Predicate/pair encodings are simple frameworks for designing attribute-based encryption (\(\textsf {ABE}\)) for complex predicates, with pair encodings being able to handle more complex predicates. Thus far, several generic constructions of prime-order \(\textsf {ABE}\) schemes have been proposed with these encodings. Chen, Gay, and Wee (\(\textsf {CGW}\)) (Eurocrypt’15) and Chen and Gong \((\textsf {CG})\) (Asiacrypt’17) proposed generic constructions with predicate encodings with a trade-off in efficiency. In particular, the former construction (\(\textsf {CGW}\) \(\textsf {ABE}\)) has the shorter secret keys, whereas the latter construction (\(\textsf {CG}\) \(\textsf {ABE}\)) has the shorter master public keys and ciphertexts. Moreover, \(\textsf {CG}\) \(\textsf {ABE}\) requires three pairing operations during decryption, while \(\textsf {CGW}\) \(\textsf {ABE}\) requires four. Agrawal and Chase (\(\textsf {AC}\)) (TCC’16) proposed a generic construction with pair encodings that is an extension of \(\textsf {CGW}\) \(\textsf {ABE}\) and can handle more complex predicates. Specifically, if pair encoding schemes satisfy perfect security (resp. relaxed perfect security), then \(\textsf {AC}\) \(\textsf {ABE}\) satisfies full security (resp. semi-adaptive security) from the standard k-linear assumption. However, there is no extension of \(\textsf {CG}\) \(\textsf {ABE}\) with pair encodings. In this paper, we construct this extension. As with the trade-off between \(\textsf {CGW}\) \(\textsf {ABE}\) and \(\textsf {CG}\) \(\textsf {ABE}\), our proposed \(\textsf {ABE}\) has shorter master public keys and ciphertexts and larger secret keys, requires less pairing operations during decryption than \(\textsf {AC}\) \(\textsf {ABE}\). Furthermore, as with \(\textsf {AC}\) \(\textsf {ABE}\), our proposed \(\textsf {ABE}\) satisfies full security (resp. semi-adaptive security) if pair encoding schemes satisfy perfect security (resp. relaxed perfect security) from the standard k-linear assumption. As an application, we propose a ciphertext-policy \(\textsf {ABE}\) scheme for non-monotone span programs with compact ciphertexts satisfying semi-adaptive security.

谓词/配对编码是为复杂谓词设计基于属性的加密（\(\textsf {ABE}\)）的简单框架，配对编码能够处理更复杂的谓词。到目前为止，已经提出了使用这些编码的素数阶\(\textsf {ABE}\)方案的几种通用构造。Chen、Gay 和 Wee ( \(\textsf {CGW}\) ) (Eurocrypt'15) 和 Chen 和Gong \((\textsf {CG})\) (Asiacrypt'17) 提出了带有谓词编​​码的泛型结构效率的权衡。特别是，前一种结构（\(\textsf {CGW}\) \(\textsf {ABE}\)）具有较短的密钥，而后一种结构（\(\textsf {CG}\) \(\textsf {ABE}\) ) 具有较短的主公钥和密文。此外，\(\textsf {CG}\) \(\textsf {ABE}\)在解密过程中需要三个配对操作，而\(\textsf {CGW}\) \(\textsf {ABE}\)需要四个。Agrawal 和 Chase ( \(\textsf {AC}\) ) (TCC'16) 提出了一种具有对编码的通用构造，它是\(\textsf {CGW}\) \(\textsf {ABE}\) 的扩展和可以处理更复杂的谓词。具体来说，如果对编码方案满足完美安全性（resp.relaxed perfect security），那么\(\textsf {AC}\) \(\textsf {ABE}\)满足标准的完全安全性（resp. semi-adaptive security）克-线性假设。然而，\(\textsf {CG}\) \(\textsf {ABE}\) 没有对编码的扩展。在本文中，我们构建了这个扩展。与\(\textsf {CGW}\) \(\textsf {ABE}\)和\(\textsf {CG}\) \(\textsf {ABE}\) 之间的权衡一样，我们提出的\(\ textsf {ABE}\)具有较短的主公钥和密文以及较大的秘密密钥，与\(\textsf {AC}\) \(\textsf {ABE}\)相比，在解密期间需要更少的配对操作。此外，与\(\textsf {AC}\) \(\textsf {ABE}\) 一样，我们提出的\(\textsf {ABE}\)如果配对编码方案满足标准k线性假设的完美安全性（或者宽松的完美安全性），则满足完全安全性（或者半自适应安全性）。作为应用，我们提出了一种密文策略\(\textsf {ABE}\)方案，用于具有满足半自适应安全性的紧凑密文的非单调跨度程序。