Targeted Homomorphic Attribute-Based Encryption

In (key-policy) attribute-based encryption (ABE), messages are encrypted respective to attributes x, and keys are generated respective to policy functions f. The ciphertext is decryptable by a key only if \(f(x)=0\) . Adding homomorphic capabilities to AB

  • PDF / 442,397 Bytes
  • 31 Pages / 439.37 x 666.142 pts Page_size
  • 86 Downloads / 209 Views

DOWNLOAD

REPORT

Weizmann Institute of Science, Rehovot, Israel {zvika.brakerski,rotem.tsabary}@weizmann.ac.il 2 Rutgers University, New Brunswick, USA [email protected] 3 ENS, CNRS and Columbia University, Paris, France [email protected]

Abstract. In (key-policy) attribute-based encryption (ABE), messages are encrypted respective to attributes x, and keys are generated respective to policy functions f . The ciphertext is decryptable by a key only if f (x) = 0. Adding homomorphic capabilities to ABE is a long standing open problem, with current techniques only allowing compact homomorphic evaluation on ciphertext respective to the same x. Recent advances in the study of multi-key FHE also allow cross-attribute homomorphism with ciphertext size growing (quadratically) with the number of input ciphertexts. We present an ABE scheme where homomorphic operations can be performed compactly across attributes. Of course, decrypting the resulting ciphertext needs to be done with a key respective to a policy f with f (xi ) = 0 for all attributes involved in the computation. In our scheme, the target policy f needs to be known to the evaluator, we call this targeted homomorphism. Our scheme is secure under the polynomial hardness of learning with errors (LWE) with sub-exponential modulusto-noise ratio. We present a second scheme where there needs not be a single target policy. Instead, the decryptor only needs a set of keys representing policies fj s.t. for any attribute xi there exists fj with fj (xi ) = 0. In this scheme, the ciphertext size grows (quadratically) with the size of the set of policies (and is still independent of the number of inputs or attributes). Again, the target set of policies needs to be known at evaluation time. This latter scheme is secure in the random oracle model under the polynomial hardness of LWE with sub-exponential noise ratio.

For the full and most up-to-date version of this work, see Cryptology ePrint Archive http://eprint.iacr.org/2016/691. Z. Brakerski and R. Tsabary—Supported by the Israel Science Foundation (Grant No. 468/14), the Alon Young Faculty Fellowship, Binational Science Foundation (Grant No. 712307) and Google Faculty Research Award. H. Wee—Supported by ERC Project aSCEND (H2020 639554) and NSF Award CNS-1445424. c International Association for Cryptologic Research 2016  M. Hirt and A. Smith (Eds.): TCC 2016-B, Part II, LNCS 9986, pp. 330–360, 2016. DOI: 10.1007/978-3-662-53644-5 13

Targeted Homomorphic Attribute-Based Encryption

1

331

Introduction

Consider a situation where a large number of data items μ1 , μ2 , . . . is stored on a remote cloud server. For privacy purposes, the data items are encrypted. The user, who holds the decryption key, can retrieve the encrypted data and decrypt it locally. Using fully homomorphic encryption (FHE) [20,34], it can also ask the server to evaluate a function g on the encrypted data, and produce an encryption of g(μ1 , μ2 , . . .) which can be sent back for decryption, all without compromising privacy. The state of the art homomorphic encrypt

Data Loading...

Recommend Documents
Homomorphic Encryption

162 42 14MB

Practical Packing Method in Somewhat Homomorphic Encryption

226 73 266KB

Faster Fully Homomorphic Encryption: Bootstrapping in Less Than 0.1 Seconds

212 25 708KB

Multi-key Fully-Homomorphic Encryption in the Plain Model

154 106 14MB

Efficient AGCD-Based Homomorphic Encryption for Matrix and Vector Arithmetic

190 79 10MB

General Impossibility of Group Homomorphic Encryption in the Quantum World

191 2 8MB

Attack on Recent Homomorphic Encryption Scheme over Integers

159 12 2MB

Securing IoT Devices Generated Data Using Homomorphic Encryption

173 51 10MB

Quantum multiparty cryptosystems based on a homomorphic random basis encryption

155 43 598KB

Puncturable Encryption: A Generic Construction from Delegatable Fully Key-Homomorphic Encryption

177 82 39MB

Paillier Homomorphic Encryption with K-Means Clustering Algorithm (PHEKC) for Data Mining Security in Cloud

132 27 43MB

SEOTP: a new secure and efficient ownership transfer protocol based on quadric residue and homomorphic encryption

162 51 2MB