Verifiable Delegation using Time-specified
Ciphertext-Policy Attribute-Based Encryption in
Cloud Computing
Supriya A. Kute
Department of Computer Engineering
Rajarshi Shahu College of Engineering
supriyakute24@gmail.com
Abstract—In the cloud environment, the data owners could
uses attribute-based encryption to encrypt the stored data which
accomplishing access control and data security. In previous
related works attribute-based encryption with delegation was
used. Still, there are some problems and questions regarding
to that works. For example, during the delegation or release,
the cloud servers could misrepresent or replace the delegated
ciphertext and respond a fake result with malevolent intent. As
well as for the purpose of cost saving the cloud server may
also fraud the eligible users by responding them that they are
unworthy. Even, the access policies may not be flexible during
the encryption. Since policy for general circuits are used to
achieve the strongest form of access control, a construction to
design circuit ciphertext-policy attribute-based encryption with
time specified attributes scheme has been developed. In this
scheme, every ciphertext is labeled with some attribute and a
time interval while private key is associated with a time instant.
The ciphertext can only be decrypted if the time instant is in
the allowed time interval and the attributes associated with
the ciphertext satisfy the attribute set. To achevies the more
security,the data is divided into multiple fragments and store
on multiple nodes instead of storing on single node.This system
is mixed with verifiable computation the data confidentiality,
the fine-grained access control as well as the correctness of the
delegated computing results are well guaranteed at the same time.
Index Terms—Ciphertext-Policy Attribute-Based Encryp-
tion,Data Confidentiality, Fragments,Security,Verifiable Delega-
tion.
I. I NTRODUCTION
Cloud computing uses advanced computational power and
improved storage capabilities. Cloud computing is a long
dreamed vision of computing utility, which enable the shar-
ing of services over the internet. Presently cloud computing
technology is mostly used to store the large amount of data.
Within this computing environments, the cloud servers can
offer various data services, such as remote data storage and
outsourced delegation computation for data storage, the servers
store a large amount of shared data, which could be accessed
by authorized users. For delegation computation, the servers
could be used to handle and calculate numerous data according
to the users demands. To reduce the cost, the users which have
a limited computing power are nevertheless more likely to
delegate the mask of the decryption task to the cloud servers.
Prof. S. B. Javheri
Department of Computer Engineering
Rajarshi Shahu College of Engineering
sbjavheri@gmail.com
The result shows, attribute-based encryption with delegation
come out. Still, there are some problems and questions re-
garding to previous related works. For example, during the
delegation or release, the cloud servers could misrepresent or
replace the delegated ciphertext and respond a fake result. As
well as for the purpose of cost saving the cloud server may
also fraud the eligible users by responding them that they are
unworthy. Even, the access policies may not be flexible during
the encryption. Since policy for general circuits are used to
achieve the strongest form of access control, a construction
to design circuit ciphertext-policy attribute-based encryption
with timespecified attributes scheme has been developed.In
this scheme, every ciphertext is labeled with some attribute
and a time interval while private key is associated with a
time instant. The ciphertext can only be decrypted if the
attributes associated with the ciphertext satisfy the keys access
structure.This system is mixed with verifiable computation the
data confidentiality, the fine-grained access control as well as
the correctness of the delegated computing results are well
guaranteed at the same time. Moreover, this scheme achieves
feasibility as well as efficiency.
Taking Organisation data sharing as an example where At-
tributes are {Job Profile ,Department ,Experience ,Time ,Lo-
cation}.If owner of the organization want to send file or
information to their employee. Condition is, that file should
be accessible to the employee who satisfies some require-
ments.The requirement i.e. access structure is given as
Java developer ∨ CS ∧ 4 years ∧ 11 AM - 1 PM ∧ Akurdi
When file is stored on cloud it should be in protected form i.e.
security should be provided. So we divide a file into fragments.
Each of the nodes stores only a single fragment of a particular
data file that ensures that even in case of a successful attack, no
meaningful information is revealed to the attacker. Moreover,
the nodes storing the fragments, are separated with certain
distance by means of graph T-coloring to prohibit an attacker
of guessing the locations of the fragments.
A. Major Contribution:
• We develop a scheme for accessing data that consider
both the security and performance.
 • The proposed scheme ensures that even in case of suc-
cessful attack ,any meaningful information is not given
to attacker.
• Time and location is also given in attribute set.If any of
this condition is False (F),File will not be given to user.
II. R EVIEW OF L ITERATURE
J. Lai, R. H. Deng, C. Guan, and J. Weng [1] present a
security model of ABE with verifiable outsourced decryption
by introducing a verification key in the output of the
encryption algorithm. Then, he present an approach to
convert any ABE scheme with outsourced decryption into an
ABE scheme with verifiable outsourced decryption. The new
approach is simple, general, and almost optimal. Compared
with the previous outsourced ABE, our verifiable ABE neither
increases the user’s and the server’s computation costs. It will
not expands the ciphertext size except adding a hash value
(which is ¡;20 byte for 80-bit security level).
B. Waters [2] presents a new methodology for realizing
Ciphertext-Policy Attribute Encryption (CPABE) non
interactive cryptographic assumptions in the standard model.
Our solutions allow encryptor to specify access control
in terms of any access formula over the attributes in the
system. The author presents three constructions within this
framework. The first system is proven selectively secure .
The next two constructions provide performance tradeoffs to
achieve security under the decisional Bilinear-Diffie-Hellman
Exponent and decisional Bilinear DiffieHellman assumptions.
B. Parno, M. Raykova, and V. Vaikuntanathan [3] extends
the definition of verifiable computation in two important
directions: public delegation and public verifiability, which
have important applications in many practical delegation
scenarios. Yet, existing constructions based on standard
cryptographic assumptions fail to achieve these properties.
Shristi Sharma, ShreyaJaiswal, Priyanka Sharma, Prof.
Deepshikha Patel, Prof. Sweta Gupta[10] are proposed File
Splitting , which does not require installation and can be
used to split files to multiple chunks as well as to merge
multiple chunks into a single file. File Splitter is software
which is used to split the file according to the user specifying
size. It is difficult to transfer large file from one end to other
end through internet or storage like Floppy, Pen drive, CD
etc. This software helps to overcome this problem. The split
portions of file may carry some temporary information to
denote the number of split part and total number of parts
etc. This idea is used to split big files to small pieces for
transferring purpose, uploading etc. In the destination side,
these parts of file can be jointed to form the original source
file. Splitting process is mainly aiming in the area of file
transferring from one end to another.
Jian Liu, Kun Huang, Hong Rong, Huimei Wang, and Ming
Xian [12] has solve the regeneration problem of failed
authenticators in the absence of data owners.They introduce
a proxy, which is used to regenerate the authenticators, into
the traditional public auditing system model. Moreover, they
design a public verifiable authenticator, which is generated by
a couple of keys . Thus, the scheme can completely release
data owners from online burden.
Mazhar Ali[13] proposed , Division and Replication of Data
in the Cloud for Optimal Performance and Security (DROPS)
that collectively approaches the security and performance
issues.The nodes storing the fragments, are separated with
certain distance by means of graph T-coloring to prohibit an
attacker of guessing the locations of the fragments.
III. PRELIMINARIES
Main requirement of the research are given as follow:
A. Confidentiality :
Only authorized user can access data and authorized owner
will able to upload the data. If Users any of attribute doesnt
match with access structure of ciphertext, plaintext will not
be given to that user. It is consider as unauthorized user for
accessing that specific file.
B. Verifiable Delegation:
Text should be properly delivered to the user. We are giving
authority to third party to verify the access structure. Third
party will perform his task and give it back to you. Key
generation, Authentication, Matching access structure is done
by Authority.
C. Circuit :
In Access structure attributes are attached to each other with
the help of circuits. AND , OR gate are used in circuit.If access
structure output is true (T) than only plaintext is given to the
user.
TABLE I
T RUTH TABLE
p q p∧q p∨ q
T T T T
T F F T
F T F T
F F F F
D. T- Colouring:
T is given as not negative integer including 0.Each fragment
will be stored on different node for a given file.If first fragment
is stored on 2nd node than next fragment will not be stored
on its alternative node i.e. 1st and 3rd node.(open point;
close point).open point is previous node and close point is
next node for last node which is occupied by fragment.
Fragments will not stored next to each other.This will provide
more security.If attacker successfully attack than also we will
not get file.As fragments are not stored in sequence, attacker
not able to guess node for other fragment.
For the purpose, we assign colors to the nodes, such that,
initially, all the nodes are given the open color. Once a
fragment is placed on the node, all of the nodes become
close color.
 IV. SYSTEM ARCHITECTURE / SYSTEM TABLE II
OVERVIEW N OTATION AND MEANING

A. Proposed System p q p∧q p∨ q

When we store data on a cloud it should be in protected T T T T
format.For this purpose different security measures are ap- T F F T
plied.We can store our data in encrypted format, by using
F T F T
key(private Key).But if key get hacked than our data will
F F F F
be lost or it get hacked.The proposed system design Time-
specified ciphertext-policy attribute-based encryption with cir-
cuits. In this technique, each and every ciphertext is labeled
with different attributes and a time interval like start time and point = open point; close point
end time also provide circuits while private key is associated S i = i-th node
with a time instant. The ciphertext can only be decrypted if Ok = k-th fragment of a file.
both the time instant is in the allowed time interval and the si = Size of S i .
attributes associated with the ciphertext satisfy the keys access ok = Size of Ok
structure. To achieves the more security,when file is stored on
cloud , the data is divided into multiple fragments and store Algorithm 1 Fragmentation Algorithm:
on multiple nodes instead of storing on single node. There are
1: begin
four modules in our system.
2: If file is to be split go to Step 2 else go to step 8
• Owner: Owner is responsible to upload the data and 3: Input source path, destination path
assign the attribute to data and create the access structure. 4: Size = size of source file
• Authority: Authority is responsible to perform authenti- 5: Nf = Number of Fragments
cation of owner and user as well as to generate keys, for 6: Fs = Fragment size
encryption and decryption of data. 7: Fs = Size/Nf
• User: User is responsible to access the data i.e download 8: We get fragments
the file. 9: end.
• Cloud Server: Cloud server is responsible to provide
storage space and partially decrypt the data when user
wants to access.
Algorithm 2 Fragment placement Algorithm:
1: begin
2: Calculate size of each fragment(Fs ).
3: For (Number Of fragment)
4: Use shuffle function to generate first node number.
5: if col S i = open color and si >= ok
6: check open point , close point are not a alternative of
current node.
7: Si ← Ok (Place fragment on node.)
8: col Si ← close color
9: end if
10: end loop.
11: end.

C. Mathematical Model
Set Theory
S = {s, e, X, Y,φ }{s, e, X, Y, t, F | φ }
S = Set of system.
Fig. 1. Block Diagram of Proposed System s = Start of the program.

• Register to system: User/Owner provides own details.

B. Algorithm
Initializations: • Authentication:
col = open color; close color A={a1 ,a2 ..an }
 Where, }
A= No. of user attributes.(e.g username, password, Y = RD
emailed etc.) RD= Retrieved file after decryption from storage system
Auth={Active/Inactive} using key (k).
User can download the file if both the time instant is in
• Login to system. To perform functionality User/Owner the allowed time interval and the attributes associated
Login to system. with the ciphertext satisfy the keys access structure.

• Upload Data(File) e = End of the program

Which comprise of two states :
X = Input of the program If t < ti : Data will be retrieved from storage system.
X = { F, A1 ,A2 ,..An ,k, l, ti } If t > ti : Data will be not accessible.
Where, φ = Success or failure condition of system.
F= File uploaded by Owner.
A1 ,A2 ,..An = Attributes set to file by Owner.
V. C ONCLUSION
k = encryption key
l = location With the fast advancement of adaptable cloud services, a lot
ti = time interval for which the data is present of new difficulties have developed. One of the most critical
P=Process of the program issues is the way to securely delegate the outsourced data put
away in the cloud severs.In Time-specified ciphertext-policy
• File Fragmentation: Divide File into no. of Fragments(i.e. attribute-based encryption with circuits technique, each and
Converting file into no. of chinks) every ciphertext is labeled with different attributes and a time
Fs = Size/Nf interval like start time and end time also provide circuits while
private key is associated with a time instant. The ciphertext can
• Encryption: By using AES algorithm generate ciphertext only be decrypted if both the time instant is in the allowed time
of each fragment. interval and the attributes associated with the ciphertext satisfy
the keys access structure.To achieve the more security, the data
• Node Creation: is divided into multiple fragments and store on multiple nodes
for(int i= 1; i<=No Of Node; i++) instead of storing on single node.
{ In future we can add more security by dividing file into
File(i).mkdirs(); different fragment and storing each fragment on different cloud
} server.
ACKNOWLEDGMENT
• Fragment Placement:
The authors would like to thank the researchers as well as
Col=open_color; close_color
publishers for making their resources available and teachers for
for(int i= 1; i<=No Of fragments; i++)
their guidance. We are thankful to the authorities of Savitribai
{
Phule University, Pune and concern members of cPGCON2018
//place fragments on nodes
conference, organized by, for their constant guidelines and
}
support. We are also thankful to the reviewer for their valuable
suggestions.
• Download Data(File)
R EFERENCES
Y = Output of the program [1] . Lai, R. H. Deng, C. Guan, and J. Weng, Attribute-based encryption with
verifiable outsourced decryption, IEEE Trans. Inf. Forensics Secur, vol.
8, no. 8, pp. 13431354, Aug. 2013.
• Retrieve Fragments: Retrieve all fragments of particular [2] B. Waters, Ciphertext-policy attribute-based encryption: An expressive,
File. efficient, and provably secure realization, in Proc. 14th Int. Conf. Practice
F= {f1 ,f2 ,fn } Theory Public Key Cryptograph. Conf. Public Key Cryptograph, 2011,
pp. 5370.
[3] B. Parno, M. Raykova, and V. Vaikuntanathan, How to delegate and verify
• Decryption: By using AES algorithm generate plaintext in public: Verifiable computation from attribute-based encryption, in Proc.
of each fragment. 9th Int. Conf. Theory Cryptograph., 2012, pp. 422439.
[4] S. Yamada, N. Attrapadung, and B. Santoso, Verifiable predicate encryp-
tion and applications to CCA security and anonymous predicate authenti-
• Merge Fragments: cation, in Proc. Int. Conf. Practice Theory Public Key Cryptograph. Conf.
for(int i= 1; i<=No Of Fragments; i++) Public Key Cryptograph, 2012, pp. 243261.
[5] J. Han, W. Susilo, Y. Mu, and J. Yan, Privacy-preserving decentralized
{ key-policy attribute-based Encryption, IEEE Trans. Parallel Distrib. Syst.,
Merge(i); vol. 23, no. 11, pp. 21502162, Nov. 2012.
[6] S. Garg, C. Gentry, S. Halevi, A. Sahai, and B. Waters, Attribute based
encryption for circuits from multilinear maps, in Proc. 33rdInt. Cryptol.
Conf., 2013, pp. 479499.
[7] J. Hur and D. K. Noh, Attribute-based access control with efficient
revocation in data outsourcing systems, IEEE Trans. Parallel Distrib.
Syst., vol. 22, no. 7, pp. 12141221, Jul. 2011.
[8] J. Li, X. Huang, J. Li, X. Chen, and Y. Xiang, Securely outsourcing
attribute-based encryption with checkability, IEEE Trans. Parallel Distrib.
Syst., vol. 25, no. 8, pp. 22012210, Aug. 2013.
[9] M. Abe, R. Gennaro, and K. Kurosawa, Tag-KEM/DEM:A new frame-
work for hybrid encryption, in Proc. 28th Int. Cryptol. Conf., 2008, pp.
97130.
[10] Shristi Sharma, ShreyaJaiswal, Priyanka Sharma, Prof. Deepshikha
Patel, Prof. Sweta Gupta, An Approach for File Splitting and Merging,
Lecturer, Department of IT Technocrats Institute of Technology, Bhopal.
[11] Quanlu Zhang, Shenglong Li, Zhenhua Li, Yuanjian Xing, Zhi Yang, and
Yafei Dai, CHARM: A Cost-efficient Multi-cloud Data Hosting Scheme
with High Availability, IEEE Transactions on Cloud Computing, Volume:
3March2015.
[12] Jian Liu, Kun Huang, Hong Rong, Huimei Wang, and Ming Xian,
Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud
Storage, IEEE Transactions on Information Forensics and Security, Vol-
ume: 10, Issue: 7, July 2015.
[13] Mazhar Ali, Student Member, IEEE, Kashif Bilal,” DROPS: Division
and Replication of Data in Cloud for Optimal Performance and Security,”
IEEE Trans. Inf. ForensicsSecur., vol. 8, no. 8, pp. 13431354, Aug. 2015.