Lattice-Inspired Broadcast Encryption and Succinct Ciphertext-Policy ABE

We propose a candidate Ciphertext-Policy Attribute Based Encryption (CP-ABE) scheme for circuits, with ciphertext size that depends only on the depth of the policy circuit (and not its size). This, in particular, gives us a Broadcast Encryption (BE) scheme where all parameters (in particular, the size of the keys and ciphertexts) have a poly-logarithmic dependence on the number of users, a task that was only known to be achievable assuming ideal multilinear maps or indistinguishability obfuscation. Our construction relies on techniques from lattice-based (and in particular LWE-based) cryptography, but we are unable to provide a security proof. We analyze some attempts at cryptanalysis.

[1]  C. P. Schnorr,et al.  A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms , 1987, Theor. Comput. Sci..

[2]  Michael Alekhnovich More on Average Case vs Approximation Complexity , 2011, computational complexity.

[3]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[4]  Brent Waters,et al.  Semi-adaptive Security and Bundling Functionalities Made Generic and Easy , 2016, TCC.

[5]  Richard J. Lipton,et al.  Cryptographic Primitives Based on Hard Learning Problems , 1993, CRYPTO.

[6]  Miklós Ajtai,et al.  Generating Hard Instances of the Short Basis Problem , 1999, ICALP.

[7]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[8]  Dan Boneh,et al.  Lattice Basis Delegation in Fixed Dimension and Shorter-Ciphertext Hierarchical IBE , 2010, CRYPTO.

[9]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[10]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, Journal of Cryptology.

[11]  Craig Gentry,et al.  Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE and Compact Garbled Circuits , 2014, EUROCRYPT.

[12]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[13]  Mark Zhandry,et al.  Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation , 2014, Algorithmica.

[14]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[15]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[16]  Chris Peikert,et al.  Public-key cryptosystems from the worst-case shortest vector problem: extended abstract , 2009, STOC '09.

[17]  Shota Yamada,et al.  Optimal Broadcast Encryption from Pairings and LWE , 2020, IACR Cryptol. ePrint Arch..

[18]  Brent Waters,et al.  Low Overhead Broadcast Encryption from Multilinear Maps , 2014, IACR Cryptol. ePrint Arch..

[19]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.

[20]  Daniele Micciancio,et al.  Pseudorandom Knapsacks and the Sample Complexity of LWE Search-to-Decision Reductions , 2011, CRYPTO.

[21]  Dan Boneh,et al.  Efficient Lattice (H)IBE in the Standard Model , 2010, EUROCRYPT.

[22]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[23]  Vinod Vaikuntanathan,et al.  Circuit-ABE from LWE: Unbounded Attributes and Semi-adaptive Security , 2016, CRYPTO.

[24]  Ahmed Obied,et al.  Broadcast Encryption , 2008, Encyclopedia of Multimedia.

[25]  Vinod Vaikuntanathan,et al.  Attribute-based encryption for circuits , 2013, STOC '13.