Paper 2021/343
Adaptive Security via Deletion in Attribute-Based Encryption: Solutions from Search Assumptions in Bilinear Groups
Rishab Goyal, Jiahui Liu, and Brent Waters
Abstract
One of the primary research challenges in Attribute-Based Encryption (ABE) is constructing and proving cryptosystems that are adaptively secure. To date the main paradigm for achieving adaptive security in ABE is dual system encryption. However, almost all such solutions in bilinear groups rely on (variants of) either the subgroup decision problem over composite order groups or the decision linear assumption. Both of these assumptions are decisional rather than search assumptions and the target of the assumption is a source or bilinear group element. This is in contrast to earlier selectively secure ABE systems which can be proven secure from either the decisional or search Bilinear Diffie-Hellman assumption. In this work we make progress on closing this gap by giving a new ABE construction for the subset functionality and prove security under the Search Bilinear Diffie-Hellman assumption. We first provide a framework for proving adaptive security in Attribute-Based Encryption systems. We introduce a concept of ABE with deletable attributes where any party can take a ciphertext encrypted under the attribute string $x \in \{0, 1\}^n$ and modify it into a ciphertext encrypted under any string $x' \in \{0, 1, \bot\}^n$ where $x'$ is derived by replacing any bits of $x$ with $\bot$ symbols (i.e. ``deleting" attributes of $x$). The semantics of the system are that any private key for a circuit $C$ can be used to decrypt a ciphertext associated with $x'$ if none of the input bits read by circuit $C$ are $\bot$ symbols and $C(x') = 1$. We show a pathway for combining ABE with deletable attributes with constrained psuedorandom functions to obtain adaptively secure ABE building upon the recent work of Tsabary. Our new ABE system will be adaptively secure and be a ciphertext-policy ABE that supports the same functionality as the underlying constrained PRF as long as the PRF is ``deletion conforming". Here we also provide a simple constrained PRF construction that gives subset functionality. Our approach enables us to access a broader array of Attribute-Based Encryption schemes support deletion of attributes. For example, we show that both the Goyal~et al.~(GPSW) and Boyen ABE schemes can trivially handle a deletion operation. And, by using a hardcore bit variant of GPSW scheme we obtain an adaptively secure ABE scheme under the Search Bilinear Diffie-Hellman assumption in addition to pseudo random functions in NC1. This gives the first adaptively secure ABE from a search assumption as all prior work relied on decision assumptions over source group elements.
Note: Full version of the Asiacrypt 2021 paper.
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- Published by the IACR in ASIACRYPT 2021
- Keywords
- attribute-basedbilinearadaptive securityconstrained PRFs
- Contact author(s)
-
goyal @ utexas edu
jiahui @ cs utexas edu
bwaters @ cs utexas edu - History
- 2021-09-14: revised
- 2021-03-17: received
- See all versions
- Short URL
- https://ia.cr/2021/343
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/343, author = {Rishab Goyal and Jiahui Liu and Brent Waters}, title = {Adaptive Security via Deletion in Attribute-Based Encryption: Solutions from Search Assumptions in Bilinear Groups}, howpublished = {Cryptology {ePrint} Archive, Paper 2021/343}, year = {2021}, url = {https://eprint.iacr.org/2021/343} }