Complex and flexible data access policy in attribute-based encryption

With the development of cloud computing application, attribute-based encryption (ABE) with flexibly fine-grained data access control is widely adopted. However, traditional data access structures are mainly constructed on independent and fixed attribute values. The data access policies in traditional ABE schemes don’t express the relationship of different attributes and the dynamic attribute values. Those seriously restrict wider application of ABE techonlogy. To resolve the problem, condition expression (CE) is first adopted to describe the demanded condition of attribute variables, which also includes combination operation related to many different attribute variables. A rule of CE is established to generate a concreted CE with unique form for an attribute condition. A running function of CE is presented to judge whether the related attribute values satisfy the specified CE automatically. In this article, we provide a ciphertext-policy ABE scheme which adopts the and-gate multi-value attribute access structure with additional CE (and-gate-CE), which has constant ciphertext length and can be proven CPA-secure under the decision q-BDHE assumption in random oracle model. Our scheme realizes to provide a more general data access policy with complicated and flexible CE in and-gate multi-value ABE scheme.