## Cryptology ePrint Archive: Report 2012/403

Fully Private Revocable Predicate Encryption

Juan Manuel González Nieto and Mark Manulis and Dongdong Sun

Abstract: We introduce the concept of \emph{Revocable Predicate Encryption (RPE)}, which extends the previous PE setting with revocation support: private keys can be used to decrypt an RPE ciphertext only if they match the decryption policy (defined via attributes encoded into the ciphertext and predicates associated with private keys) and were not revoked by the time the ciphertext was created.

The first challenge in RPE schemes is to preserve privacy for RPE ciphertexts, namely to ensure the \emph{attribute-hiding} property, which is inherent to traditional PE constructions, and which implies the more basic property of payload hiding, used in the context of Attribute-Based Encryption (ABE). We formalize the notion of attribute hiding in the presence of revocation and propose our first RPE construction, called AH-RPE, which is attribute-hiding under the Decision Linear assumption in the standard model. In the AH-RPE scheme we deploy the revocation system of Lewko, Sahai, and Waters (IEEE S\&P 2010), introduced for a simpler setting of broadcast encryption, which we modify for integration with the payload-hiding ABE scheme of Okamoto and Takashima (CRYPTO 2010), after making the latter attribute-hiding by borrowing additional techniques from Lewko, Okamoto, Sahai, Takashima, and Waters (Eurocrypt 2010).

As a second major step we show that RPE schemes may admit more stringent privacy requirements in comparison to PE schemes, especially when it comes to the revocation of private keys. In addition to attribute-hiding, RPE ciphertexts should ideally not leak any information about the revoked keys and by this about the revoked users. We formalize this stronger privacy notion, termed \emph{full hiding}, and propose another RPE scheme, called FH-RPE, which achieves this notion in the setting of sender-local revocation'' of Attrapadung and Imai (Cryptography and Coding 2009), under the same assumptions as our AH-RPE construction. Our FH-RPE scheme is also based on the attribute-hiding variant of Okamoto and Takashima's ABE scheme, yet with a different revocation method, in which we integrate the Subset-Cover Framework of Naor, Naor, and Lotspiech (CRYPTO 2001) for better efficiency.

Category / Keywords: public-key cryptography / predicate-based encryption, revocation, privacy, full-hiding

Publication Info: Proceedings of the 17th Australasian Conference on Information Security and Privacy (ACISP 2012).

Date: received 17 Jul 2012, last revised 18 Aug 2012

Contact author: j gonzaleznieto at qut edu au, mark@manulis eu, dd sun@student qut edu au

Available format(s): PDF | BibTeX Citation

Note: Minor update on p. 2.

Short URL: ia.cr/2012/403

[ Cryptology ePrint archive ]