Multi-Authority Attribute-Based Encryption Scheme from Lattices

Access control can selectively restrict access to sensitive information stored by third-party sites on the Internet. Attribute-based encryption (ABE) schemes can strengthen the effective combination of flexibility and operability of access control. They allow one sender to encrypt a message for more than one recipient, and to specify who should be able to decrypt, using attributes alone. Since 2005, many powerful ABE schemes have been presented, but there are two types of problem that haven’t be efficiently resolved so far. On the one hand, as practical extension of identity-based encryption (IBE) schemes, ABE schemes are also confronted with key escrow problem. On the other hand, attribute set belonging to one user is usually monitored by different authorities in this era of collaboration. Multi-authority ABE (MA-ABE) schemes can simultaneously resolve these problems, but now they have not been thoroughly investigated yet. More precisely, MA-ABE schemes against quantum attack are the main barrier of the development of ABE schemes in a ‘post-quantum’ world. In this paper, we firstly present a MA-ABE scheme from lattices, in which identities of users are authenticated by a central authority, which improves the efficiency of authentication. Furthermore, different attribute private keys are still distributed by different authorities, and the central authority cannot obtain any secret information of other attribute authorities, which resolves key escrow problem to some extent. In MAABE, attribute private keys belonging to one user are generated by different authorities, and how to ensure correct decryption is one of the crux of schemes. Our scheme gives a simple solution, and each user’s attribute private keys are combined using sharing of common public information to automatically realize correct decryption. To our best knowledge, this is the first MA-ABE scheme from lattices, and it is more efficient than the MA-ABE presented by Melissa Chase. Finally, we present a multi-authority large universe ABE scheme, in which the sizes of the public key and the ciphertext are only relative to the number of the attribute authorities, and a user will be able to decrypt a ciphertext if and only if he has at least tK attributes from each authority K.