Circuit-ABE from LWE: Unbounded Attributes and Semi-adaptive Security

We construct an LWE-based key-policy attribute-based encryption ABE scheme that supports attributes of unbounded polynomial length. Namely, the size of the public parameters is a fixed polynomial in the security parameter and a depth bound, and with these fixed length parameters, one can encrypt attributes of arbitrary length. Similarly, any polynomial size circuit that adheres to the depth bound can be used as the policy circuit regardless of its input length recall that a depth d circuit can have as many as $$2^d$$ inputs. This is in contrast to previous LWE-based schemes where the length of the public parameters has to grow linearly with the maximal attribute length. We prove that our scheme is semi-adaptively secure, namely, the adversary can choose the challenge attribute after seeing the public parameters but before any decryption keys. Previous LWE-based constructions were only able to achieve selective security. We stress that the "complexity leveraging" technique is not applicable for unbounded attributes. We believe that our techniques are of interest at least as much as our end result. Fundamentally, selective security and bounded attributes are both shortcomings that arise out of the current LWE proof techniques that program the challenge attributes into the public parameters. The LWE toolbox we develop in this work allows us to delay this programming. In a nutshell, the new tools include a way to generate an a-priori unbounded sequence of LWE matrices, and have fine-grained control over which trapdoor is embedded in each and every one of them, all with succinct representation.

[1]  Vinod Vaikuntanathan,et al.  From Selective to Adaptive Security in Functional Encryption , 2015, CRYPTO.

[2]  Chris Peikert,et al.  Public-key cryptosystems from the worst-case shortest vector problem: extended abstract , 2009, STOC '09.

[3]  Brent Waters,et al.  Functional Encryption for Regular Languages , 2012, CRYPTO.

[4]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[5]  Allison Bishop,et al.  Unbounded HIBE and Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[6]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[7]  Craig Gentry,et al.  Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE and Compact Garbled Circuits , 2014, EUROCRYPT.

[8]  Vinod Vaikuntanathan,et al.  Predicate Encryption for Circuits from LWE , 2015, CRYPTO.

[9]  Vinod Vaikuntanathan,et al.  Attribute-based encryption for circuits , 2013, STOC '13.

[10]  Vinod Vaikuntanathan,et al.  Constrained Key-Homomorphic PRFs from Standard Lattice Assumptions - Or: How to Secretly Embed a Circuit in Your PRF , 2015, TCC.

[11]  Craig Gentry,et al.  Fully Secure Functional Encryption without Obfuscation , 2014, IACR Cryptol. ePrint Arch..

[12]  Tatsuaki Okamoto,et al.  Fully Secure Unbounded Inner-Product and Attribute-Based Encryption , 2012, ASIACRYPT.

[13]  Dan Boneh,et al.  Efficient Lattice (H)IBE in the Standard Model , 2010, EUROCRYPT.

[14]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.

[15]  Daniele Micciancio,et al.  Pseudorandom Knapsacks and the Sample Complexity of LWE Search-to-Decision Reductions , 2011, CRYPTO.

[16]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[17]  Amit Sahai,et al.  Functional Encryption for Turing Machines , 2016, TCC.

[18]  Moni Naor,et al.  Advances in Cryptology -- CRYPTO 2015 , 2015, Lecture Notes in Computer Science.

[19]  Allison Bishop,et al.  New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques , 2012, CRYPTO.

[20]  Aggelos Kiayias,et al.  A Little Honesty Goes a Long Way - The Two-Tier Model for Secure Multiparty Computation , 2015, TCC.

[21]  Xavier Boyen,et al.  Attribute-Based Functional Encryption on Lattices , 2013, TCC.

[22]  Brent Waters,et al.  Attribute-Based Encryption for Circuits from Multilinear Maps , 2012, CRYPTO.

[23]  Craig Gentry,et al.  Fully Secure Attribute Based Encryption from Multilinear Maps , 2014, IACR Cryptol. ePrint Arch..

[24]  Brent Waters,et al.  Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based , 2013, CRYPTO.

[25]  Nigel P. Smart,et al.  Identity-Based Encryption Gone Wild , 2006, ICALP.

[26]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[27]  Daniel Wichs,et al.  Leveled Fully Homomorphic Signatures from Standard Lattices , 2015, IACR Cryptol. ePrint Arch..

[28]  Brent Waters,et al.  Attribute-Based Encryption with Fast Decryption , 2013, Public Key Cryptography.

[29]  Dan Boneh,et al.  Lattice Basis Delegation in Fixed Dimension and Shorter-Ciphertext Hierarchical IBE , 2010, CRYPTO.

[30]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[31]  R. Gennaro,et al.  Advances in cryptology - CRYPTO 2015 : 35th annual cryptology conference Santa Barbara, CA, USA, August 16-20, 2015 : proceedings , 2015 .

[32]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, Journal of Cryptology.

[33]  Tatsuaki Okamoto,et al.  Fully Secure Functional Encryption with General Relations from the Decisional Linear Assumption , 2010, IACR Cryptol. ePrint Arch..

[34]  Jonathan Katz,et al.  Efficiency improvements for signature schemes with tight security reductions , 2003, CCS '03.

[35]  Brent Waters,et al.  A Punctured Programming Approach to Adaptively Secure Functional Encryption , 2015, CRYPTO.

[36]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[37]  C. P. Schnorr,et al.  A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms , 1987, Theor. Comput. Sci..

[38]  Michael Alekhnovich More on Average Case vs Approximation Complexity , 2011, computational complexity.

[39]  Richard J. Lipton,et al.  Cryptographic Primitives Based on Hard Learning Problems , 1993, CRYPTO.

[40]  Hoeteck Wee,et al.  Semi-adaptive Attribute-Based Encryption and Improved Delegation for Boolean Formula , 2014, SCN.

[41]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..