Two Efficient Tag-Based Encryption Schemes on Lattices

  • Xueqing WangEmail author
  • Biao Wang
  • Rui XueEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10631)


Tag-based encryption (TBE) is a generalization of public-key encryption (PKE), in which both the encryption and the decryption algorithms take a tag as an extra input, which is potentially useful. However, in contrast to TBE schemes with various types of security and under traditional number-theoretic assumptions, as far as we know, there is only one lattice-based TBE scheme with selective-tag security, which, in fact, is under a variant of DLWE assumption.

In this paper, we propose two efficient TBE schemes, both of which have adaptive-tag security and are under the standard DLWE assumption. For efficiency, we adopt, in both schemes, a particular q-ary lattice equipped with efficient LWE inversion and preimage sampling algorithms, which are efficiently available for solving the related problems on a general q-ary lattice. The probabilistic partition technique is used to achieve the adaptive-tag security. On the other hand, we mainly embed the preimage sampling problem into the first scheme and the LWE inversion problem into the second one, the latter of which has a smaller modulus and a smaller approximation factor.

Our schemes can be applied to construct IND-CCA2 secure PKE schemes and to design protocols that securely realizes the secure message transmission functionality in a hybrid model. Additionally, our first scheme can also be used to construct an adaptively secure identity-based encryption (IBE) scheme with more efficient secret-key extraction algorithm than those in well-known IBE schemes.


Tag-based encryption DLWE Adaptive security Probabilistic partitioning technique G-trapdoor 



This work is supported by National Natural Science Foundation of China (No. 61402471, 61472414, 61602061, 61772514), and IIE’s Cryptography Research Project.


  1. [ABB10]
    Agrawal, S., Boneh, D., Boyen, X.: Efficient lattice (H)IBE in the standard model. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 553–572. Springer, Heidelberg (2010). Scholar
  2. [Ajt99]
    Ajtai, M.: Generating hard instances of the short basis problem. In: Wiedermann, J., van Emde Boas, P., Nielsen, M. (eds.) ICALP 1999. LNCS, vol. 1644, pp. 1–9. Springer, Heidelberg (1999). Scholar
  3. [AP11]
    Alwen, J., Peikert, C.: Generating shorter bases for hard random lattices. Theory Comput. Syst. 48(3), 535–553 (2011)MathSciNetCrossRefGoogle Scholar
  4. [Boy10]
    Boyen, X.: Lattice mixing and vanishing trapdoors: a framework for fully secure short signatures and more. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 499–517. Springer, Heidelberg (2010). Scholar
  5. [GPV08]
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC 2008, pp. 197–206. ACM (2008)Google Scholar
  6. [Kil06]
    Kiltz, E.: Chosen-ciphertext security from tag-based encryption. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 581–600. Springer, Heidelberg (2006). Scholar
  7. [MG02]
    Micciancio, D., Goldwasser, S.: Complexity of Lattice Problems, vol. 671, p. x,220. Springer, New York (2002). Scholar
  8. [MP12]
    Micciancio, D., Peikert, C.: Trapdoors for lattices: simpler, tighter, faster, smaller. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 700–718. Springer, Heidelberg (2012). Scholar
  9. [MR07]
    Micciancio, D., Regev, O.: Worst-case to average-case reductions based on gaussian measures. SIAM J. Comput. 37(1), 267–302 (2007)MathSciNetCrossRefGoogle Scholar
  10. [MRY04]
    MacKenzie, P., Reiter, M.K., Yang, K.: Alternatives to non-malleability: definitions, constructions, and applications. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 171–190. Springer, Heidelberg (2004). Scholar
  11. [Pei09]
    Peikert. C.: Public-key cryptosystems from the worst-case shortest vector problem. In: STOC 2009, pp. 333–342. ACM (2009)Google Scholar
  12. [Reg05]
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC 2005, pp. 84–93 (2005)Google Scholar
  13. [Sho01]
    Shoup, V.: A proposal for the ISO standard for public-key encryption (version 2.1). IACR E (2001)Google Scholar
  14. [SLLF15]
    Sun, X., Li, B., Lu, X., Fang, F.: CCA secure public key encryption scheme based on LWE without gaussian sampling. In: Lin, D., Wang, X.F., Yung, M. (eds.) Inscrypt 2015. LNCS, vol. 9589, pp. 361–378. Springer, Cham (2016). Scholar
  15. [Wat05]
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005). Scholar
  16. [Yam17]
    Yamada, S.: Asymptotically compact adaptively secure lattice IBEs and verifiable random functions via generalized partitioning techniques. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 161–193. Springer, Cham (2017). Scholar
  17. [ZCZ16]
    Zhang, J., Chen, Y., Zhang, Z.: Programmable hash functions from lattices: short signatures and IBEs with small key sizes. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 303–332. Springer, Heidelberg (2016). Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.School of Cyber SecurityUniversity of Chinese Academy of SciencesBeijingChina

Personalised recommendations