Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Ciphertext-Policy ABE for $\mathsf{NC}^1$ Circuits with Constant-Size Ciphertexts from Succinct LWE

Jiaqi Liu, Yuanyi Zhang, Fang-Wei Fu

Abstract

We construct a lattice-based ciphertext-policy attribute-based encryption (CP-ABE) scheme for $\mathsf{NC}^1$ access policies with constant-size ciphertexts. Let $λ$ be the security parameter. For an $\mathsf{NC}^1$ circuit of depth $d$ and size $s$ on $\ell$-bit inputs, our scheme has the public-key and ciphertext sizes $O(1)$ (independent of $d$), and secret-key size $O(\ell)$, where the $O(\cdot)$ hides $\operatorname{poly}(λ)$ factors. As an application, we obtain a broadcast encryption scheme for $N$ users with ciphertext size $\operatorname{poly}(λ)$ independent of $\log N$ and key sizes $\operatorname{poly}(λ,\log N)$. Our construction is selectively secure in the standard model under the $\operatorname{poly}(λ)$-succinct LWE assumption introduced by Wee (CRYPTO~2024).

Ciphertext-Policy ABE for $\mathsf{NC}^1$ Circuits with Constant-Size Ciphertexts from Succinct LWE

Abstract

We construct a lattice-based ciphertext-policy attribute-based encryption (CP-ABE) scheme for access policies with constant-size ciphertexts. Let be the security parameter. For an circuit of depth and size on -bit inputs, our scheme has the public-key and ciphertext sizes (independent of ), and secret-key size , where the hides factors. As an application, we obtain a broadcast encryption scheme for users with ciphertext size independent of and key sizes . Our construction is selectively secure in the standard model under the -succinct LWE assumption introduced by Wee (CRYPTO~2024).
Paper Structure (14 sections, 26 theorems, 53 equations)

This paper contains 14 sections, 26 theorems, 53 equations.

Table of Contents

  1. Introduction
  2. Our results
  3. Related Works
  4. Paper Organization
  5. Technical Overviews
  6. Our schemes
  7. Static Security
  8. Preliminaries
  9. Matrix commitment
  10. $\mathsf{LSSS}\xspace$ and $\mathsf{CP}\xspace\text{-}\mathsf{ABE}\xspace$ for $\mathsf{LSSS}\xspace$-realizable Access Structures
  11. $\mathsf{CP}\xspace\text{-}\mathsf{ABE}\xspace$ for $\mathsf{LSSS}\xspace$ from the $\ell$-succinct $\mathsf{LWE}\xspace$ Assumption
  12. Correctness
  13. Selective Security
  14. Broadcast Encryption

Key Result

Lemma 1

Let $\lambda$ be a security parameter and $\sigma=\sigma(\lambda)$ be a Gaussian width parameter. Then for all polynomials $n=n(\lambda)$, there exists a negligible function $\mathop{\mathrm{negl}}\nolimits(\lambda)$ such that for all $\lambda\in\mathbb{N}$,

Theorems & Definitions (47)

  • Lemma 1
  • Lemma 2: BDE18
  • Lemma 3: GPV08MP12
  • Corollary 1: WWW22, adapted
  • Lemma 4: Leftover hash lemma, ABB10
  • Lemma 5: Leftover hash lemma with trapdoor
  • proof
  • Lemma 6
  • proof
  • Lemma 7
  • ...and 37 more