## Cryptology ePrint Archive: Report 2018/636

Lattice-Based Dual Receiver Encryption and More

Daode Zhang and Kai Zhang and Bao Li and Xianhui Lu and Haiyang Xue and Jie Li

Abstract: Dual receiver encryption (DRE), proposed by Diament et al. at ACM CCS 2004, is a special extension notion of public-key encryption, which enables two independent receivers to decrypt a ciphertext into a same plaintext. This primitive is quite useful in designing combined public key cryptosystems and denial of service attack-resilient protocols. Up till now, a series of DRE schemes are constructed from bilinear pairing groups and lattices. In this work, we introduce a construction of lattice-based DRE. Our scheme is indistinguishable against chosen-ciphertext attacks (IND-CCA) from the standard Learning with Errors (LWE) assumption with a public key of bit-size about $2nm\log q$, where $m$ and $q$ are small polynomials in $n$. Additionally, for the DRE notion in the identity-based setting, identity-based DRE (IB-DRE), we also give a lattice-based IB-DRE scheme that achieves chosen-plaintext and adaptively chosen identity security based on the LWE assumption with public parameter size about $(2\ell +1)nm\log q$, where $\ell$ is the bit-size of the identity in the scheme.

Category / Keywords: Lattices, Dual Receiver Encryption, Identity-Based Dual Receiver Encryption, Learning with Errors, Provable Security

Original Publication (with minor differences): ACISP 2018

Date: received 27 Jun 2018, last revised 3 Jul 2018

Contact author: zhangdaode0119 at gmail com

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2018/636

[ Cryptology ePrint archive ]