Public-Key Puncturable Encryption: Modular and Compact Constructions

We revisit the method of designing public-key puncturable encryption schemes and present a generic conversion by leveraging the techniques of distributed key-distribution and revocable encryption. In particular, we first introduce a refined version of identity-based revocable encryption, named key-homomorphic identity-based revocable key encapsulation mechanism with extended correctness. Then, we propose a generic construction of puncturable key encapsulation mechanism from the former by merging the idea of distributed key-distribution. Compared to the state-of-the-art, our generic construction supports unbounded number of punctures and multiple tags per message, thus achieving more fine-grained revocation of decryption capability. Further, it does not rely on random oracles, not suffer from non-negligible correctness error, and results in a variety of efficient schemes with distinct features. More precisely, we obtain the first scheme with very compact ciphertexts in the standard model, and the first scheme with support for both unbounded size of tags per ciphertext and unbounded punctures as well as constant-time puncture operation. Moreover, we get a comparable scheme proven secure under the standard DBDH assumption, which enjoys both faster encryption and decryption than previous works based on the same assumption, especially when the number of tags associated with the ciphertext is large.

[1]  Goichiro Hanaoka,et al.  A Framework and Compact Constructions for Non-monotonic Attribute-Based Encryption , 2014, Public Key Cryptography.

[2]  Brent Waters,et al.  ABE for DFA from k-Lin , 2019, IACR Cryptol. ePrint Arch..

[3]  Tatsuaki Okamoto,et al.  Fully Secure Unbounded Inner-Product and Attribute-Based Encryption , 2012, ASIACRYPT.

[4]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[5]  Vinod Vaikuntanathan,et al.  Watermarking cryptographic capabilities , 2016, STOC.

[6]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[7]  Michael K. Reiter,et al.  Alternatives to Non-malleability: Definitions, Constructions, and Applications (Extended Abstract) , 2004, TCC.

[8]  Hoeteck Wee,et al.  Improved Dual System ABE in Prime-Order Groups via Predicate Encodings , 2015, EUROCRYPT.

[9]  Shouhuai Xu,et al.  Key-Insulated Public Key Cryptosystems , 2002, EUROCRYPT.

[10]  Daniel Slamanig,et al.  Revisiting Proxy Re-encryption: Forward Secrecy, Improved Security, and Applications , 2018, Public Key Cryptography.

[11]  Ran Canetti,et al.  Chosen-Ciphertext Secure Fully Homomorphic Encryption , 2017, Public Key Cryptography.

[12]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[13]  Matthew Green,et al.  Outsourcing the Decryption of ABE Ciphertexts , 2011, USENIX Security Symposium.

[14]  Shuichi Katsumata,et al.  Non-Zero Inner Product Encryption Schemes from Various Assumptions: LWE, DDH and DCR , 2019, IACR Cryptol. ePrint Arch..

[15]  Moti Yung,et al.  Threshold and Proactive Pseudo-Random Permutations , 2006, IACR Cryptol. ePrint Arch..

[16]  Nuttapong Attrapadung,et al.  Functional Encryption for Inner Product: Achieving Constant-Size Ciphertexts with Adaptive Security or Support for Negation , 2010, Public Key Cryptography.

[17]  Cécile Delerablée,et al.  Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys , 2007, ASIACRYPT.

[18]  David Cash,et al.  Cryptography Secure Against Related-Key Attacks and Tampering , 2011, IACR Cryptol. ePrint Arch..

[19]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[20]  Britta Hale,et al.  0-RTT Key Exchange with Full Forward Secrecy , 2017, EUROCRYPT.

[21]  Eike Kiltz,et al.  (Hierarchical) Identity-Based Encryption from Affine Message Authentication , 2014, CRYPTO.

[22]  Brice Minaud,et al.  Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives , 2017, CCS.

[23]  Allison Bishop,et al.  Revocation Systems with Very Small Private Keys , 2010, 2010 IEEE Symposium on Security and Privacy.

[24]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[25]  Daniel Slamanig,et al.  Bloom Filter Encryption and Applications to Efficient Forward-Secret 0-RTT Key Exchange , 2018, Journal of Cryptology.

[26]  Zhang Ya-juan,et al.  An identity-based key-exchange protocol , 2008, Wuhan University Journal of Natural Sciences.

[27]  Nuttapong Attrapadung,et al.  Unbounded Dynamic Predicate Compositions in Attribute-Based Encryption , 2019, IACR Cryptol. ePrint Arch..

[28]  Reihaneh Safavi-Naini,et al.  Distributing the Encryption and Decryption of a Block Cipher , 2005, Des. Codes Cryptogr..

[29]  Kenneth G. Paterson,et al.  RKA Security beyond the Linear Barrier: IBE, Encryption and Signatures , 2012, IACR Cryptol. ePrint Arch..

[30]  Matthew Green,et al.  Forward Secure Asynchronous Messaging from Puncturable Encryption , 2015, 2015 IEEE Symposium on Security and Privacy.

[31]  Hoeteck Wee,et al.  Unbounded ABE via Bilinear Entropy Expansion, Revisited , 2018, IACR Cryptol. ePrint Arch..

[32]  Douglas R. Stinson,et al.  On Unconditionally Secure Robust Distributed Key Distribution Centers , 2002, ASIACRYPT.

[33]  Goichiro Hanaoka,et al.  Attribute-Based Encryption for Range Attributes , 2016, SCN.

[34]  Ron Steinfeld,et al.  Practical Backward-Secure Searchable Encryption from Symmetric Puncturable Encryption , 2018, CCS.

[35]  A. Maheshwari,et al.  Bloom Filters , 2006 .

[36]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[37]  Nuttapong Attrapadung,et al.  Expressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts , 2011, Public Key Cryptography.