Security analysis of a privacy‐preserving decentralized ciphertext‐policy attribute‐based encryption scheme

Summary As it does not require a central authority or the cooperation among multiple authorities, decentralized attribute‐based encryption is an efficient and flexible multi‐authority attribute‐based encryption system. In most existing multi‐authority attribute‐based encryption schemes, a global identifier (GID) is introduced to act as the linchpin to resist collusion attacks. Because GID as well as some sensitive attributes used to apply for secret keys will lead to the compromise of user's privacy, some schemes towards solving these privacy issues have been proposed. Nevertheless, only the privacy of GID was considered in prior works. Recently in ESORICS 2014, Han et al. put forward a privacy‐preserving decentralized ciphertext‐policy attribute‐based encryption scheme in the standard model to address the additive privacy of attributes. In their work, a privacy‐preserving key extract protocol is presented to protect both user's identifier and attributes. In this paper, we point out the security weakness of the scheme of Han et al. We present a collusion attack on their basic decentralized ciphertext‐policy attribute‐based encryption scheme and additionally show that the privacy protection of attributes in their privacy‐preserving key extract protocol cannot be provided. Copyright © 2015 John Wiley & Sons, Ltd.