attacking two pairing-free ciphertext-policy attribute-based encryption schemes

Attribute-based encryption (abe) is one of the recommended tools to secure real systems like the internet of things (iot). almost all the abe schemes utilize bilinear map operations, known as pairings. the challenge with these schemes is that performing pairings results in high computation costs and iot devices are typically resource-constrained, so, efficient pairing-free abe schemes have been proposed to solve this issue. these schemes utilize classical cryptographic operations instead of heavy bilinear pairings. recently, two pairing-free ciphertext-policy attribute-based encryption schemes have been proposed (by das et al. and sowjanya et al.). according to their claims, their schemes are secure against collusion attacks and provide indistinguishability in a selective-set security model. the first scheme also has been claimed to be secure against forgery attacks. in this paper, we show that the first scheme is vulnerable to ciphertext-only, collusion between four or more data users with specific features, and forgery attacks. we also show that the second scheme is vulnerable to a key recovery attack, which can lead to a collusion attack. so, even though they are highly efficient, they have some security vulnerabilities that can violate the claims of the authors.