Theory of Cryptography Conference

TCC 2016: Theory of Cryptography pp 299-329

Deniable Attribute Based Encryption for Branching Programs from LWE

Conference paper

DOI: 10.1007/978-3-662-53644-5_12

Volume 9986 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Apon D., Fan X., Liu FH. (2016) Deniable Attribute Based Encryption for Branching Programs from LWE. In: Hirt M., Smith A. (eds) Theory of Cryptography. TCC 2016. Lecture Notes in Computer Science, vol 9986. Springer, Berlin, Heidelberg

Abstract

Deniable encryption (Canetti et al. CRYPTO ’97) is an intriguing primitive that provides a security guarantee against not only eavesdropping attacks as required by semantic security, but also stronger coercion attacks performed after the fact. The concept of deniability has later demonstrated useful and powerful in many other contexts, such as leakage resilience, adaptive security of protocols, and security against selective opening attacks. Despite its conceptual usefulness, our understanding of how to construct deniable primitives under standard assumptions is restricted.

In particular from standard lattice assumptions, i.e. Learning with Errors (LWE), we have only flexibly and non-negligible advantage deniable public-key encryption schemes, whereas with the much stronger assumption of indistinguishable obfuscation, we can obtain at least fully sender-deniable PKE and computation. How to achieve deniability for other more advanced encryption schemes under standard assumptions remains an interesting open question.

In this work, we construct a flexibly bi-deniable Attribute-Based Encryption (ABE) scheme for all polynomial-size Branching Programs from LWE. Our techniques involve new ways of manipulating Gaussian noise that may be of independent interest, and lead to a significantly sharper analysis of noise growth in Dual Regev type encryption schemes. We hope these ideas give insight into achieving deniability and related properties for further, advanced cryptographic systems from lattice assumptions.

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.University of MarylandCollege ParkUSA
  2. 2.Cornell UniversityIthacaUSA
  3. 3.Florida Atlantic UniversityBoca RatonUSA