Attribute-based encryption for fine-grained access control of encrypted data
Proceedings of the 13th ACM conference on Computer and communications security
Bilinear Groups of Composite Order
Pairing '07 Proceedings of the 1st international conference on Pairing-Based Cryptography: Pairing 2007
Delegating Capabilities in Predicate Encryption Systems
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Hidden-Vector Encryption with Groups of Prime Order
Pairing '08 Proceedings of the 2nd international conference on Pairing-Based Cryptography
Hierarchical Identity Based Encryption with Polynomially Many Levels
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Conjunctive, subset, and range queries on encrypted data
TCC'07 Proceedings of the 4th conference on Theory of cryptography
Predicate encryption supporting disjunctions, polynomial equations, and inner products
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Searching keywords with wildcards on encrypted data
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
New techniques for dual system encryption and fully secure HIBE with short ciphertexts
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Evaluating 2-DNF formulas on ciphertexts
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Efficient identity-based encryption without random oracles
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Practical identity-based encryption without random oracles
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Adaptively attribute-hiding (hierarchical) inner product encryption
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Hi-index | 0.00 |
Predicate encryption is an important cryptographic primitive (see [3,5,9,11]) that enables fine-grained control on the decryption keys. Roughly speaking, in a predicate encryption scheme the owner of the master secret key Msk can derive secret key SkP, for any predicate P from a specified class of predicates ℙ. In encrypting a message M, the sender can specify an attribute vector ${\ensuremath{\vec x}}$ and the resulting ciphertext $\tilde X$ can be decrypted only by using keys SkP such that $P({\ensuremath{\vec x}})=1$. Security is modeled by means of a game between a challenger $\mathcal{C}$ and a PPT adversary $\mathcal{A}$ that sees the public key, is allowed to ask for keys of predicates P of his choice and gives two challenge vectors${\ensuremath{\vec x}}_0$ and ${\ensuremath{\vec x}}_1$. $\mathcal{A}$ then receives a challenge ciphertext (an encryption of a randomly chosen challenge vector) and has to guess which of the two challenge vectors has been encrypted. The adversary $\mathcal{A}$ is allowed to ask queries even after seeing the challenge ciphertext. In the unrestricted queries model, it is required the adversary $\mathcal{A}$ to ask for keys of predicates P that do not discriminate the two challenge vectors; that is, for which $P({\ensuremath{\vec x}}_0)=P({\ensuremath{\vec x}}_1)$. It can be readily seen that this condition is necessary. In this paper, we consider hidden vector encryption (HVE in short), a notable case of predicate encryption introduced by Boneh and Waters [5] and further developed in [16,10,15]. In a HVE scheme, the ciphertext attributes are vectors ${\ensuremath{\vec x}}=\langle x_1,\ldots,x_\ell\rangle$ of length ℓ over alphabet Σ, keys are associated with vectors ${\ensuremath{\vec y}}=\langle y_1,\ldots,y_\ell\rangle$ of length ℓ over alphabet Σ∪{⋆} and we consider the ${\sf Match}({\ensuremath{\vec x}},{\ensuremath{\vec y}})$ predicate which is true if and only if, for all i, yi≠⋆ implies xi=yi. In [5], it is shown that HVE implies predicate encryption schemes for conjunctions, comparison, range queries and subset queries. We describe also constructions of secure predicate encryption for Boolean predicates that can be expressed as k-CNF and k-DNF (for any constant k) over binary variables. Our main contribution is a very simple, in terms of construction and security proof, implementation of the HVE primitive that can be proved fully secure against probabilistic polynomial-time adversaries in the unrestricted queries model under non-interactive constant sized (that is independent of ℓ) hardness assumptions on bilinear groups of composite order. Our proof employs the dual system methodology of Waters [18], that gave one of the first fully secure construction in this area, blended with a careful design of intermediate security games that keep into account the relationship between challenge ciphertext and key queries.