How to Hide the Real Receiver Under the Cover Receiver: CP-ABE With Policy Deniability

Attribute-based encryption (ABE) is a useful tool for sharing an encrypted data to a target group. In a ciphertext-policy ABE (CP-ABE) scheme, a ciphertext includes a policy to indicate its receivers and only those receivers can correctly decrypt the ciphertext. Since this design leaks the receiver identity, it may raise a new security issue about user privacy. Some hidden-policy ABE schemes, where the policy is secretly protected, are proposed to keep user privacy. However, these hidden-policy ABE schemes rely on the user trying all possibilities to decide if it belongs to the wanted receiver group. The decryption costs too much and every potential receiver will run the decryption process in vain since it does not know the policy. In this work, we apply the deniability concept to solve this problem. The encryption scheme allows the sender to claim the ciphertext is for some receiver group while actually it is for another receiver group. Both receiver groups can correctly decrypt the ciphertext except that the real group can get the real message and the cover group will get the cover message. While coercion, the sender can definitely claim the ciphertext is for the cover group and the real group is kept confidential.