Predicate encryption systems. No query left unanswered

Predicate encryption is an important cryptographic primitive (see [7, 14, 28]) that enables fine-grained control on the decryption keys. Let Π be a class of binary predicates. Roughly speaking, in a predicate encryption scheme for Π the owner of the master secret key Msk can derive secret key SkP , for any predicate P ∈ Π. In encrypting a message M , the sender can specify an attribute ~x and the resulting ciphertext X̃ can be decrypted only by using keys Sk~y such that P (~x) = 1. Our main contribution is the first construction of a predicate encryption scheme that can be proved fully secure against unrestricted queries by probabilistic polynomial-time adversaries under non-interactive constant sized (that is, independent of the length ` of the attribute vectors) hardness assumptions on bilinear groups. Specifically, we consider Hidden Vector Encryption (HVE for short), a notable case of predicate encryption introduced by Boneh and Waters [14]. In a HVE scheme, the ciphertext attributes are vectors ~x = 〈x1, . . . , x`〉 of length ` over alphabet Σ, keys are associated with vectors ~y = 〈y1, . . . , y`〉 of length ` over alphabet Σ ∪ {?} and we consider the Match(~x, ~y) predicate which is true if and only if, for all i, yi 6= ? implies xi = yi. Previous constructions limited the proof of security to restricted adversaries that could ask only non-matching queries; that is, for challenge attribute vectors ~x0 and ~x1, the adversary could ask only keys for vectors ~y such that Match(~x0, ~y) = Match(~x1, ~y) = 0. Generally speaking, restricted adversaries can ask only queries that do not satisfy neither of the challenge attributes. At time of writing, the construction of schemes secure against unrestricted adversaries was an open problem, not just for HVE, but for any non-trivial1 predicate encryption system and a candidate solution for HVE is presented in this thesis. Beyond that, we will also discuss other kinds of predicate encryption systems, their security notions and applications. For some specific cases of Predicate Encryption Systems like Anonymous IBE the adversary can ask only queries for predicates that do not satisfy neither of the challenges, so that for these systems the security against ’restricted’ adversaries is the best we can guarantee.

[1]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[2]  A. Lewko,et al.  Fully Secure HIBE with Short Ciphertexts , 2009 .

[3]  Brent Waters,et al.  Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) , 2006, CRYPTO.

[4]  Craig Gentry,et al.  Hierarchical Identity Based Encryption with Polynomially Many Levels , 2009, TCC.

[5]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[6]  Angelo De Caro,et al.  Efficient Fully Secure (Hierarchical) Predicate Encryption for Conjunctions, Disjunctions and k-CNF/DNF formulae , 2010, IACR Cryptol. ePrint Arch..

[7]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[8]  Tsuyoshi Takagi,et al.  Pairing-Based Cryptography - Pairing 2007, First International Conference, Tokyo, Japan, July 2-4, 2007, Proceedings , 2007, Pairing.

[9]  Jonathan Katz,et al.  Efficient Signature Schemes with Tight Reductions to the Diffie-Hellman Problems , 2007, Journal of Cryptology.

[10]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[11]  Brent Waters,et al.  Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions , 2009, IACR Cryptol. ePrint Arch..

[12]  Nigel P. Smart,et al.  Identity-Based Encryption Gone Wild , 2006, ICALP.

[13]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[14]  Tatsuaki Okamoto,et al.  Fully Secure Functional Encryption with General Relations from the Decisional Linear Assumption , 2010, IACR Cryptol. ePrint Arch..

[15]  Angelo De Caro,et al.  Fully Secure Anonymous HIBE and Secret-Key Anonymous IBE with Short Ciphertexts , 2010, Pairing.

[16]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[17]  Dan Boneh,et al.  Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[18]  Periklis A. Papakonstantinou,et al.  On the Impossibility of Basing Identity Based Encryption on Trapdoor Permutations , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[19]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[20]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[21]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, Journal of Cryptology.

[22]  Elaine Shi,et al.  Delegating Capabilities in Predicate Encryption Systems , 2008, ICALP.

[23]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[24]  Angelo De Caro,et al.  jPBC: Java pairing based cryptography , 2011, 2011 IEEE Symposium on Computers and Communications (ISCC).

[25]  Vincenzo Iovino,et al.  Hidden-Vector Encryption with Groups of Prime Order , 2008, Pairing.

[26]  Tatsuaki Okamoto,et al.  Hierarchical Predicate Encryption for Inner-Products , 2009, ASIACRYPT.

[27]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[28]  Dan Boneh Bilinear Groups of Composite Order , 2007, Pairing.

[29]  Elaine Shi,et al.  Predicate Privacy in Encryption Systems , 2009, IACR Cryptol. ePrint Arch..

[30]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[31]  Vincenzo Iovino,et al.  Private-Key Hidden Vector Encryption with Key Confidentiality , 2009, CANS.

[32]  Jonathan Katz,et al.  On Black-Box Constructions of Predicate Encryption from Trapdoor Permutations , 2009, ASIACRYPT.

[33]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[34]  Jonathan Katz,et al.  Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption , 2005, CT-RSA.

[35]  Ben Lynn,et al.  Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[36]  Craig Gentry,et al.  Space-Efficient Identity Based EncryptionWithout Pairings , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[37]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[38]  Vincenzo Iovino,et al.  Predicate Encryption with Partial Public Keys , 2010, CANS.

[39]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.