| Title | : | Ciphertext policy attribute based encryption based on LWE |
| Speaker | : | Rajarshi Biswas (IITM) |
| Details | : | Wed, 10 Apr, 2019 2:00 PM @ ALC Room |
| Abstract: | : | Access control on encrypted data is a desirable property in many applications e.g. encrypted storage in distributed environments. This can be achieved by public key encryption schemes but the main disadvantage is that implementing any access control policy requires the encryptor to encrypt separately to each user that satisfies the policy. Attribute based encryption (ABE) is a cryptographic scheme that overcomes this disadvantage by letting the encryptor encrypt a message directly to a policy and letting users’ keys be issued according to credentials. In more detail, a ciphertext is associated with a pair (P, m) where P is an access control policy and m is a message, and a user is provided a key corresponding to credentials x. The ciphertext can be decrypted to reveal m if and only if P(x) = 1. ABE can be categorized into to two types depending on whether the access-structure (policy) is embedded in the ciphertext, namely ciphertext-policy ABE, or in the key, namely key-policy ABE. While key-policy ABE schemes (KP-ABE) have received a lot of attention [BS03, SW05, GPSW06, OSW07, GGH+13, BNS13, HW13, Boy13], and can be constructed from various standard assumptions, much less is known about ciphertext-policy schemes (CP-ABE). The few known constructions [BSW07, Wat11] are restrictive in the policies they can support and are all based on various assumptions on bilinear maps. Since CP-ABE are arguably more natural than KP-ABE, it is important to address this gap. In this work, we construct the first ciphertext policy attribute-based encryption (ABE) system for circuits with short ciphertexts from lattices. The security of our solution is based on the sub exponential hardness of the learning with errors (LWE) problem. We construct our attribute-based system using techniques from the KP-ABE scheme of Boneh et al. [BGG+14] and homomorphic signatures (HTDF) by Gorbunov et al. [GVW15]. However our scheme is only secure when the adversary is limited to making a single key request, i.e. single key CP-ABE. Additionally, we show that key-policy attribute-based encryption scheme based on linear secret sharing schemes (LSSS) by Boyen [Boy13] is completely insecure against a general ABE adversary. We demonstrate an attack based on bonsai lattice basis extension technique by [CHKP10] which allows an adversary to obtain secret keys for policies and decrypt cipher-texts encrypted under attributes which do not satisfy the policy. |
