• PDF / 595,354 Bytes
• 28 Pages / 439.37 x 666.142 pts Page_size
• 96 Downloads / 276 Views

DOWNLOAD

REPORT

Abstract. We present new techniques for achieving strong attributehiding in prime-order bilinear groups under the standard k-Linear assumption. Our main result is a “partially hiding” predicate encryption scheme for functions that compute an arithmetic branching program on public attributes, followed by an inner product predicate on private attributes. This constitutes the first “best of both worlds” result in bilinear groups that simultaneously generalizes existing attribute-based encryption schemes and inner product predicate encryption. Our scheme achieves a variant of simulation-based security in the semi-adaptive setting. Along the way, we introduce a conceptually simpler and more modular approach towards achieving the strong attribute-hiding guarantee.

1

Introduction

Predicate encryption is a novel paradigm for public-key encryption that enables both fine-grained access control and selective computation on encrypted data [12,23,26,34]. In a predicate encryption scheme, ciphertexts are associated with descriptive attributes x and a plaintext M , secret keys are associated with boolean functions f , and a secret key decrypts the ciphertext to recover M if f (x) is true, corresponding to a so-called authorized key. The most basic security guarantee for predicate encryption stipulates that M should remain private if f (x) is false. A stronger security guarantee is attribute-hiding, which stipulates that the attribute x remains hidden apart from leaking whether f (x) is true or false and it comes in two flavors: (i) weak attribute-hiding which guarantees privacy of x provided the adversary only gets unauthorized keys for which f (x) is false; and (ii) strong attribute-hiding where the adversary can get both authorized and unauthorized keys. Henceforth, we use attribute-based encryption (ABE) to refer to schemes which only satisfy the basic guarantee, and reserve predicate encryption for schemes which are attribute-hiding.1 Throughout, we

1

H. Wee—INRIA and Columbia University. Supported in part by ERC Project aSCEND (H2020 639554) and NSF Award CNS-1445424. Some early works around 2010–2011 use functional encryption (FE) to refer to ABE. Some more recent works also use predicate encryption to refer to ABE. For instance, we clarify here that the OT10 “KP-FE Scheme” in [29] for boolean formula with inner product gates is in fact an ABE and does not provide any attribute-hiding guarantee.

c International Association for Cryptologic Research 2017  Y. Kalai and L. Reyzin (Eds.): TCC 2017, Part I, LNCS 10677, pp. 206–233, 2017. https://doi.org/10.1007/978-3-319-70500-2_8

Attribute-Hiding Predicate Encryption in Bilinear Groups, Revisited

207

also require that the keys are resilient to collusion attacks, namely any group of users holding different secret keys learns nothing beyond what each of them could individually learn. Over the past decade, tremendous progress has been made towards realizing expressive ABE and weak attribute-hiding predicate encryption [14,21–23,25, 29]; along the way, we developed extremely

Recommend Documents

Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products

220 54 281KB

Functional Encryption for Bounded Collusions, Revisited

175 19 759KB

Unbounded inner product functional encryption from bilinear maps

174 27 8MB

Predicate Calculus

187 11 2MB

Functional Encryption for Quadratic Functions from k-Lin, Revisited

195 12 14MB

Predicate Logic

165 93 2MB

Commutators of Relative and Unrelative Elementary Groups, Revisited

119 95 187KB

Automatic Predicate Testing in Formal Certification

172 46 9MB

Toward Predicate Approaches to Modality

159 43 2MB

Symmetric bilinear forms

156 115 328KB

Dual System Encryption Framework in Prime-Order Groups via Computational Pair Encodings

170 23 2MB

Billiards in ellipses revisited

179 29 579KB