Comment on "An Efficient ABE Scheme With Verifiable Outsourced Encryption and Decryption"

Recently in IEEE Access (DOI: 10.1109/ACCESS.2018.2890565), Li et al. proposed a secure outsourcing algorithm for modular exponentiation in one single untrusted server model and a new method of generating transformation keys. They claimed that their solution can securely outsource encryption and dec...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2020, Vol.8, p.202483-202486
Main Authors: Guo, Zhen, Liu, Bin, Zhao, Kaiqiang, Feng, Chaosheng
Format: Article
Language:English
Subjects:
Algorithms
Attribute-based encryption
ciphertext replacement
Encryption
key generation
Outsourcing
Security
security vulnerability
Servers
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Recently in IEEE Access (DOI: 10.1109/ACCESS.2018.2890565), Li et al. proposed a secure outsourcing algorithm for modular exponentiation in one single untrusted server model and a new method of generating transformation keys. They claimed that their solution can securely outsource encryption and decryption to untrusted ESP (encryption service providers) and DSP (decryption service providers), leaving only a constant number of simple operations for the DO (data owner) and eligible users to perform locally. In addition, both DO and qualified users can check the correctness of the results returned from ESP and DSP, respectively. Although the authors provide security proofs for their scheme, unfortunately, after carefully observing their scheme, we find that the scheme has security vulnerabilities. These vulnerabilities allow the adversary to generate the sub-key for any attribute and replace ciphertext sub-item, which result in the adversary to be able to break their scheme. In response to this problem, we propose an improved solution and proved its security.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2020.3036123