# Efficient Lattice CP-ABE AC Scheme Supporting Reduced-OBDD Structure for CCN/NDN

^{*}

## Abstract

**:**

## 1. Introduction

#### 1.1. Clarification of Problem and Contribution

- (i)
- The proposed CP-ABE AC scheme from ideal lattice supports a reduced-OBDD access structure. Reduced-OBDD offers a compact and optimized access structure with fewer nodes and paths. Encryption and decryption are performed by waking on the path instead of using nodes. This means that it has a lower encryption and decryption computational time over rings.
- (ii)
- The proposed scheme supports Boolean operations such as AND, OR and threshold gate. Also, it can support multiple subscribers of positive and negative attributes in strategy.
- (iii)
- Our scheme is quantum secured for polynomial time quantum algorithms based on the assumption of R-LWE. Due to the algebraic construction from the ideal lattice, it is more effective than schemes based on ring learning LWE.
- (iv)
- Our scheme has an improvement over the sample right algorithms with a stronger trapdoor and efficient sampling based on the discrete Gaussian in $O\left(lo{g}^{c}n\right)$ instead of $\mathsf{\Omega}\left({n}^{2}lo{g}^{2}n\right).$

#### 1.2. Methods

#### 1.2.1. Flexible and Expressive Access Policy

#### 1.2.2. Optimized Algorithms

#### 1.2.3. Efficient Secured Content Sharing Over CCN/NDN

#### 1.3. Organization

## 2. Related Works

#### 2.1. Encryption Access Control Schemes from Lattice

#### 2.2. Secured Content Centric Network (CCN/NDN)

## 3. Preliminaries

#### 3.1. Lattice

**Definition**

**1.**

**Definition**

**2.**

**Definition**

**3.**

**Definition**

**4.**

**Definition**

**5.**

**Lamma**

**1.**

#### 3.2. Gaussian Sampling for a Ring

**Definition**

**6.**

#### 3.3. Some Significant Algorithms

#### 3.3.1. Algorithm Generation of Trapdoor

**Theorem**

**1.**

#### 3.3.2. Algorithm for Preimage Sampling

**Theorem**

**2.**

- Encode:$$E={\mathsf{\Lambda}}_{q}^{\perp}\left({{A}^{\prime}}_{\rho}^{T}\left(\widehat{e}\right)\right)\in {Z}_{q}^{n\times mn}$$
- $$t=PreimSampAlg\left(E,{T}_{\widehat{e}},P,\alpha ,\mathsf{\sigma}\right)\in {Z}_{q}^{n\times mn}$$
- $$\widehat{g}=Ma{p}^{1}\left(t\right)\in {R}_{q}^{m},\widehat{g}~{D}_{{Z}^{mn},}\sigma $$

#### 3.4. Decision R-LWE Problem

#### 3.5. Access Structure

#### 3.6. Reduced Ordered Decision Diagram (Reduced-OBDD)

#### 3.7. Ciphertext-Policy Attribute Base Encryption Model

#### 3.8. Selective Set Model

## 4. Our Construction

#### 4.1. Constructing Boolean Function of an Access Policy

#### 4.2. Reduced- OBDD Access Structure Construction

Algorithm 1 Build Redeuced-OBDD |

1: function BUILD [Table 1, Table 2](id, low, high) |

2: if low== high then |

3: return low |

4: end if |

5: If element (Table 2, id, low, high) then |

6: return lookup(Table 2, id, low, high) |

7: end if |

8: If low<> high then |

9: w=insert(Table 1, ID, low, high) |

10: return insert(Table 2, id, low, high) |

11: end if |

12: end function |

Algorithm 2 Construct Reduced-OBDD |

1: Function CONSTRUCT [Table 1, Table 2](t, i) |

2: if i > n then |

3: if t== false then |

4: return 0 |

5: end if |

6: if t == true then |

7: return 1 |

8: end if |

9: end if |

10: if i ! > n then |

11: return q0= CONSTRUCT(t[0/xi], i+1) |

12: return q1= CONSTRUCT (t[1/xi], i+1) |

13: return BUILD(t, i) |

14: end if |

15: end function |

#### 4.3. Satisfying Reduced-OBDD Structure

#### 4.4. Construction Of Reduced-OBDD ABE AC From Lattice

Algorithm 3 Decryption Process |

1: look for the node with serial number 2 |

2: Define it as the new node |

3: Extract the node details ${Node}_{id}^{i}$ include in the node |

4: if $i\in set\bigwedge i=i$ then |

5: seek the high-branch-node of the new node based on the high order |

6: if high-branch -= = 0 then |

7: end the process |

8: end if |

9: if high-branch = = 1 then |

10: store the root $\to 1$ path |

11: end if |

12: if high-branch ==non-leaf-node then |

13: go to line 2 |

14: end if |

15: end if |

16: if $i\in set\bigwedge =\neg i\bigvee i\notin set$ then |

17: Seek the low-branch-node of the new node based on the low order |

18: if low-branch == 0 then |

19 end the process |

20: end if |

21: if low-branch = =1 then |

22: store the root $\to $1 then |

23: end if |

24: if low-branch = = non-leaf-node then |

25: go to line 2 |

26: end if |

27: end if |

#### 4.5. Correctness and Security Proof

#### 4.5.1. Correctness

#### 4.5.2. Security Proof

**Theorem**

**3.**

**Proof**

**:**

## 5. Performance Analysis

#### 5.1. Complexity Analysis

#### 5.2. Discussion of Simulated Result

Scheme | KeyGen $\mathit{l}=\left(10/20/30/40/50\right)$ | Encryption $\mathit{l}=\left(10/20/30/40/50/\right)$ | Decryption $\mathit{l}=\left(10/20/30/40/50\right)$ |
---|---|---|---|

[28] | (57.6/69.7/78.9/ 91.1/99.8) | (16.13/21.32/27.39/33.91/36.12) | (0.79/0.90/1.38/1.58/1.79) |

[31] | (73.6/82.5/91.8/102.8/119.8) | (21.78/27.58/33.84/37.12/47.86) | (1.66/1.71/1.98/2.15/2.41) |

[24] | (65.6/74.1/87.3/101.8/111.9) | (18.98/24.58/29.47/31.22/41.99) | (0.80/1.543/1.69/ 1.81/1.90) |

ours | (51.6/62.7/ 70.8/82.08/89.8) | (14.51/19.81/24.81/29.99/33.59) | (0.51/0.82/1.11/1.17/1.29) |

**Table 2.**Relevant related schemes in terms of their access structures, operations and capacity analysis.

Scheme | Access Structures | Operation | PP size | MK Size | SK Size | Ciphertext Size |
---|---|---|---|---|---|---|

[28] | LSSS matrix | AND, OR, Threshold | $\left(snm+nm+n\right)logq$ | $s{m}^{2}logq$ | ${\left[\left(s+1\right)m\right]}^{2}$ | $\left(s+1\right)mlogq$ |

[31] | Threshold gate | Threshold | $\left(2nm+n\right)logq$ | $2sn{m}^{2}logq$ | ${m}^{2}{d}^{2}logq+mU$ | $\left(dm{A}_{s}+1\right)logq$ |

[24] | Threshold gate | Threshold, AND | $3nm+n+sn)logq$ | ${m}^{2}logq$ | $2mU$ | $\left(2m{A}_{s}+1\right)logq$ |

ours | Reduce-OBDD | AND, OR, Threshold | $\left(smn+n\right)logq$ | ${m}^{2}logq$ | $mU$ | $\left(m{A}_{s}+1\right)logq$ |

## 6. Integrating Lattice Based CP-ABE AC with CCN/NDN

#### 6.1. System Model

- (i)
- Asymmetric encryption algorithm, which is used for the encryption and the decryption of the content
- (ii)
- Lattice CP-ABE AC algorithm, which is used to encrypt the content policy which contains the password used to decrypt the content data

#### 6.2. Our Proposed Secured Information Sharing Scenario

- (i)
- The TSP generates a pair of keys $\left\{PK,SK\right\}$ by running $KeyGen()$ in Section 4 to the user upon registration. The user installs the secrete key $SK$ on his device and sends $\{PK,ID)$ to the Publisher.
- (ii)
- TSP runs $KeyGen\left(a\right)$ to generate a pair of keys $\left\{PPK,PSK\right\},$ and a hashed code of one of the users $ID=\{H\left(ID\right)$} to the $CDP$. Let $a\in {R}_{q}$ be a uniformly random value and ${r}_{1},{r}_{2}\in {R}_{q}$ be a sample from distribution $\mathcal{X}$. The TSP generates $p={r}_{1}-a\xb7{r}_{2}\in {R}_{q}$ and outputs the public key $PPK$ and secret keys $PSK$ as $\left(a,p\right)$ and ${r}_{2}$ respectively.The keys generated to users have time validation and automatic key update property, so users will not receive any update once their keys expire or compromised. When the CDP recieves $\left\{PPK,PSK,H\left(ID\right)\right\}$ from the TSP and $\left\{PK,ID\right\}$from the CU, he authentics the CU by running a hash function of the ID and compares it with the hash codes, $ID=\{H\left(ID\right)$} received from the TSP.

- (i)
- CDP selects key pairs, $\left\{PPK,PSK\right\}$ and parameters, ${\theta}_{0},{\theta}_{1},{\theta}_{2}\in {R}_{q}.$ He runs the encryption algorithm $Enc\left(PPK,E\left(CD\right)\right)$, where $E\left(CD\right)$ is the encoded CD and set ${C}_{CD}=({C}^{1},{C}^{2})=\left(a\xb7{\theta}_{0}+{\theta}_{1},p{\theta}_{1}+{\theta}_{2}+E\left(CD\right)\right)$.
- (ii)
- The CDP runs the encryption algorithm $Encryption\left(PP,M=PSK,AS\right)\to \left(CT\right)$in Section 4 and the broadcasts $\left({C}_{CD}\right)$ and $CT$ to the cloud server. Note that $\left({C}_{CD}\right)$ is the encrypted content data CD which CUs are interested and CT is the encrypted content policy which contains some relevant information about the CD and secrete key to or password to decrypt $\left({C}_{CD}\right)$.

- (i)
- The CU runs the decryption $\left(CT,PP,SK\right)\to \left(PSK\right)$ algorithm in Section 4 to obtain the secret key $PSK.$ To obtain $PSK,$ the user’s attributes $\left(SK\right)$ must satisfy $\left(PP\right)$.
- (ii)
- The CU runs $Dec\left({C}_{CD},PSK\right)$ to output ${m}^{\prime}={C}^{1}\xb7{r}_{1}+{C}^{2}\in {R}_{q}$ to obtain $m$ from ${m}^{\prime}$.

#### 6.3. Key Exchange Protocol, Encryption and Decryption Model

- (i)
- Firstly, the user runs the decryption algorithm $Decrypt(\left(CT=Enc\left(CP\right),SK\right)$ in Section 4 to extract the secrete kay $PSK$ using the secret key $SK$ associated with his attribute.
- (ii)
- Finally, using $PSK$, the user extracts his interested content data $CD$ by running the decryption $Dec\left(\left(CD,PPK\right)PSK\right)\to CD$. The user can obtain and utilize the message if and only if his attributes match with the policy enforced on the content policy to obtain the secret key $PSK$ for decryption of the Content data.

#### 6.4. Security Analysis of our System

#### 6.4.1. Privacy

#### 6.4.2. Authentication

## 7. Conclusions

## Author Contributions

## Funding

## Conflicts of Interest

## References

- Anggorojati, B.; Mahalle, P.N.; Prasad, N.R.; Prasad, R. Capability-based access control delegation model on the federated IoT network. In Proceedings of the 15th International Symposium on Wireless Personal Multimedia Communications, Taipei, Taiwan, 15 July 2012. [Google Scholar]
- Grusho, A. Five SDN-Oriented Directions in Information Security. In Proceedings of the 2014 International Science and Technology Conference (Modern Networking Technologies) (MoNeTeC), Moscow, Russia, 28–29 October 2014; Volume 1, pp. 1–4. [Google Scholar]
- Cao, Z. New Directions of Modern Cryptography; CRC Press Inc.: Boca Raton, FL, USA, 2012; pp. 1–400. [Google Scholar]
- Herranz, J.; Laguillaumie, F.; Ràfols, C. Constant size ciphertexts in threshold attribute-based encryption. In Proceedings of the 13th International Conference on Practice and Theory in Public Key Cryptography, Paris, France, 26–28 May 2010. [Google Scholar]
- Chen, C. Fully secure attribute-based systems with short ciphertexts/signatures and threshold access structures. Comput. Sci.
**2013**, 7779, 50–67. [Google Scholar] - Hohenberger, S.; Waters, B. Online/offline attribute-based encryption. In Public-Key Cryptography; Springer: Berlin/Heidelberg, Germany, 2014; pp. 293–310. [Google Scholar]
- Lai, J.; Deng, R.H.; Guan, C.; Weng, J. Attribute-based encryption with verifiable outsourced decryption. IEEE Trans. Inf. Forensics Secur.
**2013**, 8, 1343–1354. [Google Scholar] - Zhou, Z.; Huang, D. On efficient ciphertext-policy attribute based encryption and broadcast encryption Extended abstract. IEEE Trans. Comput.
**2010**, 395, 753–755. [Google Scholar] - Song, Y.; Li, Z.; Li, Y.; Li, J. A new multi-use multi-secret sharing scheme based on the duals of minimal linear codes, Secure. Commun. Netw.
**2015**, 8, 202–211. [Google Scholar] - Wang, J.; Xiong, N.N.; Wang, J.; Yeh, W.C. A compact ciphertext-policy attribute-based encryption scheme for the information-centric Internet of Things. IEEE Access
**2018**, 6, 63513–63526. [Google Scholar] [CrossRef] - Ajtai, M. Generating hard instances of lattice problems (extend abstract). In Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, New York, NY, USA, 1 July 1996. [Google Scholar]
- Zhu, W.; Yu, J.; Wang, T.; Xie, W. Efficient attribute-based encryption from R-LWE. Chin. J. Electron.
**2014**, 23, 778–782. [Google Scholar] - Tan, S.F.; Samsudin, A. Lattice ciphertext-policy attribute-based encryption from RingLWE. In Proceedings of the IEEE International Symposium on Technology Management and Emerging Technologies, Langkawi, Malaysia, 25 August 2015. [Google Scholar]
- Yan, X.; Liu, Y.; Li, Z.; Huang, Q. A privacy-preserving multi-authority attribute-based encryption scheme on ideal lattices in the cloud environment. Netinfo Secur.
**2017**, 8, 19–25. [Google Scholar] - Wang, T.; Han, G.; Yu, J.; Zhang, P.; Sun, X. Efficient chosen-ciphertext secure encryption from R-LWE. Wirel. Pers. Commun.
**2017**, 95, 1–16. [Google Scholar] [CrossRef] - Yu, J.; Yang, C.; Tang, Y.; Yan, X. Attribute-Based Encryption Scheme Supporting Tree-Access Structure on Ideal Lattices. In Proceedings of the International Conference on Cloud Computing and Security, Haikou, China, 8 June 2018. [Google Scholar]
- Ostrovsky, R.; Sahai, A.; Waters, B. Attribute-based encryption with non-monotonic access structures. In Proceedings of the 14th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, 8 May 2007. [Google Scholar]
- Micciancio, D.; Peikert, C. Trapdoors for lattices: Simpler, tighter, faster, smaller. In Advances in Cryptology—EUROCRYPt; Springer: Berlin/Heidelberg, Germany, 2012. [Google Scholar]
- Agrawal, S.; Boneh, D.; Boyen, X. Lattice basis delegation in fixed dimension and shorter-ciphertext hierarchical IBE. In Proceedings of the Advances in Cryptology-CRYPTO 2010, 30th Annual Cryptology Conference, Santa Barbara, CA, USA, 15–19 August 2010. [Google Scholar]
- Kirchner, P.; Fouque, P. An improved BKW algorithm for LWE with applications to cryptography and lattices. In Proceedings of the Advances in Cryptology-CRYPTO 2015-35th Annual Cryptology Conference, Santa Barbara, CA, USA, 16–20 August 2015. [Google Scholar]
- Agrawal, S.; Boyen, X.; Vaikunthanathan, V.; Voulgaris, P.; Wee, H. Functional Encryption for Threshold Functions (or, Fuzzy IBE) from Lattices in Public Key Cryptography-PKC. Available online: https://www.iacr.org/cryptodb/data/paper.php?pubkey=24341 (accessed on 8 January 2020).
- Zhang, J.; Zhang, Z.; Ge, A. Ciphertext policy attribute-based encryption from lattices. In Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security; Association for Computing Machinery: New York, NY, USA, 2012. [Google Scholar]
- Jian, Z.; Haiying, G. Attribute-Based Encryption for Restricted Circuits from Lattices. In Proceedings of the IEEE Tenth International Conference on Computational Intelligence and Security, Kunming, China, 15 November 2014. [Google Scholar]
- Wang, Y.T. Lattice ciphertext policy attribute-based encryption in the standard model. Int. J. Netw. Sec.
**2014**, 16, 444–451. [Google Scholar] - Nguyen, K.; Wang, H.; Zhang, J. Server-aided revocable identity-based encryption from lattices. In Proceedings of the International Conference on Cryptology and Network Security, Milan, Italy, 14–16 November 2016. [Google Scholar]
- Wang, S.; Zhang, X.; Zhang, Y. Efficient revocable and grantable attribute-based encryption from lattices with fine-grained access control. IET Inf. Secur.
**2018**, 12, 141–149. [Google Scholar] [CrossRef] - Agrawal, S.; Boneh, D.; Boyen, X. Efficient lattice (H) IBE in the standard model. In Advances in Cryptology; Springer: Berlin/Heidelberg, Germany, 2010. [Google Scholar]
- Boyen, X. Attribute-based functional encryption on lattices. In Proceedings of the Theory of Cryptography. 10th Theory of Cryptography Conference TCC, Tokyo, Japan, 3–6 March 2013. [Google Scholar]
- Zhao, J.; Gao, H. LSSS Matrix-Based Attribute-Based Encryption on Lattices. In Proceedings of the 13th International Conference on Computational Intelligence and Security (CIS), Hong Kong, China, 15–18 December 2017. [Google Scholar]
- Liu, Y.; Wang, L.; Li, L.; Yan, X. Secure and Efficient Multi-Authority Attribute-Based Encryption Scheme from Lattices. IEEE Access
**2018**, 7, 3665–3674. [Google Scholar] [CrossRef] - Liu, X.; Ma, J.; Xiong, J.; Li, Q.; Zhang, T.; Zhu, H. Threshold attribute-based encryption with attribute hierarchy for lattices in the standard model. IET Inf. Secur.
**2014**, 8, 217–223. [Google Scholar] [CrossRef] - Ion, M.; Zhang, J.; Schooler, E.M. Toward content-centric privacy in ICN: Attribute-based encryption and routing. In Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM, Hong Kong, China, 12 August 2013. [Google Scholar]
- Jacobson, V.; Smetters, D.K.; Thornton, J.D.; Plass, M.F.; Briggs, N.H.; Braynard, R.L. Networking named content. Commun. ACM
**2012**, 55, 117–124. [Google Scholar] [CrossRef] - Papanis, J.P.; Papapanagiotou, S.I.; Mousas, A.S.; Lioudakis, G.V.; Kaklamani, D.I.; Venieris, I.S. On the use of attribute-based encryption for multimedia content protection over information-centric networks. Trans. Emerg. Telecommun. Technol.
**2014**, 25, 422–435. [Google Scholar] [CrossRef] - Li, B.; Huang, D.; Wang, Z.; Zhu, Y. Attribute-based access control for ICN naming scheme. IEEE Trans. Dependable Secur. Comput.
**2018**, 15, 194–206. [Google Scholar] [CrossRef] - Mannes, E.; Maziero, C.; Lassance, L.; Borges, F. Optimized access control enforcement over encrypted content in information-centric networks. In Proceedings of the 20th IEEE Symposium on Computers and Communications-ISCC 2015, Larnaca, Cyprus, 6–9 July 2015. [Google Scholar]
- Misra, S.; Tourani, R.; Majd, N.E. Secure content delivery in information-centric networks: Design, implementation, and analyses. In Proceedings of the 3rd ACM SIGCOMM Workshop on Information-Centric Networking, Hong Kong, China, 12 August 2013. [Google Scholar]
- Goyal, V.; Pandey, O.; Sahai, A.; Waters, B. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, 30 October−3 November 2006. [Google Scholar]
- Affum, E.; Zhang, X.; Wang, X.; Ansuura, J.B. Efficient CP-ABE Scheme for IoT CCN Based on ROBDD. In Advances in Computer Communication and Computational Sciences; Springer: Berlin/Heidelberg, Germany, 2019. [Google Scholar]
- Zhao, X.; Li, H. Privacy preserving data-sharing scheme in content centric networks against collusion name guessing attacks. IEEE Access
**2017**, 5, 23182–23189. [Google Scholar] [CrossRef] - Agrawal, S.; Dan, B.; Boyen, X. Lattice basis delegation in fixed dimension and short-ciphertext hierarchical IBE. In Advances in Cryptology-CRYPTO; Springer: Berlin/Heidelberg, Germany, 2010; pp. 98–115. [Google Scholar]
- The PALISADE. Lattice Cryptography Library. Available online: https://git.njit.edu/palisade/PALISADE (accessed on 2 December 2019).

© 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Affum, E.; Zhang, X.; Wang, X.; Ansuura, J.B.
Efficient Lattice CP-ABE AC Scheme Supporting Reduced-OBDD Structure for CCN/NDN. *Symmetry* **2020**, *12*, 166.
https://doi.org/10.3390/sym12010166

**AMA Style**

Affum E, Zhang X, Wang X, Ansuura JB.
Efficient Lattice CP-ABE AC Scheme Supporting Reduced-OBDD Structure for CCN/NDN. *Symmetry*. 2020; 12(1):166.
https://doi.org/10.3390/sym12010166

**Chicago/Turabian Style**

Affum, Eric, Xiasong Zhang, Xiaofen Wang, and John Bosco Ansuura.
2020. "Efficient Lattice CP-ABE AC Scheme Supporting Reduced-OBDD Structure for CCN/NDN" *Symmetry* 12, no. 1: 166.
https://doi.org/10.3390/sym12010166