Abstract
Lewko and Waters introduced the computational hiding technique in Crypto’12. In their technique, two computational assumptions that achieve selective and co-selective security proofs lead to adaptive security of an encryption scheme. Later, pair encoding framework was introduced by Attrapadung in Eurocrypt’14. The pair encoding framework generalises the computational hiding technique for functional encryption (FE). It has been used to achieve a number of new FE schemes such as FE for regular languages and unbounded attribute based encryption allowing multi-use of attributes. Nevertheless, the generalised construction of Attrapadung’s pair encoding for those schemes is adaptively secure only in composite order groups, which leads to efficiency loss. It remains a challenging task to explore constructions in prime order groups for gaining efficiency improvement, which leaves the research gap in the existing literature. In this work, we aim to address this drawback by proposing a new generalised construction for pair encodings in prime order groups. Our construction will lead to a number of new FE schemes in prime order groups, which have been previously introduced only in composite order groups by Attrapadung.
Similar content being viewed by others
Notes
We note that at present, there is a concurrent work for this claim. We shall describe it in Sect. 1.2.
The algorithm only knows the values of x and \(\mathbf {r}\). Therefore, \(\mathbf {c}(y,(1, \mathbf {h});s,\mathbf {s})\) is a multivariate linear function of \(\alpha \) and \(\mathbf {h}\). However, due to the linearity, all elements in a ciphertext can be calculated because \(g_1^\mathbf {h}, g_1^{a\mathbf {h}}\) and \(g_1^{\tau \mathbf {h}}\) are given.
Similar to Encrypt, \(\mathbf {K}_0\) can be calculated using \(g_2^{\alpha }\) and \(g_2^\mathbf {h}\).
References
Agrawal S., Chase M.: A study of pair encodings: predicate encryption in prime order groups. IACR Cryptol. ePrint Arch. 2015, 413 (2015).
Attrapadung N.: Dual system encryption via doubly selective security: framework, fully secure functional encryption for regular languages, and more. In: Nguyen P.Q., Oswald E. (eds.) EUROCRYPT. LNCS, vol. 8441, pp. 557–577. Springer, Heidelberg (2014).
Attrapadung N.: Dual system encryption framework in prime-order groups. IACR Cryptol. ePrint Arch. 2015, 390 (2015).
Attrapadung N., Yamada S.: Duality in ABE: converting attribute based encryption for dual predicate and dual policy via computational encodings. In: Nyberg K. (ed.) CT-RSA. LNCS, vol. 9048, pp. 87–105. Springer, Heidelberg (2015).
Boneh D., Boyen X.: Efficient selective-id secure identity-based encryption without random oracles. In: EUROCRYPT, pp. 223–238 (2004).
Boneh D., Franklin M.K.: Identity-based encryption from the weil pairing. In: CRYPTO, pp. 213–229 (2001).
Boneh D., Gentry C., Gorbunov S., Halevi S., Nikolaenko V., Segev G., Vaikuntanathan V., Vinayagamurthy D.: Fully key-homomorphic encryption, arithmetic circuit ABE and compact garbled circuits. In: Nguyen P.Q., Oswald E. (eds.) EUROCRYPT. LNCS, vol. 8441, pp. 533–556. Springer, Heidelberg (2014).
Canetti R., Halevi S., Katz J.: A forward-secure public-key encryption scheme. In: EUROCRYPT, pp. 255–271 (2003).
Chen J., Wee H.: Fully, (almost) tightly secure IBE and dual system groups. In: Canetti R., Garay J.A. (eds.) Advances in Cryptology—CRYPTO 2013—33rd Annual Cryptology Conference, Santa Barbara, CA, USA, 18–22 Aug, 2013. Proceedings, Part II. LNCS, vol. 8043, pp. 435–460. Springer, Heidelberg (2013).
Chen J., Gay R., Wee H.: Improved dual system ABE in prime-order groups via predicate encodings. In: Oswald E., Fischlin M. (eds.) EUROCRYPT. LNCS, vol. 9057, pp. 595–624. Springer, Heidelberg (2015).
Cocks C.: An identity based encryption scheme based on quadratic residues. In: Honary B. (ed.) IMA International Conference. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001).
Freeman D.M.: Converting pairing-based cryptosystems from composite-order groups to prime-order groups. In: Gilbert H. (ed.) EUROCRYPT. LNCS, vol. 6110, pp. 44–61. Springer, Heidelberg (2010).
Goyal V., Pandey O., Sahai A., Waters B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Juels A., Wright R.N., di Vimercati S.D.C. (eds.) ACM Conference on Computer and Communications Security, pp. 89–98. ACM, New York (2006).
Herold G., Hesse J., Hofheinz D., Ràfols C., Rupp A.: Polynomial spaces: a new framework for composite-to-prime-order transformations. In: Garay J.A., Gennaro R. (eds.) CRYPTO. LNCS, vol. 8616, pp. 261–279. Springer, Heidelberg (2014).
Ishai Y., Wee H.: Partial garbling schemes and their applications. In: Esparza J., Fraigniaud P., Husfeldt T., Koutsoupias E. (eds.) ICALP. LNCS, vol. 8572, pp. 650–662. Springer, Heidelberg (2014).
Katz J., Sahai A., Waters B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: EUROCRYPT, pp. 146–162 (2008).
Lewko A.B.: Tools for simulating features of composite order bilinear groups in the prime order setting. In: Pointcheval D., Johansson T. (eds.) EUROCRYPT. LNCS, vol. 7237, pp. 318–335. Springer, Heidelberg (2012).
Lewko A.B., Waters B.: New techniques for dual system encryption and fully secure hibe with short ciphertexts. In: Micciancio D. (ed.) TCC. LNCS, vol. 5978, pp. 455–479. Springer, Heidelberg (2010).
Lewko A.B., Waters B.: New proof methods for attribute-based encryption: achieving full security through selective techniques. In: Safavi-Naini R., Canetti R. (eds.) CRYPTO. LNCS, vol. 7417, pp. 180–198. Springer, Heidelberg (2012).
Lewko A.B., Okamoto T., Sahai A., Takashima K., Waters B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert H. (ed.) EUROCRYPT. LNCS, vol. 6110, pp. 62–91. Springer, Heidelberg (2010).
Okamoto T., Takashima K.: Hierarchical predicate encryption for inner-products. In: Matsui M. (ed.) ASIACRYPT. LNCS, vol. 5912, pp. 214–231. Springer, Heidelberg (2009).
Okamoto T., Takashima K.: Fully secure functional encryption with general relations from the decisional linear assumption. In: Rabin T. (ed.) CRYPTO. LNCS, vol. 6223, pp. 191–208. Springer, Heidelberg (2010).
Okamoto T., Takashima K.: Fully secure unbounded inner-product and attribute-based encryption. In: Wang X., Sako K. (eds.) ASIACRYPT. LNCS, vol. 7658, pp. 349–366. Springer, Heidelberg (2012).
Sahai A., Waters B.: Fuzzy identity-based encryption. In: EUROCRYPT, pp. 457–473 (2005).
Seo J.H.: On the (im)possibility of projecting property in prime-order setting. In: Wang X., Sako K. (eds.) ASIACRYPT. LNCS, vol. 7658, pp. 61–79. Springer, Heidelberg (2012).
Shamir A.: Identity-based cryptosystems and signature schemes. In: CRYPTO, pp. 47–53 (1984).
Waters B.: Dual system encryption: realizing fully secure IBE and HIBE under simple assumptions. In: Halevi S. (ed.) CRYPTO. LNCS, vol. 5677, pp. 619–636. Springer, Heidelberg (2009).
Waters B.: Functional encryption for regular languages. In: Safavi-Naini R., Canetti R. (eds.) CRYPTO. LNCS, vol. 7417, pp. 218–235. Springer, Heidelberg (2012).
Wee H.: Dual system encryption via predicate encodings. In: Lindell Y. (ed.) TCC. LNCS, vol. 8349, pp. 616–637. Springer, Heidelberg (2014).
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by R. Steinwandt.
Appendix: Equations in Lemma 2.1
Appendix: Equations in Lemma 2.1
If \(T = f_2^{cw}\), then \(\mathbf {K}_0, \mathbf {K}_1\) and \(\mathbf {K}_2\) are properly distributed \(\hbox {NE}_{j-1}\) since
This implicitly sets \(\mathbf {r} = \mathbf {r}'' -c \cdot \mathbf {1}_j\) and \(\mathbf {z} = \mathbf {z}' + \mathbf {k}(0,x,(1,\mathbf {h}'); c \cdot \mathbf {1}_j)\). The second equality (12) in above equation holds by the linearity over random values because
The third equality (13) holds because of the definition of \(\mathbf {r}\) (\( = \mathbf {r}''- c \cdot \mathbf {1}_j\)) and linearity over random values. The equalities (14) and (15) hold due to linearity over common parameters.
If T is random in Lemma 2.1. and we let \(f_2^{wc + \gamma }\) denote it, This is properly distributed \(\hbox {NE}_j\) since \((f_2^\gamma )^{- a\mathbf {k}(0,x,(1,\mathbf {h}'); \cdot \mathbf {1}_j)}\) is multiplied to \(\mathbf {K}_1\). By linearity over random values, this implicitly sets \(\mathbf {r}'_j = \mathbf {r}'_{j-1} +\gamma \cdot \mathbf {1}_j\). \(\mathbf {r}'_j\) is still randomly distributed since \(\gamma \) is a random value.
The challenge ciphertext is also properly distributed because
The equalities of (16) and (19) hold by linearity over common parameters. Also, those of (17) and (18) hold by linearity over random values. The equalities of (20) holds since
It is worth noting that all equalities above hold by linearity over random values. The last equalities in \(\mathbf {C}_0, \mathbf {C}_1\) and \(\mathbf {C}_2\) hold because of \(s' = -d^2t {\tilde{s}}, \mathbf {s}' = -d^2t \tilde{\mathbf {s}}\) and the definitions of public parameters. \({\tilde{s}}\) and \(\tilde{\mathbf {s}}\) are randomly distributed to the adversary although they also appear in \(s = wt {\tilde{s}} + s'', \mathbf {s}=wt{\tilde{s}} + \mathbf {s}''\) since their values are not revealed in those values (due to \(s''\) and \(\mathbf {s}''\)).
Rights and permissions
About this article
Cite this article
Kim, J., Susilo, W., Guo, F. et al. Functional encryption for computational hiding in prime order groups via pair encodings. Des. Codes Cryptogr. 86, 97–120 (2018). https://doi.org/10.1007/s10623-017-0327-7
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-017-0327-7