Cryptology ePrint Archive: Report 2014/428

Dual System Encryption via Doubly Selective Security: Framework, Fully-secure Functional Encryption for Regular Languages, and More

Nuttapong Attrapadung

Abstract: Dual system encryption techniques introduced by Waters in Crypto'09 are powerful approaches for constructing fully secure functional encryption (FE) for many predicates. However, there are still some FE for certain predicates to which dual system encryption techniques seem inapplicable, and hence their fully-secure realization remains an important problem. A notable example is FE for regular languages, introduced by Waters in Crypto'12. \\

We propose a generic framework that abstracts the concept of dual system encryption techniques. We introduce a new primitive called \emph{pair encoding} scheme for predicates and show that it implies fully secure functional encryption (for the same predicates) via a generic construction. Using the framework, we obtain the first fully secure schemes for functional encryption primitives of which only selectively secure schemes were known so far. Our three main instantiations include FE for regular languages, unbounded attribute-based encryption (ABE) for large universes, and ABE with constant-size ciphertexts. \\

Our main ingredient for overcoming the barrier of inapplicability for the dual system techniques to certain predicates is a computational security notion of the pair encoding scheme which we call \emph{doubly selective security}. This is in contrast with most of the previous dual system based schemes, where information-theoretic security are implicitly utilized. The doubly selective security notion resembles that of selective security and its complementary notion, co-selective security, and hence its name. Our framework can be regarded as a method for boosting doubly selectively security (of encoding) to full security (of functional encryption). \\

Besides generality of our framework, we remark that improved security is also obtained, as our security proof enjoys tighter reduction than previous schemes, notably the reduction cost does not depend on the number of all queries, but only that of \emph{pre-challenged} queries.

Category / Keywords: public-key cryptography / Dual system encryption, Functional encryption for regular languages, Attribute-based encryption, Constant-size ciphertexts, Full security, Unified framework, Tighter reduction

Original Publication (with major differences): IACR-EUROCRYPT-2014

Date: received 4 Jun 2014, last revised 12 Jun 2014

Contact author: n attrapadung at aist go jp

Available format(s): PDF | BibTeX Citation

Note: 2014/06/13: Several typos fixed.

Version: 20140613:053515 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]