In this paper, we bridge this gap by showing the first feasibility results for realizing unidirectional UE and PRE from a new generic primitive that we call Key and Plaintext Homomorphic Encryption (KPHE) – a public-key encryption scheme that supports additive homomorphisms on its plaintext and key spaces simultaneously. We show that KPHE can be instantiated from DDH or LWE. This yields, in particular, the first constructions of unidirectional UE and PRE from DDH, as well as the first constructions of unidirectional UE and PRE from LWE that do not resort to FHE or lattice trapdoors.
Our constructions achieve the strongest notions of post-compromise security in the standard model. Our UE schemes also achieve “backwards-leak directionality” of key updates (a notion we discuss is equivalent, from a security perspective, to that of unidirectionality with no-key updates). Our results establish (somewhat surprisingly) that unidirectional UE and PRE schemes satisfying such strong security notions do not, in fact, require stronger/more structured cryptographic assumptions as compared to bidirectional schemes.
Category / Keywords: cryptographic protocols / Updatable Encryption, Proxy Re-encryption, Unidirectional, Backwards-Leak Directionality, IND-HRA security, Post-Compromise Security, Key and Plaintext Homomorphic Encryption Date: received 7 Mar 2022 Contact author: peihan at uic edu, sikharpatranabis at gmail com, gawatson at visa com Available format(s): PDF | BibTeX Citation Version: 20220307:125052 (All versions of this report) Short URL: ia.cr/2022/311