Cryptology ePrint Archive: Report 2015/993
Bi-Deniable Inner Product Encryption from LWE
Daniel Apon and Xiong Fan and Feng-Hao Liu
Abstract: Deniable encryption (Canetti et al. CRYPTO '97) is an intriguing primitive that provides a security guarantee against not only eavesdropping attacks as required by semantic security, but also stronger coercion attacks performed after the fact. The concept of deniability has later demonstrated useful and powerful in many other contexts, such as leakage resilience, adaptive security of protocols, and security against selective opening attacks. Despite its conceptual usefulness, our understanding of how to construct deniable primitives under standard assumptions is restricted. In particular, from standard assumptions such as Learning with Errors (LWE), we have only multi-distributional or non-negligible advantage deniable encryption schemes, whereas with the much stronger assumption of indistinguishable obfuscation, we can obtain at least fully-secure sender-deniable PKE and computation. How to achieve deniability for other more advanced encryption schemes under standard assumptions remains an interesting open question.
In this work, we construct a bi-deniable inner product encryption (IPE) in the multi-distributional model without relying on obfuscation as a black box. Our techniques involve new ways of manipulating Gaussian noise, and lead to a significantly tighter analysis of noise growth in Dual Regev type encryption schemes. We hope these ideas can give insight into achieving deniability and related properties for further, advanced cryptographic constructions under standard assumptions.
Category / Keywords: public-key cryptography / lattice-based cryptography, inner product encryption, bi-deniability
Date: received 12 Oct 2015, last revised 1 Nov 2015
Contact author: dapon at cs umd edu
Available format(s): PDF | BibTeX Citation
Note: Cleaned up various typos
Version: 20151101:195852 (All versions of this report)
Short URL: ia.cr/2015/993
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]