Degree Name

Doctor of Philosophy


School of Computing and Information Technology


Attribute-based encryption (ABE) as a promising cryptographic primitive in public-key cryptography is faced with many challenges from inherent incompatible construction difficulties and demands of real-world applications.

This thesis starts from the study of efficiency and expressiveness of attribute-based encryption. The feature of flexibility of attribute-based encryption causes additional computational overheads in encryption and decryption and increases the length of ciphertexts and private keys. The dilemma between efficiency and expressiveness of attribute-based encryption encourages novel techniques in ABE scheme construction. A new ciphertext-policy attribute-based encryption (CP-ABE) scheme supporting access policies of an AND-gate and a threshold with short ciphertexts is proposed. Such a scheme offers succinct ciphertexts with further expressiveness and allows encryptors to assign attributes into types of mandatory and optional when designing an access policy.

An insightful observation of key construction in CP-ABE systems leads to an interesting topic of key-delegation abuse. This issue shows a property of CP-ABE schemes that without further restriction any valid user private key can be used to delegate new keys with less access privilege. Considering possible severe consequence, a new CP-ABE scheme with key-delegation abuse resistance is proposed. Such a scheme prohibits illegally generating new keys by any kind of splitting or combining user private keys.

The thesis then investigates a new challenge of access policy update in ABE systems. The access policies in private keys or ciphertexts in ABE systems cannot be changed; however, the ability of modifying existing policies is highly desired for real-world applications. Schemes with efficient attribute addition and revocation mechanism are proposed. Such schemes allow encryptors to add (or revoke) attributes to (or from) access policies of existing ciphertexts via a proxy server and remain the ciphertexts sent to users with constant size.

The thesis further conducts research into real-world scenarios. The scenario of Fog Computing is first considered and a traceable CP-ABE scheme with key-delegation abuse resistance is proposed to solve private key delegation and key duplication problem. The second considered scenario is the problem of preserving certain attributes when applying the proposed access policy update mechanism. We propose two innovative CP-ABE schemes and their variants for scenarios in Fog Computing and access policy update with attribute preservation.



Unless otherwise indicated, the views expressed in this thesis are those of the author and do not necessarily represent the views of the University of Wollongong.