Attribute-based key exchange with general policies

Vladimir Kolesnikov, Hugo Krawczyk, Yehuda Lindell, Alex J. Malozemoff, Tal Rabin

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

11 Scopus citations


Attribute-based methods provide authorization to parties based on whether their set of attributes (e.g., age, organization, etc.) fulfills a policy. In attribute-based encryption (ABE), authorized parties can decrypt, and in attributebased credentials (ABCs), authorized parties can authenticate themselves. In this paper, we combine elements of ABE and ABCs together with garbled circuits to construct attribute-based key exchange (ABKE). Our focus is on an interactive solution involving a client that holds a certificate (issued by an authority) vouching for that client's attributes and a server that holds a policy computable on such a set of attributes. The goal is for the server to establish a shared key with the client but only if the client's certified attributes satisfy the policy. Our solution enjoys strong privacy guarantees for both the client and the server, including attribute privacy and unlinkability of client sessions. Our main contribution is a construction of ABKE for arbitrary circuits with high (concrete) efficiency. Specifically, we support general policies expressible as boolean circuits computed on a set of attributes. Even for policies containing hundreds of thousands of gates the performance cost is dominated by two pairing computations per policy input. Put another way, for a similar cost to prior ABE/ABC solutions, which can only support small formulas efficiently, we can support vastly richer policies. We implemented our solution and report on its performance. For policies with 100,000 gates and 200 inputs over a realistic network, the server and client spend 957 ms and 176 ms on computation, respectively. When using online preprocessing and batch signature verification, this drops to only 243 ms and 97 ms.

Original languageEnglish
Title of host publicationCCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Number of pages13
ISBN (Electronic)9781450341394
StatePublished - 24 Oct 2016
Event23rd ACM Conference on Computer and Communications Security, CCS 2016 - Vienna, Austria
Duration: 24 Oct 201628 Oct 2016

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221


Conference23rd ACM Conference on Computer and Communications Security, CCS 2016

Bibliographical note

Publisher Copyright:
© 2016 ACM.


This work was supported by the Office of Naval Research (ONR) contract number N00014-14-C-0113. This work was done in part while the authors were visiting the Simons Institute for the Theory of Computing, supported by the Simons Foundation and by the DIMACS/Simons Collaboration in Cryptography through NSF grant #CNS-1523467. Work of Alex J. Malozemoff conducted in part with Government support through the National Defense Science and Engineering Graduate (NDSEG) Fellowship, 32 CFG 168a, awarded by DoD, Air Force Office of Scientific Research.

FundersFunder number
DIMACS/Simons Collaboration in Cryptography
National Science Foundation-1523467
Office of Naval ResearchN00014-14-C-0113
Air Force Office of Scientific Research
Simons Foundation
National Defense Science and Engineering GraduateNDSEG


    Dive into the research topics of 'Attribute-based key exchange with general policies'. Together they form a unique fingerprint.

    Cite this