Attribute-Based Encryption for Circuits

Authors:
Sergey Gorbunov

University of Waterloo, Cambridge, MA

University of Waterloo, Cambridge, MA
View Profile

,
Vinod Vaikuntanathan

MIT and University of Toronto, Cambridge, MA

MIT and University of Toronto, Cambridge, MA
View Profile

,
Hoeteck Wee

CNRS -- ENS, Paris, France

CNRS -- ENS, Paris, France
View Profile

Authors Info & Claims

Journal of the ACM Volume 62 Issue 6Article No.: 45pp 1–33https://doi.org/10.1145/2824233

Published:10 December 2015Publication History

Journal of the ACM

Abstract

In an attribute-based encryption (ABE) scheme, a ciphertext is associated with an ℓ-bit public index ind and a message m, and a secret key is associated with a Boolean predicate P. The secret key allows decrypting the ciphertext and learning m if and only if P(ind) = 1. Moreover, the scheme should be secure against collusions of users, namely, given secret keys for polynomially many predicates, an adversary learns nothing about the message if none of the secret keys can individually decrypt the ciphertext.

We present attribute-based encryption schemes for circuits of any arbitrary polynomial size, where the public parameters and the ciphertext grow linearly with the depth of the circuit. Our construction is secure under the standard learning with errors (LWE) assumption. Previous constructions of attribute-based encryption were for Boolean formulas, captured by the complexity class NC¹.

In the course of our construction, we present a new framework for constructing ABE schemes. As a by-product of our framework, we obtain ABE schemes for polynomial-size branching programs, corresponding to the complexity class LOGSPACE, under quantitatively better assumptions.

References

Shweta Agrawal, Dan Boneh, and Xavier Boyen. 2010a. Efficient lattice (H)IBE in the standard model. In Proceedings of EUROCRYPT. 553--572. Google ScholarDigital Library
Shweta Agrawal, Dan Boneh, and Xavier Boyen. 2010b. Lattice basis delegation in fixed dimension and shorter-ciphertext hierarchical IBE. In Proceedings of CRYPTO. 98--115. Google ScholarDigital Library
Shweta Agrawal, Xavier Boyen, Vinod Vaikuntanathan, Panagiotis Voulgaris, and Hoeteck Wee. 2012. Functional encryption for threshold functions (or, fuzzy IBE) from lattices. In Proceedings of the 15th International Conference on Practice and Theory in Public Key Cryptography. 280--297. Google ScholarDigital Library
Shweta Agrawal, David Mandell Freeman, and Vinod Vaikuntanathan. 2011. Functional encryption for inner product predicates from learning with errors. In Proceedings of ASIACRYPT. 21--40. Google ScholarDigital Library
Miklós Ajtai. 1999. Generating hard instances of the short basis problem. In Proceedings of ICALP. 1--9. Google ScholarDigital Library
Miklós Ajtai, Ravi Kumar, and D. Sivakumar. 2001. A sieve algorithm for the shortest lattice vector problem. In Proceedings of STOC. 601--610. Google ScholarDigital Library
Adi Akavia, Shafi Goldwasser, and Vinod Vaikuntanathan. 2009. Simultaneous hardcore bits and cryptography against memory attacks. In Proceedings of 6th Theory of Cryptography Conference (TCC09). 474--495. Google ScholarDigital Library
Joseph A. Akinyele, Matthew W. Pagano, Matthew D. Green, Christoph U. Lehmann, Zachary N. J. Peterson, and Aviel D. Rubin. 2011. Securing electronic medical records using attribute-based encryption on mobile devices. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM'11). ACM, New York, NY, 75--86. DOI:http://dx.doi.org/10.1145/2046614.2046628 Google ScholarDigital Library
Prabhanjan Ananth, Zvika Brakerski, Gil Segev, and Vinod Vaikuntanathan. 2014. From selective to adaptive security in functional encryption. Cryptology ePrint Archive: Report 2014/917. (2014).Google Scholar
Benny Applebaum, Yuval Ishai, and Eyal Kushilevitz. 2010. From secrecy to soundness: Efficient verification via secure computation. In Proceedings of ICALP. 152--163. Google ScholarDigital Library
Giuseppe Ateniese, Kevin Fu, Matthew Green, and Susan Hohenberger. 2006. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9, 1 (2006), 1--30. Google ScholarDigital Library
Mihir Bellare, Viet Tung Hoang, and Phillip Rogaway. 2012. Foundations of garbled circuits. In Proceedings of the ACM CCS. 784--796. Google ScholarDigital Library
Matt Blaze, Gerrit Bleumer, and Martin Strauss. 1998. Divertible protocols and atomic proxy cryptography. In Proceedings of EUROCRYPT. 127--144.Google ScholarCross Ref
Dan Boneh and Xavier Boyen. 2004. Efficient selective-ID secure identity-based encryption without random oracles. In Proceedings of EUROCRYPT. 223--238.Google ScholarCross Ref
Dan Boneh, Giovanni Di Crescenzo, Rafail Ostrovsky, and Giuseppe Persiano. 2004. Public key encryption with keyword search. In Advances in Cryptology - Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (Eurcorypt'04). 506--522.Google ScholarCross Ref
Dan Boneh and Matthew K. Franklin. 2001. Identity-based encryption from the Weil pairing. In Proceedings of CRYPTO. 213--229. Google ScholarDigital Library
Dan Boneh, Craig Gentry, Sergey Gorbunov, Shai Halevi, Valeria Nikolaenko, Gil Segev, Vinod Vaikuntanathan, and Dhinakaran Vinayagamurthy. 2014. Fully key-homomorphic encryption, arithmetic circuit ABE and compact garbled circuits. In Proceedings of EUROCRYPT.Google ScholarCross Ref
Dan Boneh, Amit Sahai, and Brent Waters. 2011. Functional encryption: Definitions and challenges. In Proceedings of TCC. 253--273. Google ScholarDigital Library
Xavier Boyen. 2013. Attribute-based functional encryption on lattices. In Proceedings of TCC. 122--142. Google ScholarDigital Library
Zvika Brakerski and Vinod Vaikuntanathan. 2011. Efficient fully homomorphic encryption from (standard) LWE. In Proceedings of FOCS. 97--106. Google ScholarDigital Library
David Cash, Dennis Hofheinz, and Eike Kiltz. 2009. How to delegate a lattice basis. Cryptology ePrint Archive, Report 2009/351. (2009).Google Scholar
David Cash, Dennis Hofheinz, Eike Kiltz, and Chris Peikert. 2012. Bonsai trees, or how to delegate a lattice basis. J. Cryptol. 25, 4 (2012), 601--639. Google ScholarDigital Library
Kai-Min Chung, Yael Kalai, and Salil P. Vadhan. 2010. Improved delegation of computation using fully homomorphic encryption. In Proceedings of CRYPTO. 483--501. Google ScholarDigital Library
Clifford Cocks. 2001. An identity based encryption scheme based on quadratic residues. In Proceedings of the IMA International Conference. 360--363. Google ScholarDigital Library
Jean-Sbastien Coron, Tancrde Lepoint, and Mehdi Tibouchi. 2013. Practical multilinear maps over the integers. In Advances in Cryptology - (CRYPTO'13), Ran Canetti and Juan A. Garay (Eds.). Lecture Notes in Computer Science, Vol. 8042. Springer, Berlin Heidelberg, 476--493. DOI:http://dx.doi.org/10.1007/978-3-642-40041-4_26Google Scholar
Sanjam Garg, Craig Gentry, and Shai Halevi. 2012. Candidate multilinear maps from ideal lattices and applications. Cryptology ePrint Archive, Report 2012/610. (2012).Google Scholar
Sanjam Garg, Craig Gentry, Shai Halevi, Amit Sahai, and Brent Waters. 2013. Attribute-based encryption for circuits from multilinear maps. In Proceedings of CRYPTO. 479--499. Also, Cryptology ePrint Archive, Report 2013/128.Google Scholar
Rosario Gennaro, Craig Gentry, and Bryan Parno. 2010. Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In Proceedings of CRYPTO. 465--482. Google ScholarDigital Library
Craig Gentry. 2009. Fully homomorphic encryption using ideal lattices. In Proceedings of STOC. 169--178. Google ScholarDigital Library
Craig Gentry, Chris Peikert, and Vinod Vaikuntanathan. 2008. Trapdoors for hard lattices and new cryptographic constructions. In Proceedings of STOC. 197--206. Google ScholarDigital Library
Shafi Goldwasser, Yael Kalai, Raluca Ada Popa, Vinod Vaikuntanathan, and Nickolai Zeldovich. 2013. Succinct functional encryption and its power: Reusable garbled circuits and beyond. In Proceedings of STOC.Google Scholar
Shafi Goldwasser, Yael Tauman Kalai, and Guy N. Rothblum. 2008. Delegating computation: Interactive proofs for muggles. In Proceedings of STOC. 113--122. Google ScholarDigital Library
Sergey Gorbunov, Vinod Vaikuntanathan, and Hoeteck Wee. 2012. Functional encryption with bounded collusions via multi-party computation. In Proceedings of CRYPTO. 162--179.Google ScholarDigital Library
Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. 2006. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the ACM CCS. 89--98. Google ScholarDigital Library
Matthew Green, Susan Hohenberger, and Brent Waters. 2011. Outsourcing the decryption of ABE ciphertexts. In Proceedings of the 20th USENIX Conference on Security (SEC'11). USENIX Association. http://dl.acm.org/citation.cfm?id=2028067.2028101. Google ScholarDigital Library
Susan Hohenberger, Guy N. Rothblum, Abhi Shelat, and Vinod Vaikuntanathan. 2011. Securely obfuscating re-encryption. J. Cryptol. 24, 4 (2011), 694--719. Google ScholarDigital Library
Jonathan Katz, Amit Sahai, and Brent Waters. 2008. Predicate encryption supporting disjunctions, polynomial equations, and inner products. In Proceedings of EUROCRYPT. 146--162. Google ScholarDigital Library
Allison B. Lewko, Tatsuaki Okamoto, Amit Sahai, Katsuyuki Takashima, and Brent Waters. 2010. Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In Proceedings of EUROCRYPT. 62--91. Google ScholarDigital Library
Allison B. Lewko and Brent Waters. 2010. New techniques for dual system encryption and fully secure HIBE with short ciphertexts. In Proceedings of TCC. 455--479. Google ScholarDigital Library
Allison B. Lewko and Brent Waters. 2012. New proof methods for attribute-based encryption: Achieving full security through selective techniques. In Proceedings of CRYPTO. 180--198.Google Scholar
Ming Li, Shucheng Yu, Yao Zheng, Kui Ren, and Wenjing Lou. 2013. Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24, 1 (2013), 131--143. DOI:http://dx.doi.org/10.1109/TPDS.2012.97 Google ScholarDigital Library
Silvio Micali. 2000. Computationally sound proofs. SIAM J. Comput. 30, 4 (2000), 1253--1298. Google ScholarDigital Library
Daniele Micciancio and Chris Peikert. 2012. Trapdoors for lattices: Simpler, tighter, faster, smaller. In Proceedings of EUROCRYPT. 700--718. Google ScholarDigital Library
Daniele Micciancio and Panagiotis Voulgaris. 2010. A deterministic single exponential time algorithm for most lattice problems based on voronoi cell computations. In Proceedings of STOC. 351--358. Google ScholarDigital Library
Tatsuaki Okamoto and Katsuyuki Takashima. 2010. Fully secure functional encryption with general relations from the decisional linear assumption. In Proceedings of CRYPTO. 191--208. Google ScholarDigital Library
Adam O'Neill. 2010. Definitional issues in functional encryption. Cryptology ePrint Archive, Report 2010/556. (2010).Google Scholar
Rafail Ostrovsky and William E. Skeith III. 2005. Private streaming in streaming data. In Advances in Cryptology (CRYPTO'05), Victor Shoup (Ed.). Lecture Notes in Computer Science, Vol. 3621. Springer Berlin Heidelberg, 223--240. Google ScholarDigital Library
John P. Papanis, Stavros I. Papapanagiotou, Aziz S. Mousas, Georgios V. Lioudakis, Dimitra I. Kaklamani, and Iakovos S. Venieris. 2014. On the use of attribute-based encryption for multimedia content protection over information-centric networks. Trans. Emerg. Telecommu. Techno. 25, 4 (2014), 422--435. DOI: http://dx.doi.org/10.1002/ett.2722 Google ScholarDigital Library
Bryan Parno, Mariana Raykova, and Vinod Vaikuntanathan. 2012. How to delegate and verify in public: Verifiable computation from attribute-based encryption. In Proceeding of TCC. 422--439. Google ScholarDigital Library
Chris Peikert. 2009. Public-key cryptosystems from the worst-case shortest vector problem. In Proceeding of STOC. 333--342. Google ScholarDigital Library
Oded Regev. 2009. On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56, 6 (2009). Google ScholarDigital Library
Alon Rosen and Gil Segev. 2010. Chosen-ciphertext security via correlated products. SIAM J. Comput. 39, 7 (2010), 3058--3088. Google ScholarDigital Library
Amit Sahai and Hakan Seyalioglu. 2010. Worry-free encryption: Functional encryption with public keys. In Proceeding of the ACM CCS. 463--472. Google ScholarDigital Library
Amit Sahai and Brent Waters. 2005. Fuzzy identity-based encryption. In Proceeding of EUROCRYPT. 457--473. Google ScholarDigital Library
Adi Shamir. 1984. Identity-based cryptosystems and signature schemes. In Proceeding of CRYPTO. 47--53. Google ScholarDigital Library
Damien Stehlé and Ron Steinfeld. 2010. Faster fully homomorphic encryption. In Proceeding of ASIACRYPT. 377--394.Google Scholar
Brent Waters. 2009. Dual system encryption: Realizing fully secure IBE and HIBE under simple assumptions. In Proceeding of CRYPTO. 619--636. Google ScholarDigital Library
Brent Waters. 2012. Functional encryption for regular languages. In Proceeding of CRYPTO. 218--235.Google Scholar

Index Terms

Attribute-Based Encryption for Circuits

Recommendations

Attribute-based encryption for circuits
STOC '13: Proceedings of the forty-fifth annual ACM symposium on Theory of Computing

In an attribute-based encryption (ABE) scheme, a ciphertext is associated with an l-bit public index pind and a message m, and a secret key is associated with a Boolean predicate P. The secret key allows to decrypt the ciphertext and learn m iff P(pind) ...
Read More
Comments on Circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation

Attribute-based encryption (ABE) with outsourced decryption not only allows fine-grained and versatile sharing of encrypted data, but also largely mitigates the decryption overhead and the ciphertext size in the standard ABE schemes. Very recently, Xu ...
Read More
Revocable attribute-based encryption from standard lattices
Abstract
Attribute-based encryption (ABE) is an attractive extension of public key encryption, which provides fine-grained and role-based access to encrypted data. In its key-policy flavor, the secret key is associated with an access policy and ...
Highlights
- Our scheme is based on the learning with errors (LWE) problem, which is believed to be quantum-resistant.
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
Journal of the ACM Volume 62, Issue 6
December 2015
304 pages
ISSN:0004-5411
EISSN:1557-735X
DOI:10.1145/2856350
Editor:
Éva Tardos
Cornell University
Issue’s Table of Contents
Copyright © 2015 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 10 December 2015
- Accepted: 1 September 2015
- Revised: 1 April 2015
- Received: 1 July 2014
Published in jacm Volume 62, Issue 6

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Cryptography
attribute-based encryption
fine-grained access control
lattices
learning with errors
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 52
  Total Citations
  View Citations
- 1,874
  Total Downloads
- Downloads (Last 12 months)345
- Downloads (Last 6 weeks)61
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Attribute-Based Encryption for Circuits

Journal of the ACM

Abstract

References

Cited By

Index Terms

Recommendations

Attribute-based encryption for circuits

Comments on Circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation

Revocable attribute-based encryption from standard lattices