Journal of Applied Security Research

ISSN: 1936-1610 (Print) 1936-1629 (Online) Journal homepage: https://www.tandfonline.com/loi/wasr20

An Efficient File Hierarchy Attribute Based

Encryption Using Optimized Tate Pairing
Construction in Cloud Environment

Balaji Chandrasekaran, Yasuyuki Nogami & Ramadoss Balakrishnan

To cite this article: Balaji Chandrasekaran, Yasuyuki Nogami & Ramadoss Balakrishnan (2019):
An Efficient File Hierarchy Attribute Based Encryption Using Optimized Tate Pairing Construction in
Cloud Environment, Journal of Applied Security Research, DOI: 10.1080/19361610.2019.1649534

To link to this article: https://doi.org/10.1080/19361610.2019.1649534

Published online: 03 Oct 2019.

Submit your article to this journal

Article views: 1

View related articles

View Crossmark data

Full Terms & Conditions of access and use can be found at

https://www.tandfonline.com/action/journalInformation?journalCode=wasr20
JOURNAL OF APPLIED SECURITY RESEARCH
https://doi.org/10.1080/19361610.2019.1649534

An Efficient File Hierarchy Attribute Based Encryption

Using Optimized Tate Pairing Construction in Cloud
Environment
Balaji Chandrasekarana, Yasuyuki Nogamib, and Ramadoss Balakrishnana
a
Department of Computer Applications, National Institute of Technology, Tiruchirappalli,
Tamilnadu, India; bDepartment of Communication Network Engineering, Okayama University,
Okayama, Japan

ABSTRACT KEYWORDS
One of the most preferred encryption techniques for data Attribute based encryption
sharing in cloud environment is Ciphertext-Policy Attribute (ABE); cloud computing; file
Based Encryption (CP-ABE). An efficient File Hierarchy CP-ABE hierarchy; optimization
(FH-CP-ABE) scheme using an integrated access structure was
proposed by Wang and colleagues. Their working construction
was based on symmetric pairing. In this article, we propose an
efficient Asymmetric File Hierarchy Ciphertext-Policy Attribute
Based Encryption (AFH-CP-ABE) which is based on an asym-
metric pairing construction using denominator elimination
and twist mapping. We apply this optimized Tate pairing in
the proposed AFH-CP-ABE to find out its computational costs
for encryption and decryption using gmp 6.0.0 library and
then compared with existing schemes.

Introduction
Many organizations have shifted from building their own monolithic data
centers to outsourcing it to cloud storages offered by third party cloud ser-
vice providers. A few reasons for this shift include convenience, flexibility,
high scalability, cost reduction, and so forth. Besides these advantages, the
major concern is the security of data stored in third party cloud service
providers. For example, one of the promising application of cloud comput-
ing is online social networks in which users can share photos and videos
among more than a billion users. However, the cloud service provider can
gain full access to the data of the users and may compromise the data for
commercial benefits without his concern. Thus, how to efficiently provide
access control and confidentiality for the data stored in the cloud is one of
the biggest challenge in cloud environment.

CONTACT Balaji Chandrasekaran cbalaji1988@gmail.com Department of Computer Applications, National

Institute of Technology, Tiruchirappalli, Tamilnadu, India.
Color versions of one or more of the figures in the article can be found online at www.tandfonline.com/wasr.
ß 2019 Taylor & Francis Group, LLC
2 B. CHANDRASEKARAN ET AL.

To protect data from getting leaked, one has to encrypt the data before
storing it in the cloud storage. Some access policies are to be implemented
to prevent the data from unauthorized access. A Hierarchical Attribute-Set-
Based Encryption (HASBE) is proposed by Wan, Liu, & Deng (2012) for
cloud environment. HASBE scheme utilizes user’s hierarchical access struc-
ture and supports efficient user revocation. They also proved HASBE secur-
ity based on Ciphertext-Policy Attribute Based Encryption (CP-ABE;
Bethencourt, Sahai, & Waters, 2007). To mitigate the window of vulnerabil-
ity, the attributes validity period are maintained small. This characteristic
allows multiple value assignments to expiration time attribute. This allows
efficient key updating and data re-encryption.
A hierarchical attribute-based encryption scheme is proposed by Zou
(2013). This scheme has a constant size cipher text and a linear order pri-
vate key size. This scheme also has an association between secret key and
attribute set. Deng and colleagues (2014) proposed an elaborated version of
Attribute based Encryption (ABE) called ciphertext-policy hierarchical ABE
(CP-HABE). Here, the attributes are organized in the form of matrix. The
users who have access to top level attributes are able to pass on their access
rights to the bottom level users. These characteristics enable hierarchically
organized large groups to efficiently share data using CP-ABE.
Access tree, AND gate and linear secret sharing scheme are the three
kinds of access structures used in existing CP-ABE. AND gate access struc-
ture was first used by Cheung and Newport (2007) to achieve CP-ABE.
Improved schemes (Nishide, Yoneyama, & Ohta, 2008; Guo, Mu, Susilo,
Wong, & Varadharajan, 2014) are also proposed later. Some CP-ABE
schemes based on access tree (Bethencourt et al., 2007; Xie, Ma, Li, &
Chen, 2013) that support AND, OR and threshold access structures based
on linear secret sharing scheme (Waters, 2011) where (Bethencourt et al.,
2007; Waters, 2011) are the major schemes of access tree and linear secret
sharing scheme. But none of these schemes could solve the problem of
multiple hierarchical files sharing.
File Hierarchy CP-ABE (FH-CP-ABE; Wang et al., 2016) scheme pro-
posed integrated access structure to solve the problem of multiple hierarch-
ical files sharing in cloud environment. They use symmetric pairing for
FH-CP-ABE construction. Unfortunately, some optimization cannot be
done in symmetric pairing. The proposed work focuses on optimized asym-
metric pairing construction to boost the effectiveness of the scheme.

Our contributions
The proposed Asymmetric File Hierarchy Ciphertext-Policy Attribute Based
Encryption (AFH-CP-ABE) is based on an asymmetric pairing
 JOURNAL OF APPLIED SECURITY RESEARCH 3

construction. We use the optimized Tate pairing on a supersingular curve

of embedding degree 2 over extension field of extension degree 2 in which
the pairing cost has been optimized using denominator elimination and
twist mapping. It significantly improves both Miller’s algorithm and final
exponentiation. We apply this optimized Tate pairing in this proposed
AFH-CP-ABE to find out its execution time for encryption and decryption
and then compared with Bethencourt and colleagues (2007) and Wang and
colleagues (2016).

Optimized Tate pairing

In this section, we explain the improved Tate pairing algorithm (Kumano &
Nogami, 2015). Let E : y2 ¼ x3 þ b; b 2 Fp be a supersingular curve. Let Fpm
denotes the extension field of the supersingular curve. The cardinality of this
group: EðFp Þ ¼ p þ 1 and EðFp2 Þ ¼ p2  1: The torsion structure of EðFp2 Þ
has rank 2. There is isomorphic mapping between cyclic groups in torsion
structure in super singular curves. We take two points P and Q in cyclic groups
G1 and G2 on E on two dimensional extension field respectively. Let P and Q
be defined as follows:


P : fxp ; 0g; yp ; 0
Q : ðfX; 0g; fY; 2YgÞ
To make Tate pairing algorithm more efficient, we make the follow-
ing changes:

1. Denominator elimination and omitting multiplication in Tate pairing

using twist map.
2. Replacing subtractions with additions.

Denominator elimination and omitting multiplication in Tate pairing using

twist map
When the group order of EðFp Þ ¼ p þ 1; the final exponentiation becomes
the function f p1 : Final exponentiation eliminates the denominators
v2C ðxQ Þ and vCþP ðxQ Þ in the Tate pairing algorithm. Further, the line
lC;C ðQÞcan be efficiently calculated as follows:
   
lC;C ðQÞð2yC ; 0Þ ¼ ðY; 2YÞðyC ; 0Þ ð2yC ; 0Þ  3x2C ; 0 ðXxC ; 0Þ
 
¼ ð2yC ðYyC Þ; 4yC YÞ  3x2C ðXxC Þ; 0
 
¼ 2yC ðYyC Þ  3x2C ðXxC Þ; 4yC Y (1)
4 B. CHANDRASEKARAN ET AL.

Likewise,
 
lC;P ðQÞð2yC ; 0Þ ¼ ðxC xp ÞðYyC ÞðyC yp ÞðXxC Þ; 2ðxC xp ÞY (2)

Omitting multiplication in Tate pairing using twist map

The twist map can be defined as follows:
E : y2 ¼ x3 þ 1 ! E0 : y2 ¼ x3 þ a6
   
P : xp ; 0; yp ; 0 ! P0 : a2 xp ; 0; a3 yp ; 0
 
Q : ððX; 0; Y; 2YÞÞ ! Q0 : a2 X; 0; a3 Y; 2a3 Y
Where a is a quadratic non-residue in Fp which should be set as follows:
p
3 ffiffiffiffiffiffiffiffi
a3 Y ¼ 1; a ¼ Y1
Using twist map, Y can be mapped to 1:

Replacing subtractions with additions

After using twist map, Equations (1) and (2) can be rewritten as follows:
 
lC;C ðQÞð2yC ; 0Þ ¼ 2yC ðYyC Þ  3x2C ðXxC Þ; 4yC
 
¼ 2yC Y  3x2C X þ y2C  3a6 ; 4yC
  2  
¼ yC ð2Y þ yC Þ  3 xC X þ a ; 4yC
6
(3)
 
lC;P ðQÞð2yC ; 0Þ ¼ ðxC xp ÞðYyC ÞðyC yp ÞðXxC Þ; 2ðxC xp Þ (4)

In Equation (3), we eliminate two subtraction operations by two addition

operations. The optimized Tate pairing cost when Y ¼ 1 and Y 6¼ 1 are
3.85 ms and 4.10 ms respectively.

Proposed AFH-CP-ABE
The proposed asymmetric based AFH-CP-ABE uses optimized Tate pairing
algorithm. The bilinear map e : G1  G2 ! GT ; G1 ; G2 and GT be the
bilinear group of prime order p: Let g1 and g2 be the generators of the
Q
group G1 and G2 respectively. The Lagrange coefficient Dk;S ¼ l2S;l6¼k ðx 


lÞ=ðk  lÞ; k 2 Zp and an attribute set S ¼ S1 ; S2 ; . . . ; Sm 2 Zp : Let H1:
f0; 1g ; H2: f0; 1g and H3 : f0; 1g be the hash functions of the group
G1 ; G2 ; and GT respectively. An attribute universe set is defined as  A ¼
fa1 ; a2 ; . . . ; an g: The detailed steps are as follows:
Setupð1k Þ: This algorithm is executed by the authority and it takes as
input a security parameter k and chooses g; K 2randomly Zp : It produces
public key (PK) and master secret key (MSK) as the output which is
 JOURNAL OF APPLIED SECURITY RESEARCH 5

calculated in Equation (5) as follows

n

o
PK ¼ G1 ; G2 ; g1 ; g2 ; h1 ¼ g1K ; h2 ¼ g2K ; eðg1 ; g2 Þg ; MSK ¼ g1g ; g2g ; K
(5)
Key GenerationðPK; MSK; SÞ: This algorithm is executed by the authority
and it takes as input, PK; MSK and an attribute set SðS   AÞ:
Choose r; rj 2randomly Zp for each user and each attribute j 2 S: It produces
secret key ðSK) as the output which is calculated in Equation (6) as fol-
lows:
( )
D ¼ g2g :hr2
SK ¼ r (6)
8j 2 S : Dj ¼ g1r :H1 ðjÞrj ; D0j ¼ h1j

EncryptionðPK; ck; TÞ: This algorithm is executed by the data owner.

Let us assume that the data owner shares k files, i.e., M ¼
fm1 ; m2 ; . . . ; mk g with k access level and corresponding content keys ck ¼
fck1 ; ck2 ; . . . ; ckk g: It takes as input PK; content keys ðckÞ and hierarchical
access structure T: It produces as output the ciphertext CT can be calcu-
lated as the follows:
8 9
> qðx;yÞ ð0Þ >
>
> T; ~
C ¼ ck ;
i ð 1 2Þ
e g g gai
; C 0
¼ g ai
; C ¼ h ; >
>
< i i 1 ðx;yÞ 2 =
0 ð Þ
CT ¼ Cðx;yÞ ¼ H2 ðattðx; yÞÞ q ðx;yÞ 0
; (7)
>
>  >
>
>
:C ^ ðx;yÞ;j ¼ eðg1 ; g2 Þ ð ðx;yÞ
g: q ð 0Þþq ð 0ÞÞ :H e g ; g g:qðx;yÞ ð0Þ ; >
3 ð 1 2Þ
childj

8i ¼ 1; 2; . . . ; k and 8j ¼ 1; 2; . . .
DecryptðPK; CT; SK Þ : A user decrypts the ciphertext CT with the help of
PK and SK:
Thus the decryption step can be detailed as follows:

1. If the attribute set S satisfies the partial or whole T; then

 
ASi ¼ DecryptNode CT; SK; ðxi ; yi Þ
¼ eðg1 ; g2 ÞrKqðxi ;yi Þ ð0Þ ¼ eðg1 ; g2 ÞrKai ; i 2 ½1; k
eðC0 ;DÞ
2. Next, compute Fi ¼ ASi i ¼ eðg1 ; g2 Þgai ; i 2 ½1; k
3. For all lower authorization node, we can calculate as follows:
^ ðxi ;yi Þ;j
C gqchildj ð0Þ
Fiþ1;j ¼ ¼ eðg1 ; g2 Þ ; ðj ¼ 1; 2; . . .Þ
Fi :H3 ðFi Þ
6 B. CHANDRASEKARAN ET AL.

Figure 1. Encryption and decryption time based on number of attributes.

4. Then compute the content keys ðckÞ as follows:

C~i cki eðg1 ; g2 Þgai
¼ ¼ cki ; i 2 ½1; k
Fi eðg1 ; g2 Þgai

5. Finally, we decrypt the k file fm1 ; m2 ; . . . ; mk g using with k content

keys cki ; i 2 ½1; k:

Experimental results and discussions

The performance analysis of the proposed AFH-CP-ABE scheme is shown
in this section. For this experimentation, we used Intel core i7-2600 proces-
sor with 3.40 GHz, windows 7 Professional (64-bit) operating system and
8 GB RAM. We implemented the proposed AFH-CP-ABE based on the
gmp6.0.0 library and using the gcc4.8.2 compiler. The implementation uses
a 160-bit elliptic curve group based on the supersingular curve
y2 ¼ x3 þ b over a 512-bit finite field.
In the proposed scheme, we efficiently compute the encryption and
decryption costs based on optimized Tate pairing. The execution time for
encryption and decryption depends on the complexity of access policy
linked with ciphertext. To illustrate this, we assume with an access policy
with k access levels using the integrated access structure (Wang et al.,
 JOURNAL OF APPLIED SECURITY RESEARCH 7

Figure 2. Encryption and decryption time based on number of files.

2016). Assume the data owner shares three files M ¼ fm1 ; m2 ; m3 g with
three access levels. To make sure that, all components of ciphertext are cal-
cultaed in decryption algorithm, we used AND gate to design
access structures.
Figures 1 and 2 represent the experimental results. Figure 1 illustrates
total computation cost of the proposed work and existing schemes for
encryption and decryption based on the number of attributes. Figure 2
illustrates the total computation cost of the proposed work and existing
schemes for encryption and decryption based on the number of files. For
this simulation, we used number of attributes N ¼ f10; 20; 30; 40; 50g and
number of files k ¼ f2; 4; 6; 8g
As illustrated in Figure 1, the proposed scheme reduces the computa-
tional cost for encryption and decryption. It also shows that the results are
steadily increasing and almost directly proportional with N: As we shown
in Figure 1, when k ¼ 2 and N is varied, the execution time of encryption
and decryption of the proposed AFH-CP-ABE scheme is reduced. For
example in Figure 1, the encryption costs of proposed scheme and Wang
and colleagues (2016) are 3.569 s and 4.32 s respectively when N ¼ 30:
Similarly, the values are 4.68 s and 5.7 s when N ¼ 40: The difference
jumps from 1.487ss to 5.573 s when N is varied from 10 to 50.
As shown in Figure 2, when N is fixed and k is varied, execution time of
encryption and decryption to be reduced in the proposed AFH-CP-ABE
8 B. CHANDRASEKARAN ET AL.

scheme is directly proportional to k to be encrypted and decrypted in the

proposed scheme. For example in Figure 2, the encryption costs of pro-
posed scheme and Wang and colleagues (2016) are 4.067 s and 4.9 s
respectively when N ¼ 30 and the number of files k are varied from 2 to 8:
Thus, the experimental results how that when we share various number of
files with various access levels, the proposed AFH-CP-ABE scheme outper-
forms Wang and colleagues in terms of execution time of encryption
and decryption.

Conclusion
In this article, an efficient AFH-CP-ABE scheme based on an optimized
asymmetric Tate pairing construction is proposed. The pairing cost of opti-
mized Tate pairing is optimized using denominator elimination and twist
mapping. The proposed AFH-CP-ABE scheme is then compared with exist-
ing schemes. The experimental results show a significant mitigation in
terms of computational costs for encryption and decryption.

Funding
This work was supported by the Ministry of Human Resource Development (MHRD)
under the Government of India.

Disclosure statement
The authors declare no conflict of interest.

References
Bethencourt, J., Sahai, A., & Waters, B. (2007, May). Ciphertext-policy attribute-based
encryption. Paper presented at the 2007 IEEE symposium on security and privacy (SP’07)
(pp. 321–334). Berkeley, CA: IEEE.
Cheung, L., & Newport, C. (2007, October). Provably secure ciphertext policy ABE. Paper
presented at the Proceedings of the 14th ACM conference on Computer and communi-
cations security (pp. 456–465). New York, NY: ACM.
Deng, H., Wu, Q., Qin, B., Domingo-Ferrer, J., Zhang, L., Liu, J., & Shi, W. (2014).
Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts.
Information Sciences, 275, 370–384. doi:10.1016/j.ins.2014.01.035
Guo, F., Mu, Y., Susilo, W., Wong, D. S., & Varadharajan, V. (2014). CP-ABE with con-
stant-size keys for lightweight devices. IEEE Transactions on Information Forensics and
Security, 9(5), 763–771.
Kumano, A., & Nogami, Y. (2015, December). An improvement of tate paring with super-
singular curve. Paper presented at the 2015 2nd International Conference on Information
Science and Security (ICISS) (pp. 1–3). Seoul, South Korea: IEEE.
Nishide, T., Yoneyama, K., & Ohta, K. (2008, June). Attribute-based encryption with par-
tially hidden encryptor-specified access structures. Paper presented at the International
 JOURNAL OF APPLIED SECURITY RESEARCH 9

conference on applied cryptography and network security (pp. 111–129). Berlin,

Heidelberg. Springer.
Wan, Z., Liu, J. E., & Deng, R. H. (2012). HASBE: A hierarchical attribute-based solution
for flexible and scalable access control in cloud computing. IEEE Transactions on
Information Forensics and Security, 7(2), 743–754. doi:10.1109/TIFS.2011.2172209
Wang, S., Zhou, J., Liu, J. K., Yu, J., Chen, J., & Xie, W. (2016). An efficient file hierarchy
attribute-based encryption scheme in cloud computing. IEEE Transactions on
Information Forensics and Security, 11(6), 1265–1277. doi:10.1109/TIFS.2016.2523941
Waters, B. (2011, March). Ciphertext-policy attribute-based encryption: An expressive, effi-
cient, and provably secure realization. Paper presented at the International Workshop on
Public Key Cryptography (pp. 53–70). Berlin, Heidelberg. Springer.
Xie, X., Ma, H., Li, J., & Chen, X. (2013). An efficient ciphertext-policy attribute-based
access control towards revocation in cloud computing. J Ucs, 19(16), 2349–2367.
Zou, X. (2013). A hierarchical attribute-based encryption scheme. Wuhan University
Journal of Natural Sciences, 18(3), 259–264. doi:10.1007/s11859-013-0925-9