Several Attacks on Attribute-Based Encryption Schemes

Attribute-based encryption () is a cryptographic framework that provides flexible access control by allowing encryption based on user attributes. is widely applied in cloud storage, file sharing, e-Health, and digital rights management. schemes rely on hard cryptographic assumptions such as pairings and others (pairing-free) to ensure their security against external and internal attacks. Internal attacks are carried out by authorized users who misuse their access to compromise security with potentially malicious intent. One common internal attack is the attribute collusion attack, in which users with different attribute keys collaborate to decrypt data they could not individually access. This paper focuses on the ciphertext-policy (-), a type of where ciphertexts are produced with access policies. Our first work is to carry out the attribute collusion attack against several existing pairing-free - schemes. As a main contribution, we introduce a novel attack, termed the anonymous key-leakage attack, concerning the context in which users could anonymously publish their secret keys associated with certain attributes on public platforms without the risk of detection. This kind of internal attack has not been defined or investigated in the literature. We then show that several prominent pairing-based - schemes are vulnerable to this attack. We believe that this work will contribute to helping the community evaluate suitable - schemes for secure deployment in real-life applications.