Attacking pairing-free attribute-based encryption schemes

Abstract

Combining several results that have been published in the last years, it is known that it is impossible to design simple and secure attribute-based encryption schemes that work in (classical) settings like the RSA or the pairing-free discrete logarithm ones. The purpose of this article is to broadcast this message through a wide (maybe non-cryptographic) audience, specially now that attribute-based encryption is considered as a useful tool to secure real systems like the Internet of Things. Today, only attribute-based encryption schemes that employ tools like bilinear pairings or lattices can provide some real (and provable) level of security. As an example of the fact that this message is still unknown for many people, we revisit a (maybe non exhaustive) list of articles proposing such insecure attribute-based encryption schemes: we recall which of these schemes have already been attacked and we describe attacks for the other ones.