Paper 2022/1152

Fully Collusion Resistant Trace-and-Revoke Functional Encryption for Arbitrary Identities

Fucai Luo, Peng Cheng Laboratory
Saif Al-Kuwari, Hamad Bin Khalifa University
Haiyan Wang, Peng Cheng Laboratory
Xingfu Yan, South China Normal University

Functional Encryption (FE) has been extensively studied in the recent years, mainly focusing on the feasibility of constructing FE for general functionalities, as well as some realizations for restricted functionalities of practical interest, such as inner-product. However, little consideration has been given to the issue of key leakage on FE. The property of FE that allows multiple users to obtain the same functional keys from the holder of the master secret key raises an important problem: if some users leak their keys or collude to create a pirated decoder, how can we identify at least one of those users, given some information about the compromised keys or the pirated decoder? Moreover, how do we disable the decryption capabilities of those users (i.e. traitors)? Two recent works have offered potential solutions to the above traitor scenario. However, the two solutions satisfy weaker notions of security and traceability, can only tolerate bounded collusions (i.e., there is an a priori bound on the number of keys the pirated decoder obtains), or can only handle a polynomially large universe of possible identities. In this paper, we study trace-and-revoke mechanism on FE and provide the first construction of trace-and-revoke FE that supports arbitrary identities, is both fully collusion resistant and fully anonymous. Our construction relies on a generic transformation from revocable predicate functional encryption with broadcast (RPFE with broadcast, which is an extension of revocable predicate encryption with broadcast proposed by Kim and J. Wu at ASIACRYPT'2020) to trace-and-revoke FE. Since this construction admits a generic construction of trace-and-revoke inner-product FE (IPFE), we instantiate the trace-and-revoke IPFE from the well-studied Learning with Errors (LWE). This is achieved by proposing a new LWE-based attribute-based IPFE (ABIPFE) scheme to instantiate RPFE with broadcast.

Available format(s)
Public-key cryptography
Publication info
Functional encryption; Trace-and-revoke system
Contact author(s)
lfucai @ 126 com
smalkuwari @ hbku edu qa
wanghy01 @ pcl ac cn
xfyan78 @ 163 com
2022-09-14: revised
2022-09-05: received
See all versions
Short URL
Creative Commons Attribution-NonCommercial-ShareAlike


      author = {Fucai Luo and Saif Al-Kuwari and Haiyan Wang and Xingfu Yan},
      title = {Fully Collusion Resistant Trace-and-Revoke Functional Encryption for Arbitrary Identities},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1152},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.