Non-Trivial Witness Encryption and Null-iO from Standard Assumptions

A witness encryption (WE) scheme can take any \({{\textsf {NP}}}\) statement as a public-key and use it to encrypt a message. If the statement is true then it is possible to decrypt the message given a corresponding witness, but if the statement is false then the message is computationally hidden. Ideally, the encryption procedure should run in polynomial time, but it is also meaningful to define a weaker notion, which we call non-trivially exponentially efficient WE (XWE), where the encryption run-time is only required to be much smaller than the trivial \(2^{m}\) bound for \({{\textsf {NP}}}\) relations with witness size m. We show how to construct such XWE schemes for all of \({{\textsf {NP}}}\) with encryption run-time \(2^{m/2}\) under the sub-exponential learning with errors (LWE) assumption. For \({{\textsf {NP}}}\) relations that can be verified in \({{\textsf {NC}}^1}\) (e.g., SAT) we can also construct such XWE schemes under the sub-exponential Decisional Bilinear Diffie-Hellman (DBDH) assumption. Although we find the result surprising, it follows via a very simple connection to attribute-based encryption.

[1]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[2]  Craig Gentry,et al.  Candidate Multilinear Maps from Ideal Lattices , 2013, EUROCRYPT.

[3]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[4]  Brent Waters,et al.  Functional encryption: a new vision for public-key cryptography , 2012, CACM.

[5]  Brent Waters,et al.  How to use indistinguishability obfuscation: deniable encryption, and more , 2014, IACR Cryptol. ePrint Arch..

[6]  Nir Bitansky,et al.  From Cryptomania to Obfustopia Through Secret-Key Functional Encryption , 2016, Journal of Cryptology.

[7]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[8]  Brent Waters,et al.  Lockable Obfuscation , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[9]  Daniel Wichs,et al.  Obfuscating Compute-and-Compare Programs under LWE , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[10]  Rafael Pass,et al.  Indistinguishability Obfuscation with Non-trivial Efficiency , 2016, Public Key Cryptography.

[11]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[12]  Ilan Komargodski,et al.  From Minicrypt to Obfustopia via Private-Key Functional Encryption , 2017, EUROCRYPT.

[13]  Amit Sahai,et al.  Multi-Input Functional Encryption , 2014, IACR Cryptol. ePrint Arch..

[14]  Craig Gentry,et al.  Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE and Compact Garbled Circuits , 2014, EUROCRYPT.

[15]  Vinod Vaikuntanathan,et al.  Predicate Encryption for Circuits from LWE , 2015, CRYPTO.

[16]  Vinod Vaikuntanathan,et al.  Attribute-based encryption for circuits , 2013, STOC '13.

[17]  Brent Waters,et al.  Witness encryption and its applications , 2013, STOC '13.

[18]  Moni Naor,et al.  Secret-Sharing for NP , 2014, Journal of Cryptology.