Fuzzy Identity Based Encryption from Lattices

Cryptosystems based on the hardness of lattice problems have recently acquired much importance due to their average-case to worst-case equivalence, their conjectured resistance to quantum cryptanalysis, their ease of implementation and increasing practicality, and, lately, their promising potential as a platform for constructing advanced functionalities. In this work, we construct “Fuzzy” Identity Based Encryption from the hardness of the Learning With Errors (LWE) problem. We note that for our parameters, the underlying lattice problems (such as gapSVP or SIVP) are assumed to be hard to approximate within supexponential factors for adversaries running in subexponential time. We give CPA and CCA secure variants of our construction, for small and large universes of attributes. All are secure against selective-identity attacks in the standard model. Our construction is made possible by observing certain special properties that secret sharing schemes need to satisfy in order to be useful for Fuzzy IBE. We also discuss some obstacles towards realizing lattice-based attributebased encryption (ABE). ∗UCLA. E-mail: [email protected] Research supported in part from a DARPA/ONR PROCEED award, and NSF grants 1118096, 1065276, 0916574 and 0830803. †PARC—Palo Alto Research Center. E-mail: [email protected] ‡University of Toronto. E-mail: [email protected] §UCSD. E-mail: [email protected] ¶Queens College, CUNY. E-mail: [email protected]. Supported by NSF CAREER Award CNS-0953626, and the US Army Research laboratory and the UK Ministry of Defence under agreement number W911NF-06-3-0001. The views and conclusions contained in this document are those of the author and should not be interpreted as representing the official policies, either expressed or implied, of the US Army Research Laboratory, the US Government, the UK Ministry of Defense, or the UK Government.