TMACS: A Robust and Verifiable Threshold Multi-Authority Access Control System in Public Cloud Storage
Keywords:
CP-ABE, (t; n) threshold secret sharing, multi-authority, public cloud storage, access controlAbstract
Attribute-based Encryption (ABE) is regarded as a promising cryptographic conducting tool to guarantee
data owners’ direct control over their data in public cloud storage. The earlier ABE schemes involve only one authority
to maintain the whole attribute set, which can bring a single-point bottleneck on both security and performance.
Subsequently, some multi-authority schemes are proposed, in which multiple authorities separately maintain disjoint
attribute subsets. However, the single-point bottleneck problem remains unsolved. In this paper, from another
perspective, we conduct a threshold multi-authority CP-ABE access control scheme for public cloud storage, named
TMACS, in which multiple authorities jointly manage a uniform attribute set. In TMACS, taking advantage of (t, n)
threshold secret sharing, the master key can be shared among multiple authorities, and a legal user can generate his/her
secret key by interacting with any t authorities. Security and performance analysis results show that TMACS is not only
verifiable secure when less than t authorities are compromised, but also robust when no less than t authorities are alive in
the system. Furthermore, by efficiently combining the traditional multi-authority scheme with TMACS, we construct a
hybrid one, which satisfies the scenario of attributes coming from different authorities as well as achieving security and
system-level robustness.
