Paper 2012/403

Fully Private Revocable Predicate Encryption

Juan Manuel Gonzälez Nieto, Mark Manulis, and Dongdong Sun

Abstract

We introduce the concept of \emph{Revocable Predicate Encryption (RPE)}, which extends the previous PE setting with revocation support: private keys can be used to decrypt an RPE ciphertext only if they match the decryption policy (defined via attributes encoded into the ciphertext and predicates associated with private keys) and were not revoked by the time the ciphertext was created. The first challenge in RPE schemes is to preserve privacy for RPE ciphertexts, namely to ensure the \emph{attribute-hiding} property, which is inherent to traditional PE constructions, and which implies the more basic property of payload hiding, used in the context of Attribute-Based Encryption (ABE). We formalize the notion of attribute hiding in the presence of revocation and propose our first RPE construction, called AH-RPE, which is attribute-hiding under the Decision Linear assumption in the standard model. In the AH-RPE scheme we deploy the revocation system of Lewko, Sahai, and Waters (IEEE S\&P 2010), introduced for a simpler setting of broadcast encryption, which we modify for integration with the payload-hiding ABE scheme of Okamoto and Takashima (CRYPTO 2010), after making the latter attribute-hiding by borrowing additional techniques from Lewko, Okamoto, Sahai, Takashima, and Waters (Eurocrypt 2010). As a second major step we show that RPE schemes may admit more stringent privacy requirements in comparison to PE schemes, especially when it comes to the revocation of private keys. In addition to attribute-hiding, RPE ciphertexts should ideally not leak any information about the revoked keys and by this about the revoked users. We formalize this stronger privacy notion, termed \emph{full hiding}, and propose another RPE scheme, called FH-RPE, which achieves this notion in the setting of ``sender-local revocation'' of Attrapadung and Imai (Cryptography and Coding 2009), under the same assumptions as our AH-RPE construction. Our FH-RPE scheme is also based on the attribute-hiding variant of Okamoto and Takashima's ABE scheme, yet with a different revocation method, in which we integrate the Subset-Cover Framework of Naor, Naor, and Lotspiech (CRYPTO 2001) for better efficiency.

Note: Minor update on p. 2.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Proceedings of the 17th Australasian Conference on Information Security and Privacy (ACISP 2012).
Keywords
predicate-based encryptionrevocationprivacyfull-hiding
Contact author(s)
j gonzaleznieto @ qut edu au
mark @ manulis eu
dd sun @ student qut edu au
History
2012-08-18: revised
2012-07-24: received
See all versions
Short URL
https://ia.cr/2012/403
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2012/403,
      author = {Juan Manuel Gonzälez Nieto and Mark Manulis and Dongdong Sun},
      title = {Fully Private Revocable Predicate Encryption},
      howpublished = {Cryptology {ePrint} Archive, Paper 2012/403},
      year = {2012},
      url = {https://eprint.iacr.org/2012/403}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.