Skip to main content
SpringerLink
Log in

Leakage-resilient \(\textsf {IBE} \)/\(\textsf {ABE} \)  with optimal leakage rates from lattices

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

We derive the first adaptively secure identity-based encryption (\(\textsf {IBE} \)) and attribute-based encryption (\(\textsf {ABE} \)) for t-conjunctive normal form formula (t-CNF), and selectively secure \(\textsf {ABE} \) for general circuits from lattices, with \(1-o(1)\) leakage rates, in the both relative leakage model and bounded retrieval model (\(\textsf {BRM} \)). To achieve this, we first identify a new fine-grained security notion for \(\textsf {ABE} \)—partially adaptive/selective security, and instantiate this notion from the learning with errors (\(\textsf {LWE} \)) assumption. Then, by using this notion, we design a new key compressing mechanism for identity-based/attributed-based weak hash proof system (\(\textsf {IB} \)/\(\textsf {AB} \)-\(\textsf {wHPS} \)) for various policy classes, achieving (1) succinct secret keys and (2) adaptive/selective security matching the existing non-leakage resilient lattice-based designs. Using the existing connection between weak hash proof system and leakage resilient encryption, the succinct-key \(\textsf {IB} \)/\(\textsf {AB} \)-\(\textsf {wHPS} \) can yield the desired leakage resilient \(\textsf {IBE} \)/\(\textsf {ABE} \) schemes with the optimal leakage rates in the relative leakage model. Finally, by further improving the prior analysis of the compatible locally computable extractors, we can achieve the optimal leakage rates in the \(\textsf {BRM} \).

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

Notes

  1. Here, we do not consider the case of randomizing the keys of \(\textsf {PKE} \) and \(\textsf {IBE} \), as our main leakage-resilience results focus on bounded leakage case, rather than continual leakage case.

  2. This is the dual class for t-\(\textsf {CNF} \) used in [40]. Particularly, for t-\(\textsf {CNF} ^*\), an assignment x is viewed as the policy function and the description of t-\(\textsf {CNF} \) is viewed as an attribute. In the general circuit model, the above reverse treatments are reasonable in theory. We use the dual class as we are working on key-policy ABE while the prior work [40] worked on ciphertext-policy ABE.

  3. Implicitly, we assume that the input min-entropy of an extractor is at least the security parameter \(\kappa \). And such an extractor will be applied on the encapsulated key \(k=(k_i)_{i\in [n]}\in \{0,1\}^n\). Thus, the length of tolerated key-leakage should be \(\ell =n-\kappa \). Moreover, it is implicitly assumed that \(o(|\textsf {wHPS} _\Vert .\textsf {sk} |)\approx \kappa \), as \(\textsf {wHPS} _\Vert .\textsf {sk} \) consists of a number of basic secret key \(\textsf {PKE} .\textsf {sk} \) and \(\kappa =o(|\textsf {PKE} .\textsf {sk} |)\).

  4. For certain applications, q should be prime.

  5. For a general definition itself on \(\textsf {ABE} \), there are not strict requirements on whether the size |f| is fixed for all \(f\in \mathcal {F}_{\kappa }\), and whether the size \(|\textsf {sk} _f|\) is independent of |f|. But for the instantiation of lattice-based \(\textsf {ABE} \), we always set an upper bound for the circuit size |f|, and let \(|\textsf {sk} _f|\) depend on the depth of f, rather than |f|. Besides, with the consideration of leakage resilience, we assume that \(\textsf {sk} _f\) for arbitrary \(f\in \mathcal {F}_{\kappa }\) can be encoded as bit-strings with fixed length.

  6. Notice that in the above experiment \(\textbf{Exp}_{\textsf {ABE} ,\mathcal {A}}^{\textsf{LR}}(\kappa ,\ell ,\omega )\), we allow the adversary to interleave key queries in Test Stage 1 and leakage queries in \(\omega \)-Leakage queries Stage, in an arbitrary way.

  7. For the case that \(\textsf {sk} :=S= (S_1,\dots , S_m)\) is an \(m \times e\) block source as in [42], we define leakage functions \(f_i:\{0,1\}^*\rightarrow \{0,1\}^{\ell }\) independently for each block \(S_i\) with all \(i\in [m]\). We say \((f_1,\ldots ,f_m)\) are block leakage functions, if the min-entropy of \(S_i\) is still large enough even given leakage \((f_1(S_1),\ldots ,f_{i-1}(S_{i-1}))\) for any \(i\in [m]\). Clearly, when \(m=1\), this is the trivial case in Definition 2.11. Here, we call \(\frac{m\ell }{|\textsf {sk} |}\) the block leakage rate of the corresponding scheme.

  8. The formal definition of \(\mathcal {F}\wedge _{\Vert } \mathcal {G} \) is presented in the following Definition 3.4.

  9. Clearly, the domain of \(h_y\) is \([n']\). And the parameter \(n^\prime \), whose concrete setting is described in Sect. 6.3, is set to achieve the optimal leakage rate for the encryption in the bounded-retrieval model.

  10. The subset \(\{r_1,\ldots ,r_t\}\) must be randomly chosen, as it is an important property for the analysis of locally computable extractor in Sect. 6.2.

  11. Recall that the function s(f) denotes the size of the extra part of the secret key, excluding the description of the function.

References

  1. Agrawal D., Archambeault B., Rao J.R., Rohatgi P.: The EM side-channel(s). In: Kaliski B.S. Jr., Koç Ç.K., Paar C. (eds.) CHES 2002, volume 2523 of LNCS, pp. 29–45. Springer, Heidelberg (2003).

    Google Scholar 

  2. Agrawal S., Freeman D.M., Vaikuntanathan V.: Functional encryption for inner product predicates from learning with errors. In: Lee D.H., Wang X. (eds.) ASIACRYPT 2011, volume 7073 of LNCS, vol. 7073, pp. 21–40. Springer, Heidelberg (2011).

    Google Scholar 

  3. Agrawal S., Boneh D., Boyen X.: Efficient lattice (H)IBE in the standard model. In Gilbert [23], pp. 553–572.

  4. Akavia A., Goldwasser S., Vaikuntanathan V.: Simultaneous hardcore bits and cryptography against memory attacks. In: Reingold O. (ed.) TCC 2009, volume 5444 of LNCS, vol. 5444, pp. 474–495. Springer, Heidelberg (2009).

    Google Scholar 

  5. Alwen J., Peikert C.: Generating shorter bases for hard random lattices. Theory Comput. Syst. 48(3), 535–553 (2010).

    Article  MathSciNet  Google Scholar 

  6. Alwen J., Dodis Y., Naor M., Segev G., Walfish S., Wichs D.: Public-key encryption in the bounded-retrieval model. In Gilbert [23], pp. 113–134.

  7. Alwen J., Dodis Y., Wichs D.: Leakage-resilient public-key cryptography in the bounded-retrieval model. In Halevi [28], pp. 36–54.

  8. Apon D., Fan X., Liu F.-H.: Vector encoding over lattices and its applications. Cryptology ePrint Archive, Report 2017/455, (2017). http://eprint.iacr.org/2017/455

  9. Bellare M., Ristenpart T.: Simulation without the artificial abort: simplified proof and improved concrete security for Waters’ IBE scheme. In: Joux A. (ed.) EUROCRYPT 2009, volume 5479 of LNCS, vol. 5479, pp. 407–424. Springer, Heidelberg (2009).

    Google Scholar 

  10. Boneh D., Gentry C., Gorbunov S., Halevi S., Nikolaenko V., Segev G., Vaikuntanathan V., Vinayagamurthy D.: Fully key-homomorphic encryption, arithmetic circuit ABE and compact garbled circuits. In: Nguyen P.Q., Oswald E. (eds.) EUROCRYPT 2014, volume 8441 of LNCS, vol. 8441, pp. 533–556. Springer, Heidelberg (2014).

    Google Scholar 

  11. Brakerski Z., Goldwasser S.: Circular and leakage resilient public-key encryption under subgroup indistinguishability- (or: Quadratic residuosity strikes back). In: Rabin T. (ed.) CRYPTO 2010, volume 6223 of LNCS, vol. 6223, pp. 1–20. Springer, Heidelberg (2010).

    Google Scholar 

  12. Brakerski Z., Kalai Y.T., Katz J., Vaikuntanathan V.: Overcoming the hole in the bucket: Public-key cryptography resilient to continual memory leakage. In FOCS 2010 [22], pp. 501–510.

  13. Brakerski Z., Langlois A., Peikert C., Regev O., Stehlé D.: Classical hardness of learning with errors. In: Boneh D., Roughgarden T., Feigenbaum J. (eds.) 45th ACM STOC, pp. 575–584. ACM Press (2013).

  14. Brakerski Z., Lombardi A., Segev G., Vaikuntanathan V.: Anonymous IBE, leakage resilience and circular security from new assumptions. In: Nielsen J.B., Rijmen V. (eds.) EUROCRYPT 2018, Part I, volume 10820 of LNCS, pp. 535–564. Springer, Heidelberg (2018).

    Google Scholar 

  15. Chen J., Gay R., Wee H.: Improved dual system ABE in prime-order groups via predicate encodings. In: Oswald E., Fischlin M. (eds.) EUROCRYPT 2015, Part II, volume 9057 of LNCS, pp. 595–624. Springer, Heidelberg (2015).

    Google Scholar 

  16. Cramer R., Shoup V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen L.R. (ed.) EUROCRYPT 2002, volume 2332 of LNCS, pp. 45–64. Springer, Heidelberg (2002).

    Google Scholar 

  17. Dodis Y., Ostrovsky R., Reyzin L., Smith A.D.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008).

    Article  MathSciNet  Google Scholar 

  18. Dodis Y., Goldwasser S., Kalai Y.T., Peikert C., Vaikuntanathan V.: Public-key encryption schemes with auxiliary inputs. In Micciancio [37], pp. 361–381.

  19. Dodis Y., Haralambiev K., López-Alt A., Wichs D.: Cryptography against continuous memory attacks. In FOCS 2010 [22], pp. 511–520.

  20. Dziembowski S.: On forward-secure storage (extended abstract). In: Dwork C. (ed.) CRYPTO 2006, volume 4117 of LNCS, vol. 4117, pp. 251–270. Springer, Heidelberg (2006).

    Google Scholar 

  21. Faust S., Mukherjee P., Nielsen J.B., Venturi D.: Continuous non-malleable codes. In Lindell [35], pp. 465–488.

  22. Gong J., Chen J., Dong X., Cao Z., Tang S.: Extended nested dual system groups, revisited. In: Cheng C.-M., Chung K.-M., Persiano G., Yang B.-Y. (eds.) PKC 2016, Part I, volume 9614 of LNCS, pp. 133–163. Springer, Heidelberg (2016).

    Google Scholar 

  23. Gorbunov S., Vinayagamurthy D.: Riding on asymmetry: efficient ABE for branching programs. In: Iwata T., Cheon J.H. (eds.) ASIACRYPT 2015, Part I, volume 9452 of LNCS, pp. 550–574. Springer, Heidelberg (2015).

    Google Scholar 

  24. Gorbunov S., Vaikuntanathan V., Wee H.: Functional encryption with bounded collusions via multi-party computation. In Safavi-Naini and Canetti [44], pp. 162–179.

  25. Haldermany J.A.: Lest we remember: cold boot attacks on encryption keys. Commun. ACM 52(5), 91–98 (2008).

    Article  Google Scholar 

  26. Hazay C., López-Alt A., Wee H., Wichs D.: Leakage-resilient cryptography from minimal assumptions. In: Johansson T., Nguyen P.Q. (eds.) EUROCRYPT 2013, volume 7881 of LNCS, vol. 7881, pp. 160–176. Springer, Heidelberg (2013).

    Google Scholar 

  27. Kiayias A., Liu F.-H., Tselekounis Y.: Practical non-malleable codes from l-more extractable hash functions. In: Weippl E.R., Katzenbeisser S., Kruegel C., Myers A.C., Halevi S. (eds.) ACM CCS 2016, pp. 1317–1328. ACM Press, New York (2016).

    Google Scholar 

  28. Kocher P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz N. (ed.) CRYPTO’96, volume 1109 of LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996).

    Google Scholar 

  29. Lai Q., Liu F.-H., Wang Z.: Leakage-resilient IBE/ ABE with optimal leakage rates from lattices. In: Hanaoka G., Shikata J., Watanabe Y. (eds.) PKC 2022, Part II, volume 13178 of LNCS, pp. 225–255. Springer, Heidelberg (2022).

    Google Scholar 

  30. Lewko A.B., Waters B.: New techniques for dual system encryption and fully secure HIBE with short ciphertexts. In Micciancio [37], pp. 455–479.

  31. Lewko A.B., Rouselakis Y., Waters B.: Achieving leakage resilience through dual system encryption. In: Ishai Y. (ed.) TCC 2011, volume 6597 of LNCS, vol. 6597, pp. 70–88. Springer, Heidelberg (2011).

    Google Scholar 

  32. Liu F.-H., Lysyanskaya A.: Tamper and leakage resilience in the split-state model. In Safavi-Naini and Canetti [44], pp. 517–532.

  33. Micciancio D., Peikert C.: Trapdoors for lattices: simpler, tighter, faster, smaller. In: Pointcheval D., Johansson T. (eds.) EUROCRYPT 2012, volume 7237 of LNCS, vol. 7237, pp. 700–718. Springer, Heidelberg (2012).

    Google Scholar 

  34. Naor M., Segev G.: Public-key cryptosystems resilient to key leakage. In Halevi [28], pp. 18–35.

  35. Nisan N., Zuckerman D.: Randomness is Linear in Space. Academic Press, Inc., Cambridge (1996).

    Book  Google Scholar 

  36. Nishimaki R., Yamakawa T.: Leakage-resilient identity-based encryption in bounded retrieval model with nearly optimal leakage-ratio. In: Lin D., Sako K. (eds.) PKC 2019, Part I, volume 11442 of LNCS, pp. 466–495. Springer, Heidelberg (2019).

    Google Scholar 

  37. Peikert C.: Public-key cryptosystems from the worst-case shortest vector problem: extended abstract. In: Mitzenmacher M. (ed.) 41st ACM STOC, pp. 333–342. ACM Press (2009).

  38. Regev O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow H.N., Fagin R. (eds.) 37th ACM STOC, pp. 84–93. ACM Press (2005).

  39. Sahai A., Waters B.R.: Fuzzy identity-based encryption. In: Cramer R. (ed), EUROCRYPT 2005, volume 3494 of LNCS, pp. 457–473. Springer, Heidelberg (2005).

  40. Tsabary R.: Fully secure attribute-based encryption for t-CNF from LWE. In Boldyreva, A., Micciancio, D. (eds), CRYPTO 2019, Part I, volume 11692 of LNCS, pp. 62–85. Springer, Heidelberg (2019).

  41. Vadhan S.P.: On constructing locally computable extractors and cryptosystems in the bounded storage model. In Boneh D. (ed), CRYPTO 2003, volume 2729 of LNCS, pp. 61–77. Springer, Heidelberg (2003).

  42. Vadhan S.P.: Pseudorandomness. Found. Trends Theor. Comput. Sci. 7(13), 1–336 (2012).

    Article  MathSciNet  Google Scholar 

  43. Waters B.: Dual system encryption: Realizing fully secure IBE and HIBE under simple assumptions. In Halevi [28], pp. 619–636.

  44. Wee H.: Dual system encryption via predicate encodings. In Lindell [35], pp. 616–637.

  45. Zhang L., Zhang J., Mu Y.: Novel leakage-resilient attribute-based encryption from hash proof system. Comput. J. 60(4), 541–554, 09 (2016).

    Google Scholar 

  46. Zhang M., Zhang Y., Su Y., Huang Q., Mu Y.: Attribute-based hash proof system under learning-with-errors assumption in obfuscator-free and leakage-resilient environments. IEEE Syst. J. 11(2), 1018–1026 (2017).

    Article  ADS  Google Scholar 

Download references

Acknowledgements

We would like to thank the reviewers of PKC 2022 for their insightful advices. Qiqi Lai is supported by the National Natural Science Foundation of China (Grant Nos. 62172266, 61802241), and Henan Key Laboratory of Network Cryptography Technology (Grant No. LNCT2021-A03). Feng-Hao Liu is supported by the NSF Career Award CNS-1942400. Zhedong Wang is supported by the National Science Foundation of China (Grant No. 62202305) and the Shanghai Pujiang Program (Grant No. 22PJ1407700).

Author information

Authors and Affiliations

  1. School of Computer Science, Shaanxi Normal University, Xi’an, China

    Qiqi Lai

  2. State Key Laboratory of Cryptology, P. O. Box 5159, Beijing, 100878, China

    Qiqi Lai & Zhedong Wang

  3. Washington State University, Pullman, WA, USA

    Feng-Hao Liu

  4. School of Cyber Science and Engineering, Shanghai Jiao Tong University, Shanghai, China

    Zhedong Wang

Authors
  1. Qiqi Lai
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Feng-Hao Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhedong Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhedong Wang.

Additional information

Communicated by D. Stehle.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Supplementary Information

Below is the link to the electronic supplementary material.

Supplementary file 1 (pdf 257 KB)

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lai, Q., Liu, FH. & Wang, Z. Leakage-resilient \(\textsf {IBE} \)/\(\textsf {ABE} \)  with optimal leakage rates from lattices. Des. Codes Cryptogr. (2024). https://doi.org/10.1007/s10623-024-01358-1

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10623-024-01358-1

Keywords

Mathematics Subject Classification

Search

Navigation