### On Access Control Encryption without Sanitization

##### Abstract

Access Control Encryption (ACE) allows to control information flow between parties by enforcing a policy that specifies which user can send messages to whom. The core of the scheme is a sanitizer, i.e., an entity that ''sanitizes'' all messages by essentially re-encrypting the ciphertexts under its key. In this work we investigate the natural question of whether it is still possible to achieve some meaningful security properties in scenarios when such a sanitization step is not possible. We answer positively by showing that it is possible to limit corrupted users to communicate only through insecure subliminal channels, under the necessary assumption that parties do not have pre-shared randomness. Moreover, we show that the bandwidth of such channels can be limited to be O(log(n)) by adding public ciphertext verifiability to the scheme under computational assumptions. In particular, we rely on a new security definition for obfuscation, Game Specific Obfuscation (GSO), which is a weaker definition than VBB, as it only requires the obfuscator to obfuscate programs in a specific family of programs, and limited to a fixed security game.

Available format(s)
Category
Cryptographic protocols
Publication info
Published elsewhere. SCN 2022
Keywords
public key encryption access control subliminal channels predicate encryption obfuscation
Contact author(s)
cecilia bo @ cs technion ac il
ivan @ cs au dk
orlandi @ cs au dk
History
2022-06-29: approved
See all versions
Short URL
https://ia.cr/2022/854

CC BY

BibTeX

@misc{cryptoeprint:2022/854,
author = {Cecilia Boschini and Ivan Damgård and Claudio Orlandi},
title = {On Access Control Encryption without Sanitization},
howpublished = {Cryptology ePrint Archive, Paper 2022/854},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/854}},
url = {https://eprint.iacr.org/2022/854}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.