Paper 2017/657

CCA-secure Predicate Encryption from Pair Encoding in Prime Order Groups: Generic and Efficient

Sanjit Chatterjee, Sayantan Mukherjee, and Tapas Pandit


Attrapadung (Eurocrypt 2014) proposed a generic framework called pair encoding to simplify the design and proof of security of CPA-secure predicate encryption (PE) in composite order groups. Later Attrapadung (Asiacrypt 2016) extended this idea in prime order groups. Yamada et al. (PKC 2011, PKC 2012) and Nandi et al. (ePrint Archive: 2015/457, AAECC 2017) proposed generic conversion frameworks to achieve CCA-secure PE from CPA-secure PE provided the encryption schemes have properties like delegation or verifiability. The delegation property is harder to achieve and verifiability based conversion degrades the decryption performance due to a large number of additional pairing evaluations. Blömer et al. (CT-RSA 2016) proposed a direct fully CCA-secure predicate encryption in composite order groups but it was less efficient as it needed a large number of pairing evaluations to check ciphertext consistency. As an alternative, Nandi et al. (ePrint Archive: 2015/955) proposed a direct conversion technique in composite order groups. We extend the direct conversion technique of Nandi et al. in the prime order groups on the CPA-secure PE construction by Attrapadung (Asiacrypt 2016) and prove our scheme to be CCA-secure in a quite different manner. Our first direct CCA-secure predicate encryption scheme requires exactly one additional ciphertext component and three additional units of pairing evaluation during decryption. The second construction requires exactly three additional ciphertext components but needs only one additional unit pairing evaluation during decryption. This is a significant improvement over conventional approach for CPA-to-CCA conversion in prime order groups.

Note: We have incorporated valuable suggestions by the reviewers of INDOCRYPT 2017.

Available format(s)
Publication info
Published elsewhere. Major revision. INDOCRYPT 2017
Predicate EncryptionCCA SecurityPair Encoding SchemeGeneric Conversion
Contact author(s)
sayantan besus @ gmail com
2017-10-23: revised
2017-07-05: received
See all versions
Short URL
Creative Commons Attribution


      author = {Sanjit Chatterjee and Sayantan Mukherjee and Tapas Pandit},
      title = {{CCA}-secure Predicate Encryption from Pair Encoding in Prime Order Groups: Generic and Efficient},
      howpublished = {Cryptology ePrint Archive, Paper 2017/657},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.