the_usa_journals
Submit Your Article

Frontiers in Emerging Computer Science and Information Technology

  1. Home
  2. Archives
  3. Vol. 2 No. 09 (2025): Volume02 Issue09 September
  4. CS & IT
Frontiers in Emerging Computer Science and Information Technology

Article Details Page

A Framework for SM9-Enhanced Key-Policy Attribute-Based Encryption: Design, Security, and Application

Authors

  • Dr. Wei Zhang Department of Cybersecurity, Tsinghua University, Beijing, China
  • Prof. Alessandra Romano Faculty of Computer Science, Sapienza University of Rome, Italy
  • Dr. Samuel J. Carter Centre for Cryptography and Network Security, University of Edinburgh, United Kingdom
  • Dr. Liyana M. Hashim School of Information Assurance, Universiti Teknologi Malaysia, Johor, Malaysia
  • Dr. Liyana M. Hashim School of Information Assurance, Universiti Teknologi Malaysia, Johor, Malaysia

Keywords:

Attribute-Based Encryption (ABE), Key-Policy ABE (KP-ABE), SM9 Standard, Fine-Grained Access Control, Cloud Security, Provable Security, Bilinear Pairings

Abstract

Background: Attribute-Based Encryption (ABE) provides a powerful mechanism for enforcing fine-grained access control on encrypted data. Key-Policy ABE (KP-ABE) allows data to be encrypted with a set of attributes, where only users whose keys are associated with a policy that satisfies these attributes can decrypt. With the growing adoption of national cryptographic standards like SM9, there is a pressing need for efficient and secure KP-ABE schemes that are compatible with these frameworks.

Objective: This paper introduces a novel SM9-enhanced KP-ABE scheme designed to offer robust security and high performance while aligning with the SM9 standard. The primary goal is to address the limitations of existing schemes, such as computational inefficiency and large ciphertext overhead, providing a practical solution for secure data sharing environments.

Methods: We first establish the necessary cryptographic preliminaries, including bilinear pairings and the core mechanics of the SM9 encryption algorithm. We then formally define the system architecture and the security model for our scheme. The core of our methodology is the detailed construction of the four fundamental algorithms of our KP-ABE scheme: Setup, KeyGen, Encrypt, and Decrypt.

Results: A comprehensive analysis indicates the correctness of our proposed scheme. We provide a rigorous security proof, showing that our scheme is indistinguishable under chosen-plaintext attacks in the standard model. Furthermore, a comparative performance analysis suggests that our scheme is associated with significant advantages in terms of computational costs and ciphertext size when benchmarked against prominent existing KP-ABE schemes.

Conclusion: The proposed SM9-enhanced KP-ABE scheme represents a significant advancement in secure data access control. By successfully integrating with the SM9 standard and demonstrating superior performance, it offers a viable and efficient solution for a wide range of applications, including secure cloud storage, healthcare information systems, and the Internet of Things.

References

Fiat A, Naor M. Broadcast encryption. In Proc. the 13th Annual International Cryptology Conference on Advances in Cryptology, Aug. 1993, pp. 480–491. DOI: 10.1007/3-540-48329-2_40.

Sahai A, Waters B. Fuzzy identity-based encryption. In Proc. the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 2005, pp. 457–473. DOI: 10.1007/11426639_27.

Goyal V, Pandey O, Sahai A, Waters B. Attribute-based encryption for fine-grained access control of encrypted data. In Proc. the 13th ACM Conference on Computer and Communications Security, Oct. 30–Nov. 3, 2006, pp. 89–98. DOI: 10.1145/1180405.1180418.

Lai J C, Huang X Y, He D B. An efficient identity-based broadcast encryption scheme based on SM9. Chinese Journal of Computers, 2021, 44(5): 897–907. DOI: 10.11897/SP.J.1016.2021.00897. (in Chinese)

Sun S, Ma H, Zhang R, Xu W. Server-aided immediate and robust user revocation mechanism for SM9. Cybersecurity, 2022, 3(1): Article No. 12. DOI: 10.1186/S42400-020-00054-6.

Cheng Z. Security analysis of SM9 key agreement and encryption. In Proc. the 14th International Conference on Information Security and Cryptology, Dec. 2018, pp. 3–25. DOI: 10.1007/978-3-030-14234-6_1.

Fujisaki E, Okamoto T. Secure integration of asymmetric and symmetric encryption schemes. In Proc. the 19th Annual International Cryptology Conference on Advances in Cryptology, Aug. 1999, pp. 537–554. DOI: 10.1007/3-540-48405-1_34.

Boneh D, Boyen X. Efficient selective-ID secure identity-based encryption without random oracles. In Proc. the 2004 International Conference on the Theory and Applications of Cryptographic Techniques, May 2004, pp. 223–238. DOI: 10.1007/978-3-540-24676-3_14.

Shamir A. Identity-based cryptosystems and signature schemes. In Advances in Cryptology, Blakley G R, Chaum D (eds.), Springer, 1985, pp. 47–53. DOI: 10.1007/3-540-39568-7_5.

Boneh D, Franklin M. Identity-based encryption from the Weil pairing. In Proc. the 21st Annual International Cryptology Conference on Advances in Cryptology, Aug. 2001, pp. 213–229. DOI: 10.1007/3-540-44647-8_13.

Canetti R, Halevi S, Katz J. A forward-secure public-key encryption scheme. In Proc. the 2003 International Conference on the Theory and Applications of Cryptographic Techniques, May 2003, pp. 255–271. DOI: 10.1007/3-540-39200-9_16.

Park J H, Lee K, Lee D H. New chosen-ciphertext secure identity-based encryption with tight security reduction to the bilinear Diffie-Hellman problem. Information Sciences, 2015, 325: 256–270. DOI: 10.1016/J.INS.2015.07.011.

Ma S. Identity-based encryption with outsourced equality test in cloud computing. Information Sciences, 2016, 328: 389–402. DOI: 10.1016/J.INS.2015.08.053.

Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption. In Proc. the 2007 IEEE Symposium on Security and Privacy, May 2007, pp. 321–334. DOI: 10.1109/SP.2007.11.

Ostrovsky R, Sahai A, Waters B. Attribute-based encryption with non-monotonic access structures. In Proc. the 14th ACM Conference on Computer and Communications Security, Oct. 31–Nov. 2, 2007, pp. 195–203. DOI: 10.1145/1315245.1315270.

Garg S, Gentry C, Halevi S, Sahai A, Waters B. Attribute-based encryption for circuits from multilinear maps. In Proc. the 33rd Annual Cryptology Conference on Advances in Cryptology, Aug. 2013, pp. 479–499. DOI: 10.1007/978-3-642-40084-1_27.

Tiplea F L, Drăgan C C. Key-policy attribute-based encryption for Boolean circuits from bilinear maps. In Proc. the 1st International Conference on Cryptography and Information Security in the Balkans, Oct. 2014, pp. 175–193. DOI: 10.1007/978-3-319-21356-9_12.

Drăgan C C, Tiplea F L. Key-policy attribute-based encryption for general Boolean circuits from secret sharing and multi-linear maps. In Proc. the 2nd International Conference on Cryptography and Information Security in the Balkans, Sept. 2015, pp. 112–133. DOI: 10.1007/978-3-319-29172-7_8.

Hu P, Gao H. A key-policy attribute-based encryption scheme for general circuit from bilinear maps. International Journal of Network Security, 2017, 19(5): 704–710. DOI: 10.6633/IJNS.201709.19(5).07.

Bolocan D. Key-policy attribute-based encryption scheme for general circuits. Proceedings of the Romanian Academy, Series A, 2020, 21(1): 11–19.

Li C, Shen Q, Xie Z, Dong J, Feng X, Fang Y, Wu Z. Hierarchical and non-monotonic key-policy attribute-based encryption and its application. Information Sciences, 2022, 611: 591–627. DOI: 10.1016/J.INS.2022.08.014.

Lewko A, Waters B. Unbounded HIBE and attribute-based encryption. In Proc. the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 2011, pp. 547–567. DOI: 10.1007/978-3-642-20465-4_30.

Lewko A. Tools for simulating features of composite order bilinear groups in the prime order setting. In Proc. the 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Apr. 2012, pp. 318–335. DOI: 10.1007/978-3-642-29011-4_20.

Okamoto T, Takashima K. Fully secure unbounded inner-product and attribute-based encryption. In Proc. the 18th International Conference on the Theory and Application of Cryptology and Information Security, Dec. 2012, pp. 349–366. DOI: 10.1007/978-3-642-34961-4_22.

Ma H, Peng T, Liu Z. Directly revocable and verifiable key-policy attribute-based encryption for large universe. International Journal of Network Security, 2017, 19(2): 272–284. DOI: 10.6633/IJNS.201703.19(2).12.

Ye Y, Cao Z, Shen J. Unbounded key-policy attribute-based encryption with black-box traceability. In Proc. the 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Dec. 29–Jan. 1, 2020, pp. 1655–1663. DOI: 10.1109/TrustCom50675.2020.00228.

Attrapadung N, Libert B, de Panafieu E. Expressive key-policy attribute-based encryption with constant-size ciphertexts. In Proc. the 14th International Conference on Practice and Theory in Public Key Cryptography, Mar. 2011, pp. 90–108. DOI: 10.1007/978-3-642-19379-8_6.

Hohenberger S, Waters B. Attribute-based encryption with fast decryption. In Proc. the 16th International Conference on Practice and Theory in Public-Key Cryptography, Feb. 26–Mar. 1, 2013, pp. 162–179. DOI: 10.1007/978-3-642-36362-7_11.

Lai J, Deng R H, Li Y, Weng J. Fully secure key-policy attribute-based encryption with constant-size ciphertexts and fast decryption. In Proc. the 9th ACM Symposium on Information, Computer and Communications Security, Jun. 2014, pp. 239–248. DOI: 10.1145/2590296.2590334.

Zhang K, Gong J, Tang S, Chen J, Li X, Qian H, Cao Z. Practical and efficient attribute-based encryption with constant-size ciphertexts in outsourced verifiable computation. In Proc. the 11th ACM on Asia Conference on Computer and Communications Security, May 30–Jun. 3, 2016, pp. 269–279. DOI: 10.1145/2897845.2897858.

Kim J, Susilo W, Guo F, Au M H, Nepal S. An efficient KP-ABE with short ciphertexts in prime order groups under standard assumption. In Proc. the 2017 ACM on Asia Conference on Computer and Communications Security, Apr. 2017, pp. 823–834. DOI: 10.1145/3052973.3053003.

Rao Y S, Dutta R. Computational friendly attribute-based encryptions with short ciphertext. Theoretical Computer Science, 2017, 668: 1–26. DOI: 10.1016/J.TCS.2016.12.030.

Obiri I A, Xia Q, Xia H, Obour Agyekum K O B, Asamoah K O, Sifah E B, Zhang X, Gao J. A fully secure KP-ABE scheme on prime-order bilinear groups through selective techniques. Security and Communication Networks, 2020, 2020: 8869057. DOI: 10.1155/2020/8869057.

Boucenna F, Nouali O, Kechid S, Tahar Kechadi M. Secure inverted index based search over encrypted cloud data with user access rights management. Journal of Computer Science and Technology, 2019, 34(1): 133–154. DOI: 10.1007/S11390-019-1903-2.

Xue L, Yu Y, Li Y, Au M H, Du X, Yang B. Efficient attribute-based encryption with attribute revocation for assured data deletion. Information Sciences, 2019, 479: 640–650. DOI: 10.1016/J.INS.2018.02.015.

You L, Wang L. Hierarchical authority key-policy attribute-based encryption. In Proc. the 16th International Conference on Communication Technology (ICCT), Oct. 2015, pp. 868–872. DOI: 10.1109/ICCT.2015.7399963.

Lai J, Huang X, He D, Guo F. An efficient hierarchical identity-based encryption based on SM9. SCIENTIA SINICA Informationis, 2023, 53(5): 918–930. DOI: 10.1360/SSI-2022-0163. (in Chinese)

Tang F, Ling G W, Shan J Y. Additive homomorphic encryption schemes based on SM2 and SM9. Journal of Cryptologic Research, 2022, 9(3): 535–549. DOI: 10.13868/j.cnki.jcr.000532. (in Chinese)

Shi Y, Ma Z, Qin R, Wang X, Wei W, Fan H. Implementation of an attribute-based encryption scheme based on SM9. Applied Sciences, 2019, 9(15): 3074. DOI: 10.3390/app9153074.

Ji H, Zhang H, Shao L, He D, Luo M. An efficient attribute-based encryption scheme based on SM9 encryption algorithm for dispatching and control cloud. Connection Science, 2021, 33(4): 1094–1115. DOI: 10.1080/09540091.2020.1858757.

Chen L, Cheng Z. Security proof of Sakai-Kasahara's identity-based encryption scheme. In Proc. the 10th IMA International Conference on Cryptography and Coding, Dec. 2005, pp. 442–459. DOI: 10.1007/11586821_29.

Delerablée C. Identity-based broadcast encryption with constant size ciphertexts and private keys. In Proc. the 13th International Conference on the Theory and Application of Cryptology and Information Security, Dec. 2007, pp. 200–215. DOI: 10.1007/978-3-540-76900-2_12.

Boneh D, Boyen X, Goh E J. Hierarchical identity based encryption with constant size ciphertext. In Proc. the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 2005, pp. 440–456. DOI: 10.1007/11426639_26.

Downloads

Published

2025-09-01

How to Cite

Dr. Wei Zhang, Prof. Alessandra Romano, Dr. Samuel J. Carter, Dr. Liyana M. Hashim, & Dr. Liyana M. Hashim. (2025). A Framework for SM9-Enhanced Key-Policy Attribute-Based Encryption: Design, Security, and Application. Frontiers in Emerging Computer Science and Information Technology, 2(09), 01–11. Retrieved from https://irjernet.com/index.php/fecsit/article/view/184

Issue

Vol. 2 No. 09 (2025): Volume02 Issue09 September

Section

CS & IT

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors retain the copyright of their articles published in this journal. All articles are licensed under the Creative Commons Attribution 4.0 International License (CC BY 4.0). This license permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are properly cited.