1 research outputs found
Witness Encryption and its Applications
We put forth the concept of \emph{witness encryption}. A witness encryption scheme is defined for an NP language (with corresponding witness relation ). In such a scheme, a user can encrypt a message to a particular problem instance to produce a ciphertext. A recipient of a ciphertext is able to decrypt the message if is in the language and the recipient knows a witness where holds. However, if is not in the language, then no polynomial-time attacker can distinguish between encryptions of any two equal length messages. We emphasize that the encrypter himself may have no idea whether is actually in the language.
Our contributions in this paper are threefold. First, we introduce and formally define witness encryption. Second, we show how to build several cryptographic primitives from witness encryption. Finally, we give a candidate construction based on the NP-complete \textsc{Exact Cover} problem and Garg, Gentry, and Halevi\u27s recent construction of ``approximate multilinear maps.
Our method for witness encryption also yields the first candidate construction for an open problem posed by Rudich in 1989: constructing computational secret sharing schemes for an NP-complete access structure