Attribute-based encryption (ABE) is a generalization of public-key encryption that enables fine-grained access control in cloud services. Recently, Hohenberger et al. (Eurocrypt 2023) introduced the notion of registered ABE, which is an ABE scheme without a trusted central authority. Instead, users generate their own public/secret keys and then register their keys and attributes with a key curator. The key curator is a transparent and untrusted entity and its behavior needs to be audited for malicious registration. In addition, pairing-based registered ABE still suffers the heavy decryption overhead like ABE. A general approach to address this issue is to outsource decryption to a decryption cloud service (DCS).In this work, we propose BA-ORABE, the first fully auditable registered ABE with reliable outsourced decryption scheme based on blockchain. First, we utilize a verifiable tag mechanism to achieve verifiability of ciphertext transformation, and the exemptibility which enables the honest DCS to escape from wrong claims is guaranteed by zero knowledge fraud proof under optimistic assumption. Additionally, our system achieves fairness and decentralized outsourcing to protect the interests of all parties and the registration and outsourcing process are transparent and fully auditable through blockchain. Finally, we give security analysis, implement and evaluate our scheme on Ethereum to demonstrate its feasibility and efficiency, and show its advantages in real application of decentralized finance.
翻译:属性基加密(ABE)作为公钥加密的泛化形式,能够为云服务提供细粒度访问控制。近期,Hohenberger等人(Eurocrypt 2023)提出了注册ABE的概念,这是一种无需可信中心机构的ABE方案。在该方案中,用户自主生成公钥/私钥对,随后将密钥与属性提交至密钥管理节点进行注册。密钥管理节点作为透明且不可信的实体,其注册行为需接受恶意操作审计。此外,基于配对的注册ABE仍存在与ABE类似的高解密开销问题,通用解决方案是将解密计算外包至解密云服务(DCS)。本文提出BA-ORABE方案,这是首个基于区块链构建的、具备完全可审计性与可靠外包解密能力的注册ABE方案。首先,我们采用可验证标签机制实现密文变换的可验证性,并通过乐观假设下的零知识欺诈证明机制保障诚实DCS免受错误指控的豁免权。此外,本系统通过公平性设计与去中心化外包机制保护各方权益,其注册与外包流程依托区块链实现完全透明化与可审计性。最后,我们通过安全性分析、以太坊平台上的方案实现与性能评估,证明了该方案的可行性与高效性,并展示了其在去中心化金融实际应用中的优势。