查看文章

With Hidden Credentials Alice can send policyencrypted data to Bob in such a way that he can decrypt the data only with the right combination of credentials. Alice gains no knowledge of Bob’s credentials in the process, and hence the name “Hidden Credentials.” Research on Hidden Credential systems has focused on messages sent to single recipients, where the sender needs to know the recipient’s pseudonym beforehand, and on Hidden Policies, where Bob learns as little information as possible about Alice’s policy for decrypting the message. Current schemes provide weak policy privacy—with non-interactive schemes, the recipient can learn parts of the policy, and with interactive schemes based on secure multiparty computation, a user can try different sets of credentials as input to gain knowledge of the policy after repeated decryption attempts. Furthermore, existing schemes do not support policies with negations efficiently. For example, a policy stating “Bob is not a student” is hard to enforce since Bob can simply withhold, or not use, his student credential. We propose a system called PEAPOD (Privacy-Enhanced Attribute-based Publishing Of Data) that provides the following properties:(1) Users can securely publish data protected by attribute-based policies to multiple possible recipients without requiring interaction between senders and receivers. This is achieved by using a semitrusted server.(2) The plaintext message and the policy are completely hidden from the server.(3) Any recipient, intended or not, learns no other information about a message’s policy beyond the number of clauses in policy that were satisfied. Furthermore the …