Attribute-based encryption with adaptive policy

For the fine-grained data access control, attribute-based encryption (ABE) has become one of the potential components to secure cloud storage and social networks, in which the ciphertext is decrypted by the users with specific attributes instead of the unique identity. According to the access policy, ABE can be classified into three classes: ciphertext-policy (CP) ABE, key-policy (KP) ABE, and dual-policy (DP) ABE, which are, respectively, used to control attributes of data, attributes of users, and both of them. But when multiple requirements coexist, none of the three access policies could be applied directly. The paper proposed the new primitive called generalized policy attribute-based encryption (GP-ABE) firstly. A GP-ABE scheme based on bilinear pairing is designed also. In the proposal, the access structure is set by an identification function. Therefore, it could give different access policies according to different requirements adaptively, i.e., it gives the separate or combined access control on data attribute, user attribute, and both of them. Compared with the existing CP-ABE, KP-ABE, and DP-ABE, GP-ABE presents adaptive access policy while avoiding the additional cost. The proposed scheme is proved to be secure under selective attribute set attacks with q-bilinear Diffie–Hellman exponent assumption.