On Black-Box Reductions between Predicate Encryption Schemes

We prove that there is no black-box construction of a threshold predicate encryption system from identity-based encryption. Our result signifies nontrivial progress in a line of research suggested by Boneh, Sahai and Waters (TCC '11), where they proposed a study of the relative power of predicate encryption for different functionalities. We rely on and extend the techniques of Boneh et al. (FOCS '08), where they give a black-box separation of identity-based encryption from trapdoor permutations. In contrast to previous results where only trapdoor permutations were used, our starting point is a more powerful primitive, namely identity-based encryption, which allows planting exponentially many trapdoors in the public-key by only planting a single master public-key of an identity-based encryption system. This makes the combinatorial aspect of our black-box separation result much more challenging. Our work gives the first impossibility result on black-box constructions of any cryptographic primitive from identity-based encryption. We also study the more general question of constructing predicate encryption for a complexity class F, given predicate encryption for a (potentially less powerful) complexity class G. Toward that end, we rule out certain natural black-box constructions of predicate encryption for NC1 from predicate encryption for AC0 assuming a widely believed conjecture in communication complexity.

[1]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[2]  Saharon Shelah,et al.  Black Boxes , 2008, 0812.0656.

[3]  Vipul Goyal,et al.  Reducing Trust in the PKG in Identity Based Cryptosystems , 2007, CRYPTO.

[4]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[5]  Aggelos Kiayias,et al.  BiTR: Built-in Tamper Resilience , 2011, IACR Cryptol. ePrint Arch..

[6]  Satyanarayana V. Lokam Spectral Methods for Matrix Rigidity with Applications to Size-Depth Trade-offs and Communication Complexity , 2001, J. Comput. Syst. Sci..

[7]  Jonathan Katz,et al.  On Black-Box Constructions of Predicate Encryption from Trapdoor Permutations , 2009, ASIACRYPT.

[8]  A. J. Menezes,et al.  Advances in Cryptology - CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007, Proceedings , 2007, CRYPTO.

[9]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[10]  Peter Frankl,et al.  Complexity classes in communication complexity theory , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[11]  Adam O'Neill,et al.  Definitional Issues in Functional Encryption , 2010, IACR Cryptol. ePrint Arch..

[12]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[13]  Tatsuaki Okamoto,et al.  Secure Integration of Asymmetric and Symmetric Encryption Schemes , 1999, Journal of Cryptology.

[14]  Jonathan Katz,et al.  Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products , 2008, Journal of Cryptology.

[15]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[16]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[17]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[18]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[19]  Boaz Barak,et al.  Merkle Puzzles are Optimal , 2008, IACR Cryptol. ePrint Arch..

[20]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[21]  Troy Lee,et al.  Lower Bounds in Communication Complexity , 2009, Found. Trends Theor. Comput. Sci..

[22]  Hartmut Klauck,et al.  Rectangle size bounds and threshold covers in communication complexity , 2002, 18th IEEE Annual Conference on Computational Complexity, 2003. Proceedings..

[23]  Alexandr Andoni,et al.  The Computational Hardness of Estimating Edit Distance [Extended Abstract] , 2007, FOCS.

[24]  A. Wigderson,et al.  Black Boxes , Incorporated , 2009 .

[25]  Satyanarayana V. Lokam Complexity Lower Bounds using Linear Algebra , 2009, Found. Trends Theor. Comput. Sci..

[26]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[27]  Tatsuaki Okamoto,et al.  How to Enhance the Security of Public-Key Encryption at Minimum Cost , 1999, Public Key Cryptography.

[28]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[29]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[30]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[31]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[32]  Boaz Barak,et al.  Lower Bounds on Signatures From Symmetric Primitives , 2008, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[33]  Eyal Kushilevitz,et al.  Communication Complexity: Index of Notation , 1996 .

[34]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[35]  Nuttapong Attrapadung,et al.  Functional Encryption for Inner Product: Achieving Constant-Size Ciphertexts with Adaptive Security or Support for Negation , 2010, Public Key Cryptography.

[36]  Henri Gilbert,et al.  Advances in Cryptology - EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Monaco / French Riviera, May 30 - June 3, 2010. Proceedings , 2010, EUROCRYPT.

[37]  Vipul Goyal,et al.  Identity-based encryption with efficient revocation , 2008, IACR Cryptol. ePrint Arch..

[38]  Nigel P. Smart,et al.  Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[39]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[40]  Dan Boneh,et al.  Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[41]  Peter Frankl,et al.  Complexity classes in communication complexity theory (preliminary version) , 1986, IEEE Annual Symposium on Foundations of Computer Science.

[42]  Tal Rabin Advances in Cryptology - CRYPTO 2010, 30th Annual Cryptology Conference, Santa Barbara, CA, USA, August 15-19, 2010. Proceedings , 2010, CRYPTO.

[43]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[44]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[45]  Shai Halevi Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2009. Proceedings , 2009, CRYPTO.

[46]  Periklis A. Papakonstantinou,et al.  On the Impossibility of Basing Identity Based Encryption on Trapdoor Permutations , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[47]  Luca Trevisan,et al.  Notions of Reducibility between Cryptographic Primitives , 2004, TCC.

[48]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[49]  A. Razborov Communication Complexity , 2011 .

[50]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[51]  Tatsuaki Okamoto,et al.  Fully Secure Functional Encryption with General Relations from the Decisional Linear Assumption , 2010, IACR Cryptol. ePrint Arch..

[52]  Michael Sipser,et al.  Borel sets and circuit complexity , 1983, STOC.