Paper 2018/636

Lattice-Based Dual Receiver Encryption and More

Daode Zhang, Kai Zhang, Bao Li, Xianhui Lu, Haiyang Xue, and Jie Li


Dual receiver encryption (DRE), proposed by Diament et al. at ACM CCS 2004, is a special extension notion of public-key encryption, which enables two independent receivers to decrypt a ciphertext into a same plaintext. This primitive is quite useful in designing combined public key cryptosystems and denial of service attack-resilient protocols. Up till now, a series of DRE schemes are constructed from bilinear pairing groups and lattices. In this work, we introduce a construction of lattice-based DRE. Our scheme is indistinguishable against chosen-ciphertext attacks (IND-CCA) from the standard Learning with Errors (LWE) assumption with a public key of bit-size about $2nm\log q$, where $m$ and $q$ are small polynomials in $n$. Additionally, for the DRE notion in the identity-based setting, identity-based DRE (IB-DRE), we also give a lattice-based IB-DRE scheme that achieves chosen-plaintext and adaptively chosen identity security based on the LWE assumption with public parameter size about $(2\ell +1)nm\log q$, where $\ell$ is the bit-size of the identity in the scheme.

Available format(s)
Publication info
Published elsewhere. MINOR revision.ACISP 2018
LatticesDual Receiver EncryptionIdentity-Based Dual Receiver EncryptionLearning with ErrorsProvable Security
Contact author(s)
zhangdaode0119 @ gmail com
2018-07-04: revised
2018-07-03: received
See all versions
Short URL
Creative Commons Attribution


      author = {Daode Zhang and Kai Zhang and Bao Li and Xianhui Lu and Haiyang Xue and Jie Li},
      title = {Lattice-Based Dual Receiver Encryption and More},
      howpublished = {Cryptology ePrint Archive, Paper 2018/636},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.