Paper 2020/228

Optimal Broadcast Encryption from Pairings and LWE

Shweta Agrawal and Shota Yamada


Boneh, Waters and Zhandry (CRYPTO 2014) used multilinear maps to provide a solution to the long-standing problem of public-key broadcast encryption (BE) where all parameters in the system are small. In this work, we improve their result by providing a solution that uses only bilinear maps and Learning With Errors (LWE). Our scheme is fully collusion-resistant against any number of colluders, and can be generalized to an identity-based broadcast system with short parameters. Thus, we reclaim the problem of optimal broadcast encryption from the land of “Obfustopia”. Our main technical contribution is a ciphertext policy attribute based encryption (CP-ABE) scheme which achieves special efficiency properties – its ciphertext size, secret key size, and public key size are all independent of the size of the circuits supported by the scheme. We show that this special CP-ABE scheme implies BE with optimal parameters; but it may also be of independent interest. Our constructions rely on a novel interplay of bilinear maps and LWE, and are proven secure in the generic group model.

Available format(s)
Public-key cryptography
Publication info
Published by the IACR in EUROCRYPT 2020
broadcast encryptionlatticespairings
Contact author(s)
shweta a @ gmail com
yamada-shota @ aist go jp
2020-02-21: received
Short URL
Creative Commons Attribution


      author = {Shweta Agrawal and Shota Yamada},
      title = {Optimal Broadcast Encryption from Pairings and LWE},
      howpublished = {Cryptology ePrint Archive, Paper 2020/228},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.