Paper 2013/258

Witness Encryption and its Applications

Sanjam Garg, Craig Gentry, Amit Sahai, and Brent Waters

Abstract

We put forth the concept of \emph{witness encryption}. A witness encryption scheme is defined for an NP language $L$ (with corresponding witness relation $R$). In such a scheme, a user can encrypt a message $M$ to a particular problem instance $x$ to produce a ciphertext. A recipient of a ciphertext is able to decrypt the message if $x$ is in the language and the recipient knows a witness $w$ where $R(x,w)$ holds. However, if $x$ is not in the language, then no polynomial-time attacker can distinguish between encryptions of any two equal length messages. We emphasize that the encrypter himself may have no idea whether $x$ is actually in the language. Our contributions in this paper are threefold. First, we introduce and formally define witness encryption. Second, we show how to build several cryptographic primitives from witness encryption. Finally, we give a candidate construction based on the NP-complete \textsc{Exact Cover} problem and Garg, Gentry, and Halevi's recent construction of ``approximate" multilinear maps. Our method for witness encryption also yields the first candidate construction for an open problem posed by Rudich in 1989: constructing computational secret sharing schemes for an NP-complete access structure.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown status
Keywords
Multilinear Maps
Contact author(s)
sanjamg @ cs ucla edu
History
2014-04-18: last of 4 revisions
2013-05-08: received
See all versions
Short URL
https://ia.cr/2013/258
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/258,
      author = {Sanjam Garg and Craig Gentry and Amit Sahai and Brent Waters},
      title = {Witness Encryption and its Applications},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/258},
      year = {2013},
      url = {https://eprint.iacr.org/2013/258}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.