Skip to main content

Advertisement

Springer Nature Link
Log in

Cryptanalysis of Boyen’s attribute-based encryption scheme in TCC 2013

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

In TCC 2013, Boyen suggested the first lattice based construction of attribute based encryption (\(\mathsf {ABE}\)) for the circuit class \({\mathsf {NC}}_1\). Unfortunately, soon after, a flaw was found in the security proof of the scheme. However, it remained unclear whether the scheme is actually insecure, and if so, whether it can be repaired. Meanwhile, the construction has been heavily cited and continues to be extensively studied due to its technical novelty. In particular, this is the first lattice based \(\mathsf {ABE}\) which uses linear secret sharing schemes (LSSS) as a crucial tool to enforce access control. In this work, we show that the scheme is in fact insecure,if the scheme is instantiated by the linear secret sharing scheme specified in the paper. To do so, we provide a polynomial-time attack that completely breaks the security of the scheme. We suggest a route to fix the security of the scheme, via the notion of admissible LSSS and instantiate these for the class of DNFs. Subsequent to our work, Datta et al. (Eurocrypt 2021) provided a construction of admissible \(\mathsf {LSSS}\) for \({\mathsf {NC}}_1\) and resurrected Boyen’s claimed result.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

Data availability

Not applicable.

Code availability

Not applicable.

Notes

  1. Boyen does not specify the conversion algorithm.

  2. We omit the two optimizations mentioned in the original scheme. One of the optimizations has a problem, we discuss it in Appendix  6.

  3. This part in the original description of Boyen’s scheme has a problem. We discuss this in Appendix  6.

  4. As we noted in the introduction, a fix for the scheme is provided by the recent work [9].

  5. Before the presentation at TCC 2013, subset of authors contacted Boyen about the problem in the proof and an attack.

References

  1. Ajtai M.: Generating hard instances of the short basis problem. In: Wiedermann J., Boas P.E., and Nielsen M. (eds.), ICALP 99. LNCS, vol. 1644, pp. 1–9. Springer, Heidelberg (1999).

  2. Alwen J., Peikert C.: Generating shorter bases for hard random lattices. Theory Comput. Syst. 48(3), 535–553 (2011).

    Article  MathSciNet  Google Scholar 

  3. Amos B.: Secret-sharing schemes: a survey. In Chee Y.M., Guo Z., Ling S., Shao F., Tang Y., Wang H., Xing C. (eds.), Coding and Cryptology, pp. 11–46. Springer, Berlin, Heidelberg (2011).

  4. Bethencourt J., Sahai A., Waters B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy, pp. 321–334. IEEE Computer Society Press (2007).

  5. Boneh D.,Gentry C., Gorbunov S., Halevi S., Nikolaenko V., Segev G., Vaikuntanathan V. Vinayagamurthy D.: Fully key-homomorphic encryption, arithmetic circuit ABE and compact garbled circuits. In: Phong Q.N., Elisabeth O. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 533–556. Springer, Heidelberg (2014).

  6. Boyen X.: Attribute-based functional encryption on lattices. In: Amit S. (ed.), TCC 2013. LNCS, vol. 7785, pp. 122–142. Springer, Heidelberg (2013).

  7. Boyen X.: The presentation slides of ‘attribute-based encryption from post-quantum lattice assumptions’ (2013). http://ai.stanford.edu/~xb/tcc13/slides/index.html. Accessed 26 May (2020).

  8. Cash D., Hofheinz D., Kiltz E., Peikert C.: Bonsai trees, or how to delegate a lattice basis. J. Cryptol. 25(4), 601–639 (2012).

    Article  MathSciNet  Google Scholar 

  9. Datta P., Komargodski I., Waters B.: Decentralized multi-authority abe for dnfs from lwe. In: Eurocrypt (2021).

  10. Gentry C., Peikert C., Vaikuntanathan V.: Trapdoors for hard lattices and new cryptographic constructions. In Ladner R.E., Dwork C. (eds.), 40th ACM STOC, pp. 197–206. ACM Press (2008).

  11. Gorbunov S., Vaikuntanathan V., Wee H.: Attribute-based encryption for circuits. In: Boneh D., Roughgarden T., Feigenbaum J. (eds.), 45th ACM STOC, pp. 545–554. ACM Press, New York (2013).

  12. Goyal V., Pandey O., Sahai A., Waters B.: Attribute-based encryption for fine-grained access control of encrypted data. In Juels A., Wright R.N., di Vimercati S.D.C. (eds.), ACM CCS 2006, pp. 89–98. Cryptology ePrint Archive Report 2006/309. ACM Press, October/November (2006).

  13. Lewko A., Waters B.: Decentralizing attribute-based encryption. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 568–588. Springer, New York (2011).

  14. Lewko A.B., Okamoto T., Sahai A., Takashima K., Waters B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert H. (ed.), EUROCRYPT 2010. LNCS, vol. 6110, pp. 62–91. Springer, Heidelberg (2010).

  15. Lewko A., Waters,B.: Decentralizing attribute-based encryption. In: Paterson Kenneth G. (ed.) EUROCRYPT 2011. LNCS. Springer, Heidelberg (2011).

  16. Lewko A., Waters B.: Unbounded HIBE and attribute-based encryption. In: Paterson K.G. (ed.), EUROCRYPT 2011. LNCS, vol. 6632, pp. 547–567. Springer, Heidelberg (2011).

  17. Lewko A., Waters B.: New proof methods for attribute-based encryption: achieving full security through selective techniques. In: Reihaneh S.-N., Ran C. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 180–198. Springer, Heidelberg (2012).

  18. Lyubashevsky V.: Lattice signatures without trapdoors. In: Pointcheval D.,Thomas J., (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738–755. Springer, Heidelberg (2012).

  19. Micciancio D., Goldwasser, S.: Complexity of lAttice Problems—a Cryptograhic Perspective of The Kluwer International Series in Engineering and Computer Science, vol. 671. Springer, New York (2002).

  20. Micciancio D., Peikert C.: Trapdoors for lattices: simpler, tighter, faster, smaller. In: Pointcheval D., Thomas J. (eds.), EUROCRYPT 2012. LNCS, vol. 7237, pp. 700–718. Springer, Heidelberg (2012).

  21. Miltersen P.B., Radhakrishnan J., Wegener I.: On converting CNF to DNF. Theoret. Comput. Sci. 347(1), 325–335 (2005).

    Article  MathSciNet  Google Scholar 

  22. Tatsuaki O., Katsuyuki T.: Fully secure functional encryption with general relations from the decisional linear assumption. In: Tal R. (ed.), CRYPTO 2010. LNCS, vol. 6223, pp. 191–208. Springer, Heidelberg (2010).

  23. Sahai A., Waters B.R.: Fuzzy identity-based encryption. In: Ronald C. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005).

  24. Waters B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano D., Fazio N., Gennaro R., Nicolosi A.(eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011).

Download references

Funding

Dr. Agrawal is supported by the DST “Swarnajayanti” fellowship, an Indo-French CEFIPRA project and the CCD Centre of Excellence.

Author information

Authors and Affiliations

  1. IIT Madras, Chennai, India

    Shweta Agrawal & Rajarshi Biswas

  2. NTT Social Informatics Laboratories, Tokyo, Japan

    Ryo Nishimaki & Keita Xagawa

  3. Shanghai Key Laboratory of Privacy-Preserving Computation, Shanghai, China

    Xiang Xie

  4. National Institute of Advanced Industrial Science and Technology (AIST), Tokyo, Japan

    Shota Yamada

Authors
  1. Shweta Agrawal
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Rajarshi Biswas
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Ryo Nishimaki
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Keita Xagawa
    View author publications

    You can also search for this author inPubMed Google Scholar

  5. Xiang Xie
    View author publications

    You can also search for this author inPubMed Google Scholar

  6. Shota Yamada
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Shota Yamada.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Communicated by J. H. Cheon.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Agrawal, S., Biswas, R., Nishimaki, R. et al. Cryptanalysis of Boyen’s attribute-based encryption scheme in TCC 2013. Des. Codes Cryptogr. 90, 2301–2318 (2022). https://doi.org/10.1007/s10623-022-01076-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-022-01076-6

Keywords

Mathematics Subject Classification