Paper 2023/565

Decentralized Multi-Authority Attribute-Based Inner-Product FE: Large Universe and Unbounded

Pratish Datta, NTT Research, USA
Tapas Pal, NTT Social Informatics Laboratories, Japan
Abstract

This paper presents the first decentralized multi-authority attribute-based inner product functional encryption (MA-ABIPFE) schemes supporting vectors of a priori unbounded lengths. The notion of AB-IPFE, introduced by Abdalla et al. [ASIACRYPT 2020], combines the access control functionality of attribute-based encryption (ABE) with the possibility of evaluating linear functions on encrypted data. A decentralized MA-ABIPFE defined by Agrawal et al. [TCC 2021] essentially enhances the ABE component of AB-IPFE to the decentralized multi-authority setting where several authorities can independently issue user keys involving attributes under their control. In MA-ABIPFE for unbounded vectors (MA-ABUIPFE), encryptors can encrypt vectors of arbitrary length under access policies of their choice whereas authorities can issue secret keys to users involving attributes under their control and vectors of arbitrary lengths. Decryption works in the same way as for MA-ABIPFE provided the lengths of the vectors within the ciphertext and secret keys match. We present two MA-ABUIPFE schemes supporting access policies realizable by linear secret sharing schemes (LSSS), in the significantly faster prime-order bilinear groups under decisional assumptions based on the target groups which are known to be weaker compared to their counterparts based in the source groups. The proposed schemes demonstrate different trade-offs between versatility and underlying assumptions. The first scheme allows each authority to control a bounded number of attributes and is proven secure under the well-studied decisional bilinear Diffie-Hellman (DBDH) assumption. On the other hand, the second scheme allows authorities to control exponentially many attributes, that is, supports large attribute universe, and is proven secure under a non-interactive q-type variant of the DBDH assumption called L-DBDH, similar to what was used in prior large-universe multi-authority ABE (MA-ABE) construction. When compared with the only known MA-ABIPFE scheme due to Agrawal et al. [TCC 2021], our schemes offer significantly higher efficiency while offering greater flexibility and security under weaker assumptions at the same time. Moreover, unlike Agrawal et al., our schemes can support the appearance of the same attributes within an access policy arbitrarily many times. Since efficiency and practicality is the prime focus of this work, we prove the security of our constructions in the random oracle model against static adversaries similar to prior works on MA-ABE with similar motivations and assumptions. On the technical side, we extend the unbounded IPFE techniques of Dufour-Sans and Pointcheval [ACNS 2019] to the context of MA-ABUIPFE by introducing a novel hash-decomposition technique.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
A major revision of an IACR publication in PKC 2023
Keywords
decentralizedmulti-authorityABEinner product FEprime-order bilinear groupsdecisional BDH
Contact author(s)
pratish datta @ ntt-research com
tapas pal wh @ hco ntt co jp
History
2023-04-24: approved
2023-04-20: received
See all versions
Short URL
https://ia.cr/2023/565
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/565,
      author = {Pratish Datta and Tapas Pal},
      title = {Decentralized Multi-Authority Attribute-Based Inner-Product FE: Large Universe and Unbounded},
      howpublished = {Cryptology ePrint Archive, Paper 2023/565},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/565}},
      url = {https://eprint.iacr.org/2023/565}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.