Blacklisting access control via negated subset predicate encryption: Constant-size ciphertexts/keys constructions with adaptive security or attribute hiding

Abstract

In order to realize the functionality for blacklisting, we introduce a novel primitive, negated subset-predicate encryption (NSPE), where a ciphertext associated with a set $S_C$ can be only decrypted by a private key related to a set $S_K$ iff $S_K⁄\subseteq S_C$. Compared to adopting complex tools to realize such a functionality, e.g., key-policy attribute-based encryption (KPABE) for non-monotonic access structure, NSPE provides a more concise and efficient way. In this manuscript, we first conceptualize the definition and security requirements for NSPE, and give several constructions, including fully secure constructions with different features, generic construction with weak attribute-hiding, and selectively secure construction with shorter ciphertexts/keys. All of the proposed schemes are proven secure under well-studied assumptions. Compared with the architecture using complex primitives such as KPABE to achieve the same functionality, our schemes provide a more concise and efficient method, especially in terms of the private key size.