基於多授權機構的屬性加密機制，在雲端運用的環境下可允許一對多授權存取的屬性密文資料共享情境，無須屬性金鑰託管，並可有效解決參與屬性授權機構之間的工作負荷分擔及潛在的共謀問題。本論文採用基於橢圓曲線密碼演算法的具自我驗證公開金鑰系統，提出一個適用於多授權機構的屬性加密機制，以解決上述的雲端資料共享問題。在我們提出的機制中，資料使用者藉由分享屬性金鑰方式，獲得既定的資料屬性授權以解開密文。此外，由於屬性金鑰是資料使用者及屬性授權機構共同產生，因此也可以有效避免金鑰託管及屬性機構之間的共謀問題。

Multi-authority attribute-based encryption mechanism realizes the scenario of one-to-many authorized access for attribute-based ciphertext in cloud computing environment, in which no key escrow is required for attribute keys and can be effectively avoid the problems of load balance and potential conspiracy among the involved multiple attribute authorities. By using the ECC-based self-certified public key cryptosystem, this thesis presents a new multi-authority attribute-based encryption mechanism to resolve the ciphertext sharing problem in cloud computing environment mentioned above. Our proposed mechanism enables the data users to share an attribute key so as to decrypt the shared data under the predefined attribute authorization. Besides, our proposed mechanism can effectively avoid the problem of escrowing the attribute keys and the problem of potential conspiracy among the involved multiple attribute authorities.

[1] M. Abdalla, Bellare, M., & Rogaway, P., "DHAES: An Encryption Scheme Based on the Diffie-Hellman Problem.," IACR Cryptol. ePrint Arch., 1999.
[2] M. Abdalla, Bellare, M., & Rogaway, P., "DHIES: An encryption scheme based on the Diffie-Hellman problem," Submission to IEEE P1363a., 2001. [Online]. Available: https://www.cs.ucdavis.edu/~rogaway/papers/dhies.pdf.
[3] S. S. Al-Riyami, & Paterson, K. G., "Certificateless Public Key Cryptography," in International Conference on the Theory and Application of Cryptology and Information Security, Berlin, Heidelberg, 2003: Springer, pp. 452-473.
[4] Public Key Cryptography for the Financial Services Industry, Key Agreement and Key Transport Using Elliptic Curve Cryptography., ANSI., ANSI X9.63:2001., 2001.
[5] E. Barker, Barker, E., Burr, W., Polk, W., & Smid, M., Recommendation for key management: Part 1: General. National Institute of Standards and Technology, Technology Administration, 2006.
[6] A. Beimel, Secure Schemes for Secret Sharing and Key Distribution. Technion - Israel Institute of technology, Faculty of computer science, 1996.
[7] M. Bellare, & Rogaway, P., "Minimizing the use of random oracles in authenticated encryption schemes," presented at the International Conference on Information and Communications Security, 1997.
[8] J. Bethencourt, Sahai, A., & Waters, B., "Ciphertext-policy attribute-based encryption," in 2007 IEEE symposium on security and privacy, 2007: IEEE, pp. 321-334.
[9] A. Bishop. "The Difference Between the Public, Private and Hybrid Cloud." https://thedatashift.org/the-difference-between-the-public-private-and-hybrid-cloud/ (accessed August 5, 2021).
[10] D. Boneh, & Franklin, M., "Identity-based encryption from the Weil pairing.," in Annual international cryptology conference, Berlin, Heidelberg, 2001: Springer, pp. 213-229.
[11] X. Boyen, "Attribute-based functional encryption on lattices," in Theory of Cryptography Conference, Berlin, Heidelberg, 2013: Springer, pp. 122-142.
[12] M. Chase, "Multi-authority attribute based encryption," in Theory of cryptography conference, Berlin, Heidelberg, 2007: Springer, pp. 515-534.
[13] M. Chase, & Chow, S. S., "Improving privacy and security in multi-authority attribute-based encryption," in Proceedings of the 16th ACM conference on Computer and communications security, Chicago, Illinois, USA, 2009: Association for Computing Machinery, pp. 121-130.
[14] Y. Chen, Wen, Q., Li, W., Zhang, H., & Jin, Z. (2018) Generic construction of outsourced attribute-based encryption without key escrow. IEEE Access.
[15] L. Cheung, & Newport, C., "Provably secure ciphertext policy ABE," in Proceedings of the 14th ACM conference on Computer and communications security, Virginia, Alexandria, USA, 2007, pp. 456-465.
[16] M. Demchenko. "SaaS, IaaS, PaaS: What's the Difference." https://ncube.com/blog/saas-paas-iaas (accessed August 5, 2021).
[17] A. W. Dent, "A brief introduction to certificateless encryption schemes and their infrastructures.," in European Public Key Infrastructure Workshop, Berlin, Heidelberg, 2009: Springer, pp. 1-16.
[18] W. Diffie, & Hellman, M. (1976) New directions in cryptography. IEEE transactions on Information Theory. 644-654.
[19] S. Ding, Li, C., & Li, H. (2018) A novel efficient pairing-free CP-ABE based on elliptic curve cryptography for IoT. IEEE Access. 27336-27345.
[20] K. Emura, Miyaji, A., Nomura, A., Omote, K., & Soshi, M., "A Ciphertext-Policy Attribute-Based Encryption Scheme with Constant Ciphertext Length," presented at the International Conference on Information Security Practice and Experience 2009.
[21] C. I. Fan, Lin, Y. C., Tseng, Y. F., & Huang, J. J., "Efficient Platform for Traceable Collaborative Workflow Based on Digital Signature with Bi-Trapdoor Hash Function," presented at the The Fourth International Conference on Informatics & Applications (ICIA2015), Takamatsu, Japan, 2015.
[22] C. I. Fan, Tseng, Y. F., & Feng, C. C., "CCA-Secure Attribute-Based Encryption Supporting Dynamic Membership in the Standard Model.," presented at the 2021 IEEE Conference on Dependable and Secure Computing (DSC), Aizuwakamatsu, Fukushima, Japan, 2021.
[23] X. Fu, Ding, Y., Li, H., Ning, J., Wu, T., & Li, F., "A survey of lattice based expressive attribute based encryption.," Computer Science Review, vol. 43, 2022.
[24] M. Girault, "Self-certified public keys," in Workshop on the Theory and Application of Cryptographic Techniques, Berlin, Heidelberg, 1991: Springer, pp. 490-497.
[25] P. Gong, & Li, P. (2014) Further improvement of a certificateless signature scheme without pairing. International Journal of Communication Systems. 2083-2091.
[26] V. Goyal, Jain, A., Pandey, O., & Sahai, A., "Bounded ciphertext policy attribute based encryption.," in International Colloquium on Automata, Languages, and Programming, Berlin, Heidelberg, 2008: Springer, pp. 579-591.
[27] V. Goyal, Pandey, O., Sahai, A., & Waters, B., "Attribute-based encryption for fine-grained access control of encrypted data.," in Proceedings of the 13th ACM conference on Computer and communications security, Virginia, Alexandria, USA, 2006, pp. 89-98.
[28] M. Green, Hohenberger, S., & Waters, B., "Outsourcing the decryption of abe ciphertexts.," in USENIX security symposium, San Francisco, CA, 2011.
[29] M. A. Hankerson D., Elliptic Curve Public-Key Encryption Schemes. (Encyclopedia of Cryptography and Security). Springer, Boston, MA, 2011.
[30] J. Herranz, Laguillaumie, F., & Ràfols, C., "Constant size ciphertexts in threshold attribute-based encryption.," in International Workshop on Public Key Cryptography, Berlin, Heidelberg, 2010: Springer.
[31] S. Hu, Li, J., Lu, Y., & Zhang, Y. (2020) Constant Ciphertext Size Multi-Authority Attribute-based Scheme without Key Escrow. Journal of Internet Technology. 1647-1657.
[32] IEEE Standard Specifications for Public-Key Cryptography - Amendment 1: Additional Techniques., IEEE., IEEE 1363a-2004., 2004.
[33] Information technology — Security techniques — Encryption algorithms — Part 2: Asymmetric ciphers, ISO., ISO/IEC 18033-2:2006, 2006.
[34] Information technology — Open Systems Interconnection — The Directory — Part 2: Models, ISO., ISO/IEC 9594-2:2017(en), 2017.
[35] D. Johnson, Menezes, A., & Vanstone, S., "The Elliptic Curve Digital Signature Algorithm (ECDSA)." International Journal of Information Security, pp. 36-63, 2001.
[36] S. Kim, Oh, S., Park, S., Wong, D., "On Saeednia's key-exchange protocols.," in In Proc. Teddington Conf. on the Mechanization of Thought Processes, 1998.
[37] N. Koblitz. (1987) Elliptic curve cryptosystems. Mathematics of computation. 203-209.
[38] N. Koblitz, Menezes, A., & Vanstone, S., "The State of Elliptic Curve Cryptography.," Designs, Codes and Cryptography, pp. 173-193., 2000.
[39] J. Lai, Deng, R. H., Guan, C., & Weng, J. (2013) Attribute-based encryption with verifiable outsourced decryption. IEEE Transactions on information forensics and security. 1343-1354.
[40] B. Lee, & Kim, K., "Self-certified signatures," in International Conference on Cryptology in India, Berlin, Heidelberg, 2002.
[41] A. Lewko, & Waters, B., "Decentralizing attribute-based encryption.," in Annual international conference on the theory and applications of cryptographic techniques, Berlin, Heidelberg, 2011: Springer, pp. 568-588.
[42] J. Li, Yao, W., Han, J., Zhang, Y., & Shen, J. (2017) User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage. IEEE Systems Journal. 1767-1777.
[43] The NIST Definition of Cloud Computing, P. Mell, & Grance, T., SP 800-145, 2011.
[44] V. S. Miller, "Use of elliptic curves in cryptography.," in Conference on the theory and application of cryptographic techniques, Berlin, Heidelberg, 1985: Springer, pp. 417-426.
[45] Y. Ming, He, B., & Wang, C. (2021) Efficient Revocable Multi-Authority Attribute-Based Encryption for Cloud Storage. IEEE Access. 42593-42603.
[46] Digital Signature Standard (DSS). NIST., FIPS 186., 1994.
[47] Digital Signature Standard (DSS). NIST., FIPS 186-4., 2013.
[48] Secure Hash Standard (SHS), NIST., FIPS 180-4, 2015.
[49] V. Odelu, & Das, A. K., "Design of a new CP‐ABE with constant‐size secret keys for lightweight devices using elliptic curve cryptography.," Security and Communication Networks, vol. 9, no. 17, pp. 4048-4059, 2016.
[50] T. Okamoto, & Takashima, K. (2020) Decentralized attribute-based encryption and signatures. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences. 41-73.
[51] H. Petersenl, & Horster, P., "Self-certified keys—concepts and applications.," in Communications and Multimedia Security, Boston, MA., 1997: Springer, pp. 102-116.
[52] M. Pirretti, Traynor, P., McDaniel, P., & Waters, B. (2010) Secure attribute-based systems. Journal of Computer Security. 799-837.
[53] S. Porwal, & Mittal, S. (2020) A Privacy Preserving and Efficient Multi Authority–CP-ABE Scheme for Secure Cloud Communication. Journal of Cyber Security and Mobility. 601-626.
[54] R. L. Rivest, Shamir, A., & Adleman, L., "A method for obtaining digital signatures and public-key cryptosystems.," Communications of the ACM, pp. 120-126, 1978.
[55] S. Saeednia, "Identity-based and self-certified key-exchange protocols.," in Australasian conference on information security and privacy, Berlin, Heidelberg., 1997: Springer, pp. 303-313.
[56] A. Sahai, & Waters, B., "Fuzzy identity-based encryption.," in Annual international conference on the theory and applications of cryptographic techniques, Berlin, Heidelberg., 2005: Springer, pp. 457-473.
[57] SEC 1: Elliptic Curve Cryptography, SECG., Standards for Efficient Cryptography 1, 2000.
[58] A. Shamir, "Identity-based cryptosystems and signature schemes.," in Workshop on the theory and application of cryptographic techniques, Berlin, Heidelberg., 1984: Springer, pp. 47-53.
[59] Z. Shao. (2007) Self-certified signature scheme from pairings. Journal of Systems and Software. 388-395.
[60] K. Sowjanya, & Dasgupta, M. (2020) A ciphertext-policy Attribute based encryption scheme for wireless body area networks based on ECC. Journal of Information Security and Applications.
[61] U. S. Varri, Pasupuleti, S. K., & Kadambari, K. V., "Key-escrow free attribute-based multi-keyword search with dynamic policy update in cloud computing.," in 2020 20th IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing (CCGRID), Melbourne, VIC, Australia, 2020, pp. 450-458.
[62] B. Waters, "Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization.," in International Workshop on Public Key Cryptography, Berlin, Heidelberg., 2011: Springer, pp. 53-70.
[63] T. C. Wu, Chang, Y. S., & Lin, T. Y., "Improvement of Saeednia's self-certified key exchange protocols.," Electronics letters, pp. 1094-1095, 1998.
[64] X. Yao, Chen, Z., & Tian, Y. (2015) A lightweight attribute-based encryption scheme for the Internet of Things. Future Generation Computer Systems. 104-112.
[65] X. Yao, Han, X., & Du, X., "A light-weight certificate-less public key cryptography scheme based on ECC.," in 2014 23rd International Conference on Computer Communication and Networks (ICCCN), Shanghai, China, 2014: IEEE, pp. 1-8.
[66] K. H. Yeh, Tsai, K. Y., Kuo, R. Z., & Wu, T. C., "Robust certificateless signature scheme without bilinear pairings.," in 2013 International Conference on IT Convergence and Security (ICITCS), Macao, China, 2013: IEEE, pp. 1-4.
[67] G. Zhang, Liu, L., & Liu, Y., "An attribute-based encryption scheme secure against malicious KGC.," in 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, Liverpool, UK, 2012: IEEE, pp. 1376-1380.
[68] J. Zhang, Zhang, Z., & Ge, A., "Ciphertext policy attribute-based encryption from lattices.," in Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, Seoul, Korea, 2012, pp. 16-17.
[69] Y. Zhang, Deng, R. H., Xu, S., Sun, J., Li, Q., & Zheng, D. (2020) Attribute-based encryption for cloud computing access control: A survey. ACM Computing Surveys (CSUR). 1-41.
[70] Z. Zhang, Zeng, P., Pan, B., & Choo, K. K. R. (2020) Large-universe attribute-based encryption with public traceability for cloud storage. IEEE Internet of Things Journal. 10314-10323.