Projects

Sponsors

edit SideBar

Software implementation of Attribute-Based Encryption

Abstract

A ciphertext-policy attribute-based encryption protocol uses bilinear pairings to provide control access mechanisms, where the set of user’s attributes is specified by means of a linear secret sharing scheme. In this paper we present the design of a software cryptographic library that implements a 127-bit security level attribute-based encryption scheme achieving state-of-the-art timings for the computation of a single bilinear pairing, and record timings for the computation of attribute-based encryption at this level of security. We developed all the auxiliary building blocks required by the scheme and compare the computational weight that each of the most important building blocks adds to the overall performance of this protocol.

Key Words: attribute-based-encryption, pairing-based protocols, bilinear pairings, scalar multiplication


Download

The released version: lsss2.tar.bz2 Always get the git version.

Preview our paper: abe_zdpmsrtrh_preview.pdf

Pairing 2013 invited talk (Francisco Rodríguez-Henríquez): pairing2013_FRH.pdf


Requirements

mv ate-pairing ate
(cd lsss2 && git checkout -b work lsss2-released)

Build

(cd ate && make)
cd lsss2
make

Attributes in G1

make test
make test6
make test20

Attributes in G2

make testG2
make test6G2
make test20G2

Benchmarks

We present the timings of the project on an Intel Core i7 4770 @3.4GHz

Protocol timings

LSSS ABE Protocol 10^3 CPU cycles
Attributes in G1 Attributes in G2
Six stributes Twenty attributes Six stributes Twenty attributes
Encryption 2,384 7,150 2,921 9,129
KeyGen 652 1,699 1,326 3,994
Decrypt (A=1) 4,606 12,776 3,515 9,528
Total 7,642 21,625 7,762 22,651
pairing cost 4,378 11,168 3,123 7,043
Pairing cost (%) 57.3 51.6 40.2 31.1

Arithmetic in G_i subgroups

Subgroup Operation Op. Composition 10^3 CPU cycles
G1 Mixed addition 8m + 3s 1.10
Full addition 11m + 5s --
Dbl J 2m + 5s 0.86
G2 Mixed addition 24m + 6s 3.09
Full addition 33m + 10s 4.50
Dbl J 6m + 10s 2.03
GT Sqr in $G_{\Phi_6}({F}_{p^2})$ 18m 2.66
Mul 54m 4.03

Pairing and auxiliary functions

Operation Operation count 10^3 CPU cycles Op/SM_U_G1
Regular Pairing $10,312$ mul256 + $4,954$ mod512 $1,162$ $5.95$
Fixed-argument Pairing $8,738$ mul256 + $3,792$ mod512 $980$ $5.03$
1 more pairing U $4,619$ mul256 + $2,307$ mod512 + $18,874$ add/sub $483$ $2.48$
1 more pairing F $3,013$ mul256 + $1,127$ mod512 + $13,324$ add/sub $280$ $1.44$
G1mul C, $w = 8$ $32$PD + $32$PA = $320$m + $256$s $61$ $0.31$
G1mul U, $w = 3$ $129$PD + $65$PA = $778$m + $840$s $195$ $1.00$
G2mul C, $w = 8$ $32$PD + $32$PA = $960$m + $512$s $161$ $0.83$
G2mul U, $w = 3$ $65$PD + $65$PA = $1,950$m + $1040$s $354$ $1.82$
GTexpo C, $w = 8$ $32$Sqr + $32$Mult = $2,304$m $260$ $1.33$
GTexpo U, $w = 3$ $65$Sqr + $65$Mult = $4,680$m $557$ $2.86$
Map-To-Point $\G_1$ $\approx 1.5$ exp over $\F_p$ $\approx$ $576$m $72$ $0.37$
Map-To-Point $\G_2$ $\approx 3$ exp over $\F_p^2$ $\approx$ $3,456$m $262$ $1.34$

We present the timings of the project on an Intel Core i7 2600K @3.4GHz

Protocol timings

LSSS ABE Protocol 10^3 CPU cycles
Attributes in G1 Attributes in G2
Six stributes Twenty attributes Six stributes Twenty attributes
Encryption 3,358 10,134 4,043 12,726
KeyGen 940 2,476 1,834 5,625
Decrypt (A=1) 6,263 17,157 4,611 12,732
Total 10,561 29,767 10,488 31,083

Arithmetic in G_i subgroups

Subgroup Operation Op. Composition 10^3 CPU cycles
G1 Mixed addition 8m + 3s 1.64
Full addition 11m + 5s 2.44
Dbl J 2m + 5s 1.20
G2 Mixed addition 24m + 6s 4.21
Full addition 33m + 10s 6.09
Dbl J 6m + 10s 2.75
GT Sqr in $G_{\Phi_6}({F}_{p^2})$ 18m 3.56
Mul 54m 6.84

Pairing and auxiliary functions

Operation Operation count 10^3 CPU cycles Op/SM_U_G1
Regular Pairing $10,312$ mul256 + $4,954$ mod512 $1,510$ $5.49$
1 more pairing U $4,619$ mul256 + $2,307$ mod512 + $18,874$ add/sub $602$ $2.19$
1 more pairing F $3,013$ mul256 + $1,127$ mod512 + $13,324$ add/sub $380$ $1.38$
G1mul C, $w = 8$ $32$PD + $32$PA = $320$m + $256$s $89$ $0.32$
G1mul U, $w = 3$ $129$PD + $65$PA = $778$m + $840$s $275$ $1.00$
G2mul C, $w = 8$ $32$PD + $32$PA = $960$m + $512$s $205$ $0.75$
G2mul U, $w = 3$ $65$PD + $65$PA = $1,950$m + $1040$s $484$ $1.76$
GTexpo C, $w = 8$ $32$Sqr + $32$Mult = $2,304$m $332$ $1.21$
GTexpo U, $w = 3$ $65$Sqr + $65$Mult = $4,680$m $712$ $2.59$
Map-To-Point $\G_1$ $\approx 1.5$ exp over $\F_p$ $\approx$ $576$m $77$ $0.28$
Map-To-Point $\G_2$ $\approx 3$ exp over $\F_p^2$ $\approx$ $3,456$m $463$ $1.68$

Authors


Contact


Page last modified on December 02, 2013, at 02:25 AM EST
Search Crypto group CINVESTAV

Projects

Sponsors

edit SideBar