research-article

Attribute-based encryption for circuits

Authors:
Sergey Gorbunov

University of Toronto, Toronto, ON, Canada

University of Toronto, Toronto, ON, Canada
View Profile

,
Vinod Vaikuntanathan

University of Toronto, Toronto, ON, Canada

University of Toronto, Toronto, ON, Canada
View Profile

,
Hoeteck Wee

George Washington University, Washington D.C., DC, USA

George Washington University, Washington D.C., DC, USA
View Profile

STOC '13: Proceedings of the forty-fifth annual ACM symposium on Theory of ComputingJune 2013Pages 545–554https://doi.org/10.1145/2488608.2488677

Published:01 June 2013Publication History

STOC '13: Proceedings of the forty-fifth annual ACM symposium on Theory of Computing

Pages 545–554

ABSTRACT

In an attribute-based encryption (ABE) scheme, a ciphertext is associated with an l-bit public index pind and a message m, and a secret key is associated with a Boolean predicate P. The secret key allows to decrypt the ciphertext and learn m iff P(pind) = 1. Moreover, the scheme should be secure against collusions of users, namely, given secret keys for polynomially many predicates, an adversary learns nothing about the message if none of the secret keys can individually decrypt the ciphertext.

We present attribute-based encryption schemes for circuits of any arbitrary polynomial size, where the public parameters and the ciphertext grow linearly with the depth of the circuit. Our construction is secure under the standard learning with errors (LWE) assumption. Previous constructions of attribute-based encryption were for Boolean formulas, captured by the complexity class NC¹.

In the course of our construction, we present a new framework for constructing ABE schemes. As a by-product of our framework, we obtain ABE schemes for polynomial-size branching programs, corresponding to the complexity class LOGSPACE, under quantitatively better assumptions.

References

Shweta Agrawal, Dan Boneh, and Xavier Boyen. Efficient lattice (H)IBE in the standard model. In EUROCRYPT, pages 553--572, 2010. Google ScholarDigital Library
Shweta Agrawal, Dan Boneh, and Xavier Boyen. Lattice basis delegation in fixed dimension and shorter-ciphertext hierarchical IBE. In CRYPTO, pages 98--115, 2010. Google ScholarDigital Library
Shweta Agrawal, Xavier Boyen, Vinod Vaikuntanathan, Panagiotis Voulgaris, and Hoeteck Wee. Functional encryption for threshold functions (or, fuzzy IBE) from lattices. In Public Key Cryptography, pages 280--297, 2012. Google ScholarDigital Library
Shweta Agrawal, David Mandell Freeman, and Vinod Vaikuntanathan. Functional encryption for inner product predicates from learning with errors. In ASIACRYPT, pages 21--40, 2011. Google ScholarDigital Library
Miklós Ajtai. Generating hard instances of the short basis problem. In ICALP, pages 1--9, 1999. Google ScholarDigital Library
Miklós Ajtai, Ravi Kumar, and D. Sivakumar. A sieve algorithm for the shortest lattice vector problem. In STOC, pages 601--610, 2001. Google ScholarDigital Library
Benny Applebaum, Yuval Ishai, and Eyal Kushilevitz. From secrecy to soundness: Efficient verification via secure computation. In ICALP (1), pages 152--163, 2010. Google ScholarDigital Library
Giuseppe Ateniese, Kevin Fu, Matthew Green, and Susan Hohenberger. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur., 9(1):1--30, 2006. Google ScholarDigital Library
Mihir Bellare, Viet Tung Hoang, and Phillip Rogaway. Foundations of garbled circuits. In ACM CCS, pages 784--796, 2012. Google ScholarDigital Library
Matt Blaze, Gerrit Bleumer, and Martin Strauss. Divertible protocols and atomic proxy cryptography. In EUROCRYPT, pages 127--144, 1998.Google ScholarCross Ref
Dan Boneh and Xavier Boyen. Efficient selective-id secure identity-based encryption without random oracles. In EUROCRYPT, pages 223--238, 2004.Google ScholarCross Ref
Dan Boneh and Matthew K. Franklin. Identity-based encryption from the Weil pairing. In CRYPTO, pages 213--229, 2001. Google ScholarDigital Library
Dan Boneh, Amit Sahai, and Brent Waters. Functional encryption: Definitions and challenges. In TCC, pages 253--273, 2011. Google ScholarDigital Library
Xavier Boyen. Attribute-based functional encryption on lattices. In TCC, 2013. To appear. Google ScholarDigital Library
Zvika Brakerski and Vinod Vaikuntanathan. Efficient fully homomorphic encryption from (standard) LWE. In FOCS, pages 97--106, 2011. Google ScholarDigital Library
David Cash, Dennis Hofheinz, and Eike Kiltz. How to delegate a lattice basis. Cryptology ePrint Archive, Report 2009/351, 2009.Google Scholar
David Cash, Dennis Hofheinz, Eike Kiltz, and Chris Peikert. Bonsai trees, or how to delegate a lattice basis. J. Cryptology, 25(4):601--639, 2012.Google ScholarDigital Library
Kai-Min Chung, Yael Kalai, and Salil P. Vadhan. Improved delegation of computation using fully homomorphic encryption. In CRYPTO, pages 483--501, 2010. Google ScholarDigital Library
Clifford Cocks. An identity based encryption scheme based on quadratic residues. In IMA Int. Conf., pages 360--363, 2001. Google ScholarDigital Library
Sanjam Garg, Craig Gentry, and Shai Halevi. Candidate multilinear maps from ideal lattices and applications. Cryptology ePrint Archive, Report 2012/610, 2012.Google Scholar
Sanjam Garg, Craig Gentry, Shai Halevi, Amit Sahai, and Brent Waters. Attribute-based encryption for circuits from multilinear maps. Cryptology ePrint Archive, Report 2013/128, 2013.Google Scholar
Rosario Gennaro, Craig Gentry, and Bryan Parno. Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In CRYPTO, pages 465--482, 2010. Google ScholarDigital Library
Craig Gentry. Fully homomorphic encryption using ideal lattices. In STOC, pages 169--178, 2009. Google ScholarDigital Library
Craig Gentry, Chris Peikert, and Vinod Vaikuntanathan. Trapdoors for hard lattices and new cryptographic constructions. In STOC, pages 197--206, 2008. Google ScholarDigital Library
Shafi Goldwasser, Yael Kalai, Raluca Ada Popa, Vinod Vaikuntanathan, and Nickolai Zeldovich. Succinct functional encryption and its power: Reusable garbled circuits and beyond. In STOC, 2013. To appear.Google Scholar
Shafi Goldwasser, Yael Tauman Kalai, and Guy N. Rothblum. Delegating computation: interactive proofs for muggles. In STOC, pages 113--122, 2008. Google ScholarDigital Library
Sergey Gorbunov, Vinod Vaikuntanathan, and Hoeteck Wee. Functional encryption with bounded collusions via multi-party computation. In CRYPTO, pages 162--179, 2012.Google ScholarDigital Library
Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. Attribute-based encryption for fine-grained access control of encrypted data. In ACM CCS, pages 89--98, 2006. Google ScholarDigital Library
Susan Hohenberger, Guy N. Rothblum, Abhi Shelat, and Vinod Vaikuntanathan. Securely obfuscating re-encryption. J. Cryptology, 24(4):694--719, 2011. Google ScholarDigital Library
Allison B. Lewko, Tatsuaki Okamoto, Amit Sahai, Katsuyuki Takashima, and Brent Waters. Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In EUROCRYPT, pages 62--91, 2010. Google ScholarDigital Library
Allison B. Lewko and Brent Waters. New techniques for dual system encryption and fully secure HIBE with short ciphertexts. In TCC, pages 455--479, 2010. Google ScholarDigital Library
Allison B. Lewko and Brent Waters. New proof methods for attribute-based encryption: Achieving full security through selective techniques. In CRYPTO, pages 180--198, 2012.Google Scholar
Silvio Micali. Computationally sound proofs. SIAM J. Comput., 30(4):1253--1298, 2000. Google ScholarDigital Library
Daniele Micciancio and Chris Peikert. Trapdoors for lattices: Simpler, tighter, faster, smaller. In EUROCRYPT, pages 700--718, 2012. Google ScholarDigital Library
Daniele Micciancio and Panagiotis Voulgaris. A deterministic single exponential time algorithm for most lattice problems based on voronoi cell computations. In STOC, pages 351--358, 2010. Google ScholarDigital Library
Tatsuaki Okamoto and Katsuyuki Takashima. Fully secure functional encryption with general relations from the decisional linear assumption. In CRYPTO, pages 191--208, 2010. Google ScholarDigital Library
Adam O'Neill. Definitional issues in functional encryption. Cryptology ePrint Archive, Report 2010/556, 2010.Google Scholar
Bryan Parno, Mariana Raykova, and Vinod Vaikuntanathan. How to delegate and verify in public: Verifiable computation from attribute-based encryption. In TCC, pages 422--439, 2012. Google ScholarDigital Library
Chris Peikert. Public-key cryptosystems from the worst-case shortest vector problem. In STOC, pages 333--342, 2009. Google ScholarDigital Library
Oded Regev. On lattices, learning with errors, random linear codes, and cryptography. J. ACM, 56(6), 2009. Google ScholarDigital Library
Oded Regev. On lattices, learning with errors, random linear codes, and cryptography. J. ACM, 56(6), 2009. Google ScholarDigital Library
Alon Rosen and Gil Segev. Chosen-ciphertext security via correlated products. SIAM J. Comput., 39(7):3058--3088, 2010. Google ScholarDigital Library
Amit Sahai and Hakan Seyalioglu. Worry-free encryption: functional encryption with public keys. In ACM CCS, pages 463--472, 2010. Google ScholarDigital Library
Amit Sahai and Brent Waters. Fuzzy identity-based encryption. In EUROCRYPT, pages 457--473, 2005. Google ScholarDigital Library
Adi Shamir. Identity-based cryptosystems and signature schemes. In CRYPTO, pages 47--53, 1984. Google ScholarDigital Library
Damien Stehlé and Ron Steinfeld. Faster fully homomorphic encryption. In ASIACRYPT, pages 377--394, 2010.Google ScholarCross Ref
Brent Waters. Dual system encryption: Realizing fully secure IBE and HIBE under simple assumptions. In CRYPTO, pages 619--636, 2009. Google ScholarDigital Library
Brent Waters. Functional encryption for regular languages. In CRYPTO, pages 218--235, 2012.Google ScholarDigital Library

Index Terms

Attribute-based encryption for circuits
1. Security and privacy
  1. Cryptography
    1. Public key (asymmetric) techniques
      1. Public key encryption

Recommendations

Attribute-Based Encryption for Circuits

In an attribute-based encryption (ABE) scheme, a ciphertext is associated with an ℓ-bit public index ind and a message m, and a secret key is associated with a Boolean predicate P. The secret key allows decrypting the ciphertext and learning m if and ...
Read More
Comments on Circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation

Attribute-based encryption (ABE) with outsourced decryption not only allows fine-grained and versatile sharing of encrypted data, but also largely mitigates the decryption overhead and the ciphertext size in the standard ABE schemes. Very recently, Xu ...
Read More
Revocable attribute-based encryption from standard lattices
Abstract
Attribute-based encryption (ABE) is an attractive extension of public key encryption, which provides fine-grained and role-based access to encrypted data. In its key-policy flavor, the secret key is associated with an access policy and ...
Highlights
- Our scheme is based on the learning with errors (LWE) problem, which is believed to be quantum-resistant.
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
STOC '13: Proceedings of the forty-fifth annual ACM symposium on Theory of Computing
June 2013
998 pages
ISBN:9781450320290
DOI:10.1145/2488608
General Chairs:
Dan Boneh
Stanford University, USA
,
Tim Roughgarden
Stanford University, USA
,
Program Chair:
Joan Feigenbaum
Yale University, USA
Copyright © 2013 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 1 June 2013
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
attribute-based encryption
lattices
Qualifiers
- research-article
Conference

Acceptance Rates
STOC '13 Paper Acceptance Rate100of360submissions,28%Overall Acceptance Rate1,469of4,586submissions,32%
More
Upcoming Conference
STOC '24

Sponsor:

sigact

56th Annual ACM Symposium on Theory of Computing (STOC 2024)

June 24 - 28, 2024

Vancouver , BC , Canada
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 246
  Total Citations
  View Citations
- 698
  Total Downloads
- Downloads (Last 12 months)22
- Downloads (Last 6 weeks)4
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Attribute-based encryption for circuits

STOC '13: Proceedings of the forty-fifth annual ACM symposium on Theory of Computing

ABSTRACT

References

Cited By

Index Terms

Recommendations

Attribute-Based Encryption for Circuits

Comments on Circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation

Revocable attribute-based encryption from standard lattices