Improved (Hierarchical) Inner-Product Encryption from Lattices

نویسنده

  • Keita Xagawa
چکیده

Inner-product encryption (IPE) provides fine-grained access control and has attractive applications. Agrawal, Freeman, and Vaikuntanathan (Asiacrypt 2011) proposed the first IPE scheme from lattices by twisting the identity-based encryption (IBE) scheme by Agrawal, Boneh, and Boyen (Eurocrypt 2010). Their IPE scheme supports inner-product predicates over Rμ , where the ring is R = Zq . Several applications require the ring R to be exponentially large and, thus, they set q = 2O(n) to implement such applications. This choice results in the AFV IPE scheme with public parameters of size O(μn2 lg3 q) = O(μn5) and ciphertexts of size O(μn lg3 q) = O(μn4), where n is the security parameter. Hence, this makes the scheme impractical, as they noted. We address this efficiency issue by “untwisting” their twist and providing another twist. Our scheme supports inner-product predicates over Rμ where R = GF(qn ) instead of Zq . Our scheme has public parameters of size O(μn2 lg2 q) and ciphertexts of size O(μn lg2 q). Since the cardinality of GF(qn ) is inherently exponential in n, we have no need to set q as the exponential size for applications. As side contributions, we extend our IPE scheme to a hierarchical IPE (HIPE) scheme and propose a fuzzy IBE scheme from IPE. Our HIPE scheme is more efficient than that developed by Abdalla, De Caro, and Mochetti (Latincrypt 2012). Our fuzzy IBE is secure under a much weaker assumption than that employed by Agrawal et al. (PKC 2012), who constructed the first lattice-based fuzzy IBE scheme.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Lattice-Based Hierarchical Inner Product Encryption

The notion of inner-product encryption (IPE), introduced by Katz, Sahai, and Waters at Eurocrypt 2008, is a generalization of identity-based encryption in which ciphertexts and secret keys are associated to vectors in some finite field. In an IPE scheme, a ciphertext can only be decrypted by a secret key if the vector associated with the latter is orthogonal to that of the ciphertext. In its hi...

متن کامل

The relation and transformation between hierarchical inner product encryption and spatial encryption

Hierarchical inner product encryption (HIPE) and spatial encryption (SE) are two important classes of functional encryption (FE) that have numerous applications. Although HIPE and SE both involve some notion of linear algebra, the former works in vectors while the latter is based on (affine) spaces. Moreover, they currently possess different properties in terms of security, anonymity (payload/a...

متن کامل

Fully Secure Functional Encryption with General Relations from the Decisional Linear Assumption

This paper presents a fully secure functional encryption scheme for a wide class of relations, that are specified by non-monotone access structures combined with inner-product relations. The security is proven under a standard assumption, the decisional linear (DLIN) assumption, in the standard model. The proposed functional encryption scheme covers, as special cases, (1) key-policy, ciphertext...

متن کامل

Attribute - Hiding ( Hierarchical ) Inner Product Encryption ∗

This paper proposes the first inner product encryption (IPE) scheme that is adaptively secure and fully attribute-hiding (attribute-hiding in the sense of the definition by Katz, Sahai and Waters), while the existing IPE schemes are either fully attribute-hiding but selectively secure or adaptively secure but weakly attribute-hiding. The proposed IPE scheme is proven to be adaptively secure and...

متن کامل

Forward-Secure Hierarchical Predicate Encryption

Secrecy of decryption keys is an important pre-requisite for security of any encryption scheme and compromised private keys must be immediately replaced. Forward Security (FS), introduced to Public Key Encryption (PKE) by Canetti, Halevi, and Katz (Eurocrypt 2003), reduces damage from compromised keys by guaranteeing confidentiality of messages that were encrypted prior to the compromise event....

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2013