# A Delegation Attack Method on Attribute-Based Signatures and Probable Solutions

^{1}

^{2}

^{3}

^{4}

^{*}

## Abstract

**:**

## 1. Introduction

- We first analyze the potential vulnerability related to the delegatibility property of ABS under the common unforgeability security model, and propose the delegation attack method to break the unforgeability of the existing ABS schemes.
- We then give two attack instances on a classical ABS construction [20] to show the feasibility of the delegation attack method.
- Finally, we propose two solutions to improve the above issue and give a further discussion about the delegatibility property of ABS.

## 2. Related Work

#### 2.1. Attribute-Based Signature

#### 2.2. Delegation in Attribute-Based Cryptography

## 3. Preliminaries

#### 3.1. Access Structure

#### 3.2. Bilinear Pairing

**Bilinearity**: $\forall {g}_{1},{g}_{2}\in G$, $\forall x,y\in {Z}_{p}$, $e({g}_{1}^{x},{g}_{2}^{y})=e{({g}_{1},{g}_{2})}^{xy}$.**Non-degeneracy**: $e(g,g)\ne 1$.**Computability**: $\forall {g}_{1},{g}_{2}\in G$, the computation of $e({g}_{1},{g}_{2})$ is efficient.

#### 3.3. Lagrange Polynomial Interpolation

## 4. Definitions

#### 4.1. System Roles and Algorithms of ABS

- $Setup(\xi ,U)\to (PK,MSK)$: This is a probabilistic algorithm run by the attribute authority. It takes as input a security parameter $\xi $ and a system attribute universe U, and outputs the system public key $PK$ and the master secret key $MSK$.
- $KeyGen(MSK,W)\to S{K}_{W}$: This is a probabilistic algorithm run by the attribute authority. With the input of the master secret key $MSK$ and an attribute set W, it generates a signing key $S{K}_{W}$ related to W.
- $Sign(PK,M,\mathbb{T},S{K}_{W})\to \sigma $: This is a probabilistic algorithm run by the signer. It takes as input the system public key $PK$, a message M to be signed, a target policy $\mathbb{T}$ and a sining key $S{K}_{W}$. If $\mathbb{T}\left(W\right)=1$, it outputs the signature $\sigma $ of M under the target policy $\mathbb{T}$. Note that M and $\mathbb{T}$ are implicitly included in the signature.
- $Verify(PK,\sigma ,M,\mathbb{T})\to 1/0$: This is a deterministic algorithm run by the verifier. On input the system public key $PK$, the signature $\sigma $, the original message M and the target policy $\mathbb{T}$, it outputs 1 if the signature is valid, i.e., the signature is generated based on the message M and the policy $\mathbb{T}$ with a signing key whose associating attributes satisfy $\mathbb{T}$. Otherwise, it outputs 0.

#### 4.2. Security Model

#### 4.2.1. Unforgeability

**Setup Phase.**With the input of a security parameter $\xi $ and the system attribute universe U, the challenger runs the $Setup$ algorithm to generate $PK$ and $MSK$. Then, it sends $PK$ to the forger, but holds $MSK$ itself.**Query Phase.**The forger $\mathcal{F}$ is allowed adaptively issue a polynomial number of queries to the $KeyGen$ and $Sign$ oracles run by the challenger. The $KeyGen$ will return the sining key related to the submitted attribute set S, and the $Sign$ oracle will return a valid signature $\sigma $ based on a pair $(M,\mathbb{T})$ of the submitted message and the policy.**Forgery Phase.**The forger $\mathcal{F}$ outputs a signature ${\sigma}^{*}$ of the message ${M}^{*}$ with respect to a target policy ${\mathbb{T}}^{*}$.

- ${\sigma}^{*}$ is a valid signature of the message ${M}^{*}$ with respect to the target policy ${\mathbb{T}}^{*}$.
- Any attribute set ${W}^{*}$ with ${\mathbb{T}}^{*}\left({W}^{*}\right)=1$ has not been submitted to the $KeyGen$ oracle.
- The pair of $({M}^{*},{\mathbb{T}}^{*})$ has not been submitted to the $Sign$ oracle.

**Init Phase.**The forger selects and publishes a challenge policy ${\mathbb{T}}^{*}$ which will be included in the forgery signature.

**Weak existential forgery.**The forger can generate a minimum of one valid signature for a message without a signature (the forger usually has no control over selecting this forged message).

**Strong existential forgery.**The adversary can generate a valid signature, unlike any signature he has seen. Conversely to weak existential unforgeability, the corresponding message to the forged signature may have been signed already.

#### 4.2.2. Perfect Privacy

## 5. Vulnerability Analysis and Attack Instances

#### 5.1. Vulnerability Analysis

#### 5.2. Review of Li’s ABS Construction

- $Setup(\xi ,U)\to (PK,MSK).$

- $KeyGen(MSK,W)\to S{K}_{W}.$

- $Sign(PK,M,\mathbb{T},S{K}_{W})\to \sigma .$

- $Verify(PK,\sigma ,M,\mathbb{T})\to 1/0.$

#### 5.3. Attack Instances on Li’s ABS Construction

- 1.
- ${\mathbb{T}}_{1}^{\prime}=({t}^{*},{S}^{*}\backslash x).$

- 2.
- ${\mathbb{T}}_{2}^{\prime}=({t}^{*}+1,{S}^{*}).$

## 6. Probable Solutions

#### 6.1. The First Solution

#### 6.2. The Second Solution

- $Delegate(PK,\sigma ,\mathbb{T},{\mathbb{T}}^{\prime})\to {\sigma}^{\prime}$: This is a probabilistic algorithm run by anyone. It takes as input the system public key $PK$, an original signature $\sigma $ and its related policy $\mathbb{T}$, as well as a new policy ${\mathbb{T}}^{\prime}\supset \mathbb{T}$ (i.e., ${\mathbb{T}}^{\prime}$ is looser than $\mathbb{T}$), and outputs a new signature related the new policy ${\mathbb{T}}^{\prime}$ and the original message.

## 7. Conclusions

## Author Contributions

## Funding

## Institutional Review Board Statement

## Informed Consent Statement

## Data Availability Statement

## Acknowledgments

## Conflicts of Interest

## References

- Shamir, A. Identity-based cryptosystems and signature schemes. In Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques, Santa Barbara, CA, USA, 19–22 August 1984; Springer: Berlin/Heidelberg, Germany, 1984; pp. 47–53. [Google Scholar]
- Gu, Y.; Shen, L.; Zhang, F.; Xiong, J. Provably Secure Linearly Homomorphic Aggregate Signature Scheme for Electronic Healthcare System. Mathematics
**2022**, 10, 2588. [Google Scholar] [CrossRef] - Choon, J.C.; Hee Cheon, J. An identity-based signature from gap Diffie-Hellman groups. In Proceedings of the International Workshop on Public Key Cryptography, Miami, FL, USA, 6–8 January 2003; Springer: Berlin/Heidelberg, Germany, 2003; pp. 18–30. [Google Scholar]
- Galindo, D.; Garcia, F.D. A Schnorr-like lightweight identity-based signature scheme. In Proceedings of the International Conference on Cryptology in Africa, Gammarth, Tunisia, 21–25 June 2009; Springer: Berlin/Heidelberg, Germany, 2009; pp. 135–148. [Google Scholar]
- Kóczy, L.T.; Susniene, D.; Purvinis, O.; Konczosné Szombathelyi, M. A New Similarity Measure of Fuzzy Signatures with a Case Study Based on the Statistical Evaluation of Questionnaires Comparing the Influential Factors of Hungarian and Lithuanian Employee Engagement. Mathematics
**2022**, 10, 2923. [Google Scholar] [CrossRef] - Yang, P.; Cao, Z.; Dong, X. Fuzzy identity based signature with applications to biometric authentication. Comput. Electr. Eng.
**2011**, 37, 532–540. [Google Scholar] [CrossRef] - Galindo, D.; Herranz, J.; Kiltz, E. On the generic construction of identity-based signatures with additional properties. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, 3–7 December 2006; Springer: Berlin/Heidelberg, Germany, 2006; pp. 178–193. [Google Scholar]
- Sahai, A.; Waters, B. Fuzzy identity-based encryption. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, 22–26 May 2005; Springer: Berlin/Heidelberg, Germany, 2005; pp. 457–473. [Google Scholar]
- Bethencourt, J.; Sahai, A.; Waters, B. Ciphertext-policy attribute-based encryption. In Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP’07), Berkeley, CA, USA, 20–23 May 2007; IEEE: Piscataway, NJ, USA, 2007; pp. 321–334. [Google Scholar]
- Hao, J.; Huang, C.; Ni, J.; Rong, H.; Xian, M.; Shen, X.S. Fine-grained data access control with attribute-hiding policy for cloud-based IoT. Comput. Netw.
**2019**, 153, 1–10. [Google Scholar] [CrossRef] - Garcia-Grau, F.; Herrera-Joancomartí, J.; Dorca Josa, A. Attribute Based Pseudonyms: Anonymous and Linkable Scoped Credentials. Mathematics
**2022**, 10, 2548. [Google Scholar] [CrossRef] - Chinnasamy, P.; Deepalakshmi, P.; Dutta, A.K.; You, J.; Joshi, G.P. Ciphertext-Policy Attribute-Based Encryption for Cloud Storage: Toward Data Privacy and Authentication in AI-Enabled IoT System. Mathematics
**2021**, 10, 68. [Google Scholar] [CrossRef] - Hao, J.; Tang, W.; Huang, C.; Liu, J.; Wang, H.; Xian, M. Secure data sharing with flexible user access privilege update in cloud-assisted IoMT. IEEE Trans. Emerg. Top. Comput.
**2021**, 10, 933–947. [Google Scholar] [CrossRef] - Yang, E.; Parvathy, V.S.; Selvi, P.P.; Shankar, K.; Seo, C.; Joshi, G.P.; Yi, O. Privacy Preservation in Edge Consumer Electronics by Combining Anomaly Detection with Dynamic Attribute-Based Re-Encryption. Mathematics
**2020**, 8, 1871. [Google Scholar] [CrossRef] - Hao, J.; Huang, C.; Liu, J.; Xian, M.; Shen, X. Efficient outsourced data access control with user revocation for cloud-based IoT. In Proceedings of the 2018 IEEE Global Communications Conference (GLOBECOM), Abu Dhabi, United Arab Emirates, 9–13 December 2018; IEEE: Piscataway, NJ, USA, 2018; pp. 1–6. [Google Scholar]
- Oberko, P.S.K.; Obeng, V.H.K.S.; Xiong, H.; Kumari, S. A survey on Attribute-Based Signatures. J. Syst. Archit.
**2022**, 124, 102396. [Google Scholar] [CrossRef] - Maji, H.; Prabhakaran, M.; Rosulek, M. Attribute-Based Signatures: Achieving Attribute-Privacy and Collusion-Resistance. Cryptology ePrint Archive. 2008. Available online: https://eprint.iacr.org/2008/328.pdf?origin%3Dpublication_detail (accessed on 30 October 2022).
- Goyal, V.; Pandey, O.; Sahai, A.; Waters, B. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, 30 October–3 November 2006; pp. 89–98. [Google Scholar]
- Sahai, A.; Seyalioglu, H.; Waters, B. Dynamic credentials and ciphertext delegation for attribute-based encryption. In Proceedings of the Annual Cryptology Conference, Santa Barbara, CA, USA, 19–23 August 2012; Springer: Berlin/Heidelberg, Germany, 2012; pp. 199–217. [Google Scholar]
- Li, J.; Au, M.H.; Susilo, W.; Xie, D.; Ren, K. Attribute-based signature and its applications. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China, 13–16 April 2010; pp. 60–69. [Google Scholar]
- Shanqing, G.; Yingpei, Z. Attribute-based signature scheme. In Proceedings of the 2008 International Conference on Information Security and Assurance (ISA 2008), Busan, Republic of Korea, 24–26 April 2008; IEEE: Piscataway, NJ, USA, 2008; pp. 509–511. [Google Scholar]
- Li, J.; Kim, K. Hidden attribute-based signatures without anonymity revocation. Inf. Sci.
**2010**, 180, 1681–1689. [Google Scholar] [CrossRef] - Shahandashti, S.F.; Safavi-Naini, R. Threshold attribute-based signatures and their application to anonymous credential systems. In Proceedings of the International Conference on Cryptology in Africa, Gammarth, Tunisia, 21–25 June 2009; Springer: Berlin/Heidelberg, Germany, 2009; pp. 198–216. [Google Scholar]
- Okamoto, T.; Takashima, K. Efficient Attribute-Based Signatures for Non-monotone Predicates in the Standard Model. In Proceedings of the International Workshop on Public Key Cryptography, Taormina, Italy, 6–9 March 2011; Springer: Berlin/Heidelberg, Germany, 2011; pp. 35–52. [Google Scholar]
- Okamoto, T.; Takashima, K. Decentralized attribute-based signatures. In Proceedings of the International Workshop on Public Key Cryptography, Nara, Japan, 26 February–1 March 2013; Springer: Berlin/Heidelberg, Germany, 2013; pp. 125–142. [Google Scholar]
- Ge, A.; Chen, C.; Ma, C.; Zhang, Z. Short and Efficient Expressive Attribute-Based Signature in the Standard Model. Cryptology ePrint Archive. 2012. Available online: https://eprint.iacr.org/2012/125 (accessed on 30 October 2022).
- Waters, B. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In Proceedings of the International Workshop on Public Key Cryptography, Taormina, Italy, 6–9 March 2011; Springer: Berlin/Heidelberg, Germany, 2011; pp. 53–70. [Google Scholar]
- Herranz, J.; Laguillaumie, F.; Libert, B.; Rafols, C. Short attribute-based signatures for threshold predicates. In Proceedings of the Cryptographers’ Track at the RSA Conference, San Francisco, CA, USA, 27 February–2 March 2012; Springer: Berlin/Heidelberg, Germany, 2012; pp. 51–67. [Google Scholar]
- Gagné, M.; Narayan, S.; Safavi-Naini, R. Short pairing-efficient threshold-attribute-based signature. In Proceedings of the International Conference on Pairing-Based Cryptography, Cologne, Germany, 16–18 May 2012; Springer: Berlin/Heidelberg, Germany, 2012; pp. 295–313. [Google Scholar]
- Escala, A.; Herranz, J.; Morillo, P. Revocable attribute-based signatures with adaptive security in the standard model. In Proceedings of the International Conference on Cryptology in Africa, Dakar, Senegal, 5–7 July 2011; Springer: Berlin/Heidelberg, Germany, 2011; pp. 224–241. [Google Scholar]
- Ding, S.; Zhao, Y.; Liu, Y. Efficient traceable attribute-based signature. In Proceedings of the 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, Beijing, China, 24–26 September 2014; IEEE: Piscataway, NJ, USA, 2014; pp. 582–589. [Google Scholar]
- Kaafarani, A.E.; Ghadafi, E.; Khader, D. Decentralized traceable attribute-based signatures. In Proceedings of the Cryptographers’ Track at the RSA Conference, San Francisco, CA, USA, 25–28 February 2014; Springer: Berlin/Heidelberg, Germany, 2014; pp. 327–348. [Google Scholar]
- Chen, X.; Li, J.; Huang, X.; Li, J.; Xiang, Y.; Wong, D.S. Secure outsourced attribute-based signatures. IEEE Trans. Parallel Distrib. Syst.
**2014**, 25, 3285–3294. [Google Scholar] [CrossRef] [Green Version] - Chen, Y.; Li, J.; Liu, C.; Han, J.; Zhang, Y.; Yi, P. Efficient attribute based server-aided verification signature. IEEE Trans. Serv. Comput.
**2021**, 6, 3224–3232. [Google Scholar] [CrossRef] - Cui, H.; Deng, R.H.; Liu, J.K.; Yi, X.; Li, Y. Server-aided attribute-based signature with revocation for resource-constrained industrial-internet-of-things devices. IEEE Trans. Ind. Inform.
**2018**, 14, 3724–3732. [Google Scholar] [CrossRef] - Xiong, H.; Bao, Y.; Nie, X.; Asoor, Y.I. Server-aided attribute-based signature supporting expressive access structures for industrial internet of things. IEEE Trans. Ind. Inform.
**2019**, 16, 1013–1023. [Google Scholar] [CrossRef] - Sun, J.; Su, Y.; Qin, J.; Hu, J.; Ma, J. Outsourced decentralized multi-authority attribute based signature and its application in IoT. IEEE Trans. Cloud Comput.
**2019**, 9, 1195–1209. [Google Scholar] [CrossRef] - Zhang, S.; Chen, P.; Wang, J. Online/offline attribute based signature. In Proceedings of the 2014 Ninth International Conference on Broadband and Wireless Computing, Communication and Applications, Guangdong, China, 8–10 November 2014; IEEE: Piscataway, NJ, USA, 2014; pp. 566–571. [Google Scholar]
- Lin, G.; Xia, Y.; Ying, C.; Sun, Z. F2p-abs: A fast and secure attribute-based signature for mobile platforms. Secur. Commun. Netw.
**2019**, 2019, 5380710. [Google Scholar] [CrossRef] [Green Version] - Yu, J.; Liu, S.; Wang, S.; Xiao, Y.; Yan, B. LH-ABSC: A lightweight hybrid attribute-based signcryption scheme for cloud-fog-assisted IoT. IEEE Internet Things J.
**2020**, 7, 7949–7966. [Google Scholar] [CrossRef] - Kumar, P.; Kumar, R.; Gupta, G.P.; Tripathi, R.; Srivastava, G. P2tif: A blockchain and deep learning framework for privacy-preserved threat intelligence in industrial iot. IEEE Trans. Ind. Inform.
**2022**, 18, 6358–6367. [Google Scholar] [CrossRef] - Kumar, R.; Kumar, P.; Aljuhani, A.; Islam, A.N.; Jolfaei, A.; Garg, S. Deep learning and smart contract-assisted secure data sharing for IoT-based intelligent agriculture. IEEE Intell. Syst.
**2022**, 1–8. [Google Scholar] [CrossRef] - Kumar, P.; Kumar, R.; Gupta, G.P.; Tripathi, R.; Jolfaei, A.; Islam, A.N. A blockchain-orchestrated deep learning approach for secure data transmission in IoT-enabled healthcare system. J. Parallel Distrib. Comput.
**2023**, 172, 69–83. [Google Scholar] [CrossRef] - Kumar, P.; Kumar, R.; Kumar, A.; Franklin, A.A.; Garg, S.; Singh, S. Blockchain and Deep Learning for Secure Communication in Digital Twin Empowered Industrial IoT Network. IEEE Trans. Netw. Sci. Eng.
**2022**, 1–13. [Google Scholar] [CrossRef] - Blömer, J.; Bobolz, J. Delegatable attribute-based anonymous credentials from dynamically malleable signatures. In Proceedings of the International Conference on Applied Cryptography and Network Security, Leuven, Belgium, 2–4 July 2018; Springer: Berlin/Heidelberg, Germany, 2018; pp. 221–239. [Google Scholar]
- Pussewalage, H.S.G.; Oleshchuk, V. A Delegatable Attribute Based Encryption Scheme for a Collaborative E-health Cloud. IEEE Trans. Serv. Comput.
**2022**, 1. [Google Scholar] [CrossRef] - Joshi, M.; Joshi, K.P.; Finin, T. Delegated authorization framework for EHR services using attribute based encryption. IEEE Trans. Serv. Comput.
**2019**, 14, 1612–1623. [Google Scholar] [CrossRef] [Green Version] - Hao, J.; Liu, J.; Wang, H.; Liu, L.; Xian, M.; Shen, X. Efficient attribute-based access control with authorized search in cloud storage. IEEE Access
**2019**, 7, 182772–182783. [Google Scholar] [CrossRef] - Hao, J.; Liu, J.; Wu, W.; Tang, F.; Xian, M. Secure and fine-grained self-controlled outsourced data deletion in cloud-based IoT. IEEE Internet Things J.
**2019**, 7, 1140–1153. [Google Scholar] [CrossRef] - Jiang, Y.; Susilo, W.; Mu, Y.; Guo, F. Ciphertext-policy attribute-based encryption against key-delegation abuse in fog computing. Future Gener. Comput. Syst.
**2018**, 78, 720–729. [Google Scholar] [CrossRef]

References | Year | Contributions |
---|---|---|

[17] | 2008 | first formalize ABS |

[20] | 2010 | flexible threshold policy |

[22] | 2010 | limited $(n,n)$ threshold policy |

[24] | 2011 | non-monotone policy |

[25] | 2013 | decentralized multi-authority |

[28] | 2012 | constant size signatures |

[29] | 2012 | short pairing-efficient |

[30] | 2011 | revocable |

[31] | 2014 | traceable |

[32] | 2014 | decentralized traceable |

[33] | 2014 | outsourced |

[34] | 2021 | server-aided verification |

[35] | 2018 | server-aided verification |

[37] | 2019 | outsourced decentralized multi-authority |

[38] | 2014 | online/offline |

[39] | 2019 | lightweighted |

[40] | 2020 | lightweighted |

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |

© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Hao, J.; Wu, W.; Wang, S.; Zhong, X.; Chu, G.; Shao, F.
A Delegation Attack Method on Attribute-Based Signatures and Probable Solutions. *Mathematics* **2023**, *11*, 29.
https://doi.org/10.3390/math11010029

**AMA Style**

Hao J, Wu W, Wang S, Zhong X, Chu G, Shao F.
A Delegation Attack Method on Attribute-Based Signatures and Probable Solutions. *Mathematics*. 2023; 11(1):29.
https://doi.org/10.3390/math11010029

**Chicago/Turabian Style**

Hao, Jialu, Wei Wu, Shuo Wang, Xiaoge Zhong, Guang Chu, and Feng Shao.
2023. "A Delegation Attack Method on Attribute-Based Signatures and Probable Solutions" *Mathematics* 11, no. 1: 29.
https://doi.org/10.3390/math11010029