International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Dynamic Collusion Functional Encryption and Multi-Authority Attribute-Based Encryption

Authors:
Rachit Garg , UT Austin
Rishab Goyal , UW-Madison
George Lu , UT Austin
Download:
Search ePrint
Search Google
Presentation: Slides
Conference: PKC 2024
Abstract: Functional Encryption (FE) is a powerful notion of encryp- tion which enables computations and partial message recovery of en- crypted data. In FE, each decryption key is associated with a function f such that decryption recovers the function evaluation f(m) from an encryption of m. Informally, security states that a user with access to function keys skf1 , skf2 , . . . (and so on) can only learn f1(m), f2(m), . . . (and so on) but nothing more about the message. The system is said to be q-bounded collusion resistant if the security holds as long as an adversary gets access to at most q = q(�) decryption keys. However, until very recently, all these works studied bounded col- lusion resistance in a static model, where the collusion bound q was a global system parameter. While the static model has led to many great applications, it has major drawbacks. Recently, Agrawal et al. (Crypto 2021) and Garg et al. (Eurocrypt 2022) introduced the dynamic model for bounded collusion resistance, where the collusion bound q was a fluid parameter, not globally set, but chosen by each encryptor. The dynamic model enabled harnessing many virtues of the static model, while avoid- ing its various drawbacks. In this work, we provide a generic compiler to upgrade any FE scheme from the static model to the dynamic model. We also extend our techniques to multi-authority attribute-based en- cryption (MA-ABE). We show that bounded collusion MA-ABE sup- porting predicates that can be represented as an e�cient computational secret sharing (CSS) scheme can be built from minimal assumptions. Ef- ficient CSS schemes are known for access structures whose characteristic function can be computed by a polynomial-size monotone circuit under the existence of one-way functions [Yao89, unpublished]. Thus, our MA- ABE construction is the first MA-ABE scheme from standard assump- tions for predicates beyond polynomial-size monotone boolean formula. Our construction also satisfies full adaptive security in the Random Or- acle Model.
BibTeX
@inproceedings{pkc-2024-33716,
  title={Dynamic Collusion Functional Encryption and Multi-Authority Attribute-Based Encryption},
  publisher={Springer-Verlag},
  author={Rachit Garg and Rishab Goyal and George Lu},
  year=2024
}