the prestigious 44th Annual International Cryptology Conference (Crypto 2024).
1. Background
Attribute-based encryption (ABE) allows data decryption only when a key matches specific access policies. These policies might include conditions such as “(‘Human Resource Department AND Manager’ OR ‘Accounting Department’)” encoded into the ciphertext, with users’ decryption keys tagged by attributes like “General Manager of Accounting Department.” In traditional ABE, a key generation center, holding a “master secret key,” creates each user’s decryption keys. This central authority poses a security risk—if compromised, all encrypted data in the system could be exposed.
Recent Advances: Registered attribute-based encryption eliminates the need for a key generation center by allowing users to generate their own public and secret keys, which are then registered on a server. This server compresses public keys and generates the master public key for encryption without holding any sensitive information, thus improving system security.
However, previous versions of registered ABE had practical limitations, such as the inability to use “NOT” conditions or reuse the same attribute multiple times in a policy, which limited their flexibility.
2. Key Innovations
NTT’s new encryption system overcomes these limitations, enabling flexible access control policies without compromising security. By constructing a complex system using easy-to-analyze component techniques, NTT has removed previous policy restrictions, making registered attribute-based encryption more practical for real-world applications such as internal data management and content distribution services.
Research Results and Key Technical Achievements
In a joint paper by NTT and the National Institute of Advanced Industrial Science and Technology, NTT introduced a set of conversion techniques that transform registered attribute-based encryption systems with restrictive policy decryption capabilities into more flexible, unrestricted ones. By applying these conversion methods to existing registered attribute-based encryption, the system can now handle complex policies, including “NOT” conditions, unlimited policy sizes, and multiple uses of the same attribute.
Initially, attempts were made to develop a registered attribute-based encryption system directly without policy restrictions. However, proving and implementing the security of such complex encryption systems proved challenging. Instead, NTT successfully developed a more practical approach by assembling complex registered attribute-based encryption from simpler, easier-to-analyze components. This is the first time a registered attribute-based encryption system has been constructed using such a technique, overcoming limitations and improving functionality (Figure 4).
Key Advantages of This Technology:
- Data encryption time is independent of the number of decryptors.
- The system eliminates the need for a master secret key.
- There are no restrictions on access control policies, providing greater flexibility.
Outlook
The development of a registered attribute-based encryption system capable of handling practical conditional decryption is expected to enhance data security for systems involving large user bases, such as content distribution services (e.g., video, music) and organizational data management within companies. This breakthrough significantly reduces the risk of data breaches due to unauthorized access.
NTT will continue research and development to address the inefficiencies in the final registered attribute-based encryption system, which currently arise from the repeated application of transformations, with the goal of further improving practical implementation.