Optimal Broadcast Encryption from LWE and Pairings in the Standard Model

Broadcast Encryption with optimal parameters was a longstanding problem, whose first solution was provided in an elegant work by Boneh, Waters and Zhandry [BWZ14]. However, this work relied on multilinear maps of logarithmic degree, which is not considered a standard assumption. Recently, Agrawal and Yamada [AY20] improved this state of affairs by providing the first construction of optimal broadcast encryption from Bilinear Maps and Learning With Errors (LWE). However, their proof of security was in the generic bilinear group model. In this work, we improve upon their result by providing a new construction and proof in the standard model. In more detail, we rely on the Learning With Errors (LWE) assumption and the Knowledge of OrthogonALity Assumption (KOALA) [BW19] on bilinear groups. Our construction combines three building blocks: a (computational) nearly linear secret sharing scheme with compact shares which we construct from LWE, an inner-product functional encryption scheme with special properties which is constructed from the bilinear Matrix Decision Diffie Hellman (MDDH) assumption, and a certain form of hyperplane obfuscation, which is constructed using the KOALA assumption. While similar to that of Agrawal and Yamada, our construction provides a new understanding of how to decompose the construction into simpler, modular building blocks with concrete and easy-to-understand security requirements for each one. We believe this sheds new light on the requirements for optimal broadcast encryption, which may lead to new constructions in the future.

[1]  Mark Zhandry,et al.  Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation , 2014, Algorithmica.

[2]  Ran Canetti,et al.  Obfuscating Point Functions with Multibit Output , 2008, EUROCRYPT.

[3]  Angelo De Caro,et al.  Simple Functional Encryption Schemes for Inner Products , 2015, IACR Cryptol. ePrint Arch..

[4]  Jun Furukawa,et al.  Identity-Based Broadcast Encryption , 2007, IACR Cryptol. ePrint Arch..

[5]  Craig Gentry,et al.  On the Implausibility of Differing-Inputs Obfuscation and Extractable Witness Encryption with Auxiliary Input , 2014, Algorithmica.

[6]  Nuttapong Attrapadung,et al.  Functional Encryption for Inner Product: Achieving Constant-Size Ciphertexts with Adaptive Security or Support for Negation , 2010, Public Key Cryptography.

[7]  Ahmed Obied,et al.  Broadcast Encryption , 2008, Encyclopedia of Multimedia.

[8]  Ueli Maurer,et al.  Abstract Models of Computation in Cryptography , 2005, IMACC.

[9]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[10]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[11]  Hoeteck Wee,et al.  Obfuscating simple functionalities from knowledge assumptions , 2019, IACR Cryptol. ePrint Arch..

[12]  Brent Waters,et al.  Low Overhead Broadcast Encryption from Multilinear Maps , 2014, IACR Cryptol. ePrint Arch..

[13]  Brent Waters,et al.  Adaptive Security in Broadcast Encryption Systems (with Short Ciphertexts) , 2009, EUROCRYPT.

[14]  Cécile Delerablée,et al.  Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys , 2007, ASIACRYPT.

[15]  Dario Fiore,et al.  Practical Functional Encryption for Quadratic Functions with Applications to Predicate Encryption , 2017, CRYPTO.

[16]  Ran Canetti,et al.  Obfuscation of Hyperplane Membership , 2010, TCC.

[17]  Yuval Ishai,et al.  Public-Coin Differing-Inputs Obfuscation and Its Applications , 2015, TCC.

[18]  Eike Kiltz,et al.  The Algebraic Group Model and its Applications , 2018, IACR Cryptol. ePrint Arch..

[19]  Vinod Vaikuntanathan,et al.  Lattice-Inspired Broadcast Encryption and Succinct Ciphertext-Policy ABE , 2020, IACR Cryptol. ePrint Arch..

[20]  Gilles Barthe,et al.  Automated Analysis of Cryptographic Assumptions in Generic Group Models , 2014, IACR Cryptol. ePrint Arch..

[21]  Craig Gentry,et al.  Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE and Compact Garbled Circuits , 2014, EUROCRYPT.

[22]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[23]  Vinod Vaikuntanathan,et al.  Indistinguishability Obfuscation from DDH-Like Assumptions on Constant-Degree Graded Encodings , 2016, 2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS).

[24]  Dhinakaran Vinayagamurthy,et al.  Riding on Asymmetry: Efficient ABE for Branching Programs , 2015, ASIACRYPT.

[25]  Nir Bitansky,et al.  On Strong Simulation and Composable Point Obfuscation , 2010, Journal of Cryptology.

[26]  Huijia Lin,et al.  Compact Adaptively Secure ABE from k-Lin: Beyond NC1 and towards NL , 2020, IACR Cryptol. ePrint Arch..

[27]  Shota Yamada,et al.  Optimal Broadcast Encryption from Pairings and LWE , 2020, IACR Cryptol. ePrint Arch..

[28]  Huijia Lin,et al.  Indistinguishability Obfuscation from SXDH on 5-Linear Maps and Locality-5 PRGs , 2017, CRYPTO.

[29]  Damien Stehlé,et al.  Fully Secure Functional Encryption for Linear Functions from Standard Assumptions , 2015 .

[30]  David Pointcheval,et al.  Fully Collusion Secure Dynamic Broadcast Encryption with Constant-Size Ciphertexts or Decryption Keys , 2007, Pairing.

[31]  Wei Liu,et al.  Anonymous Identity-Based Broadcast Encryption with Chosen-Ciphertext Security , 2016, AsiaCCS.

[32]  Damien Stehlé,et al.  Classical hardness of learning with errors , 2013, STOC '13.