User-Controlled Computations in Untrusted Computing Environments

Computing infrastructures are challenging and expensive to maintain. This led to the growth of cloud computing with users renting computing resources from centralized cloud providers. There is also a recent promise in providing decentralized computing resources from many participating users across the world. The compute on your own server model hence is no longer prominent. But, traditional computer architectures, which were designed to give a complete power to the owner of the computing infrastructure, continue to be used in deploying these new paradigms. This forces users to completely trust the infrastructure provider on all their data. The cryptography and security community research two different ways to tackle this problem. The first line of research involves developing powerful cryptographic constructs with formal security guarantees. The primitive of functional encryption (FE) formalizes the solutions where the clients do not interact with the sever during the computation. FE enables a user to provide computation-specific secret keys which the server can use to perform the user specified computations (and only those) on her encrypted data. The second line of research involves designing new hardware architectures which remove the infrastructure owner from the trust base. The solutions here tend to have better performance but their security guarantees are not well understood. This thesis provides contributions along both lines of research. In particular, 1) We develop a (single-key) functional encryption construction where the size of secret keys do not grow with the size of descriptions of the computations, while also providing a tighter security reduction to the underlying computational assumption. This construction supports the computation class of branching programs. Previous works for this computation class achieved either short keys or tighter security reductions but not both. 2) We formally model the primitive of trusted hardware inspired by Intel's Software Guard eXtensions (SGX). We then construct an FE scheme in a strong security model using this trusted hardware primitive. We implement this construction in our system Iron and evaluate its performance. Previously, the constructions in this model relied on heavy cryptographic tools and were not practical. 3) We design an encrypted database system StealthDB that provides complete SQL support. StealthDB is built on top of Intel SGX and designed with the usability and security limitations of SGX in mind. The StealthDB implementation on top of Postgres achieves practical performance (30% overhead over plaintext evaluation) with strong leakage profile against adversaries who get snapshot access to the memory of the system. It achieves a more gradual degradation in security against persistent adversaries than the prior designs that aimed at practical performance and complete SQL support. We finally survey the research on providing security against quantum adversaries to the building blocks of SGX

Functional Commitments for All Functions, with Transparent Setup and from SIS

A *functional commitment* scheme enables a user to concisely commit to a function from a specified family, then later concisely and verifiably reveal values of the function at desired inputs. Useful special cases, which have seen applications across cryptography, include vector commitments and polynomial commitments. To date, functional commitments have been constructed (under falsifiable assumptions) only for functions that are essentially *linear*, with one recent exception that works for arbitrarily complex functions. However, that scheme operates in a strong and non-standard model, requiring an online, trusted authority to generate special keys for any opened function inputs. In this work, we give the first functional commitment scheme for nonlinear functions---indeed, for *all functions* of any bounded complexity---under a standard setup and a falsifiable assumption. Specifically, the setup is ``transparent,\u27\u27 requiring only public randomness (and not any trusted entity), and the assumption is the hardness of the standard Short Integer Solution (SIS) lattice problem. Our construction also has other attractive features, including: *stateless updates* via generic composability; excellent *asymptotic efficiency* for the verifier, and also for the committer in important special cases like vector and polynomial commitments, via preprocessing; and *post-quantum security*, since it is based on SIS

Exploring Blockchain Governance

Blockchain systems continue to attract significant interest from both practitioners and researchers. What is more, blockchain systems come in various types, such as cryptocurrencies or as inter-organizational systems in business networks. As an example of a cryptocurrency, Bitcoin, one of the most prominent blockchain systems to date and born at the time of a major financial crisis, spearheaded the promise of relying on code and computation instead of a central governing entity. Proponents would argue that Bitcoin stood the test of time, as Bitcoin continues to operate to date for over a decade. However, these proponents overlook the never-ending, heated debates “behind the scenes” caused by diverging goals of central actors, which led to numerous alternative systems (forks) of Bitcoin. To accommodate these actors’ interests in the pursuit of their common goal is a tightrope act, and this is where this dissertation commences: blockchain governance. Based on the empirical examples of various types and application domains of blockchain systems, it is the goal of this dissertation to 1) uncover governance patterns by showing, how blockchain systems are governed, 2) derive governance challenges faced or caused by blockchain systems, and, consequently, to 3) contribute to a better understanding to what blockchain governance is. This dissertation includes four parts, each of these covering different thematical areas: In the first part, this dissertation focuses on obtaining a better understanding of blockchain governance’s context of reference by studying blockchain systems from various application domains and system types, for example, led by inter-organizational networks, states, or an independent group of actors. The second part, then, focuses on a blockchain as an inter-organizational system called “cardossier”, a project I was involved in, and its governance as a frame of reference. Hereupon, for one, I report on learnings from my project involvement in the form of managerial guidelines, and, for two, I report on structural problems within cardossier, and problems caused by membership growth and how they can be resolved. The third part focuses on a wider study of blockchains as inter-organizational systems, where I summarize findings of an analysis of 19 blockchain consortia. The findings, for one, answer the question of why blockchain consortia adopt blockchain technology, and, for two, show internal and external challenges these systems faced to derive managerial recommendations. The fourth and last part studies blockchain governance’s evolution and contributes an analysis of blockchain’s governance features and its contrast to established modes of governance. These four parts, altogether, have scientific value as they increase our understanding on blockchain governance. Consequently, this dissertation contributes to the body of knowledge on modes of governance, distributed system governance, and blockchain governance in general. I do so, by grounding the concept of blockchain governance in empirical detail, showing how these systems are governed on various application domains and system types, and by studying empirical challenges faced or caused by these systems. This approach is relevant and necessary, as blockchain systems in general, but particularly outside of cryptocurrencies, mostly still are in pursuit of a sustainable blockchain governance. As blockchains can be expected to continue to mature, the upcoming years offer very fruitful ground for empirical research along the empirical insights and theoretical lines shown in this dissertation

Challenges in Cybersecurity and Privacy - the European Research Landscape

Cybersecurity and Privacy issues are becoming an important barrier for a trusted and dependable global digital society development. Cyber-criminals are continuously shifting their cyber-attacks specially against cyber-physical systems and IoT, since they present additional vulnerabilities due to their constrained capabilities, their unattended nature and the usage of potential untrustworthiness components. Likewise, identity-theft, fraud, personal data leakages, and other related cyber-crimes are continuously evolving, causing important damages and privacy problems for European citizens in both virtual and physical scenarios. In this context, new holistic approaches, methodologies, techniques and tools are needed to cope with those issues, and mitigate cyberattacks, by employing novel cyber-situational awareness frameworks, risk analysis and modeling, threat intelligent systems, cyber-threat information sharing methods, advanced big-data analysis techniques as well as exploiting the benefits from latest technologies such as SDN/NFV and Cloud systems. In addition, novel privacy-preserving techniques, and crypto-privacy mechanisms, identity and eID management systems, trust services, and recommendations are needed to protect citizens’ privacy while keeping usability levels. The European Commission is addressing the challenge through different means, including the Horizon 2020 Research and Innovation program, thereby financing innovative projects that can cope with the increasing cyberthreat landscape. This book introduces several cybersecurity and privacy research challenges and how they are being addressed in the scope of 15 European research projects. Each chapter is dedicated to a different funded European Research project, which aims to cope with digital security and privacy aspects, risks, threats and cybersecurity issues from a different perspective. Each chapter includes the project’s overviews and objectives, the particular challenges they are covering, research achievements on security and privacy, as well as the techniques, outcomes, and evaluations accomplished in the scope of the EU project. The book is the result of a collaborative effort among relative ongoing European Research projects in the field of privacy and security as well as related cybersecurity fields, and it is intended to explain how these projects meet the main cybersecurity and privacy challenges faced in Europe. Namely, the EU projects analyzed in the book are: ANASTACIA, SAINT, YAKSHA, FORTIKA, CYBECO, SISSDEN, CIPSEC, CS-AWARE. RED-Alert, Truessec.eu. ARIES, LIGHTest, CREDENTIAL, FutureTrust, LEPS. Challenges in Cybersecurity and Privacy - the European Research Landscape is ideal for personnel in computer/communication industries as well as academic staff and master/research students in computer science and communications networks interested in learning about cyber-security and privacy aspects

Efficient signature verification and key revocation using identity based cryptography

Cryptography deals with the development and evaluation of procedures for securing digital information. It is essential whenever multiple entities want to communicate safely. One task of cryptography concerns digital signatures and the verification of a signer’s legitimacy requires trustworthy authentication and authorization. This is achieved by deploying cryptographic keys. When dynamic membership behavior and identity theft come into play, revocation of keys has to be addressed. Additionally, in use cases with limited networking, computational, or storage resources, efficiency is a key requirement for any solution. In this work we present a solution for signature verification and key revocation in constraned environments, e.g., in the Internet of Things (IoT). Where other mechanisms generate expensive overheads, we achieve revocation through a single multicast message without significant computational or storage overhead. Exploiting Identity Based Cryptography (IBC) complements the approach with efficient creation and verification of signatures. Our solution offers a framework for transforming a suitable signature scheme to a so-called Key Updatable Signature Scheme (KUSS) in three steps. Each step defines mathematical conditions for transformation and precise security notions. Thereby, the framework allows a novel combination of efficient Identity Based Signature (IBS) schemes with revocation mechanisms originally designed for confidentiality in group communications. Practical applicability of our framework is demonstrated by transforming four well-established IBS schemes based on Elliptic Curve Cryptography (ECC). The security of the resulting group Identity Based Signature (gIBS) schemes is carefully analyzed with techniques of Provable Security. We design and implement a testbed for evaluating these kind of cryptographic schemes on different computing- and networking hardware, typical for constrained environments. Measurements on this testbed provide evidence that the transformations are practicable and efficient. The revocation complexity in turn is significantly reduced compared to existing solutions. Some of our new schemes even outperform the signing process of the widely used Elliptic Curve Digital Signature Algorithm (ECDSA). The presented transformations allow future application on schemes beyond IBS or ECC. This includes use cases dealing with Post-Quantum Cryptography, where the revocation efficiency is similarly relevant. Our work provides the basis for such solutions currently under investigation.Die Kryptographie ist ein Instrument der Informationssicherheit und beschäftigt sich mit der Entwicklung und Evaluierung von Algorithmen zur Sicherung digitaler Werte. Sie ist für die sichere Kommunikation zwischen mehreren Entitäten unerlässlich. Ein Bestandteil sind digitale Signaturen, für deren Erstellung man kryptographische Schlüssel benötigt. Bei der Verifikation muss zusätzlich die Authentizität und die Autorisierung des Unterzeichners gewährleistet werden. Dafür müssen Schlüssel vertrauensvoll verteilt und verwaltet werden. Wenn sie in Kommunikationssystemen mit häufig wechselnden Teilnehmern zum Einsatz kommen, müssen die Schlüssel auch widerruflich sein. In Anwendungsfällen mit eingeschränkter Netz-, Rechen- und Speicherkapazität ist die Effizienz ein wichtiges Kriterium. Diese Arbeit liefert ein Rahmenwerk, mit dem Schlüssel effizient widerrufen und Signaturen effizient verifiziert werden können. Dabei fokussieren wir uns auf Szenarien aus dem Bereich des Internets der Dinge (IoT, Internet of Things). Im Gegensatz zu anderen Lösungen ermöglicht unser Ansatz den Widerruf von Schlüsseln mit einer einzelnen Nachricht innerhalb einer Kommunikationsgruppe. Dabei fällt nur geringer zusätzlicher Rechen- oder Speicheraufwand an. Ferner vervollständigt die Verwendung von Identitätsbasierter Kryptographie (IBC, Identity Based Cryptography) unsere Lösung mit effizienter Erstellung und Verifikation der Signaturen. Hierfür liefert die Arbeit eine dreistufige mathematische Transformation von geeigneten Signaturverfahren zu sogenannten Key Updatable Signature Schemes (KUSS). Neben einer präzisen Definition der Sicherheitsziele werden für jeden Schritt mathematische Vorbedingungen zur Transformation festgelegt. Dies ermöglicht die innovative Kombination von Identitätsbasierten Signaturen (IBS, Identity Based Signature) mit effizienten und sicheren Mechanismen zum Schlüsselaustausch, die ursprünglich für vertrauliche Gruppenkommunikation entwickelt wurden. Wir zeigen die erfolgreiche Anwendung der Transformationen auf vier etablierten IBSVerfahren. Die ausschließliche Verwendung von Verfahren auf Basis der Elliptic Curve Cryptography (ECC) erlaubt es, den geringen Kapazitäten der Zielgeräte gerecht zu werden. Eine Analyse aller vier sogenannten group Identity Based Signature (gIBS) Verfahren mit Techniken aus dem Forschungsgebiet der Beweisbaren Sicherheit zeigt, dass die zuvor definierten Sicherheitsziele erreicht werden. Zur praktischen Evaluierung unserer und ähnlicher kryptographischer Verfahren wird in dieser Arbeit eine Testumgebung entwickelt und mit IoT-typischen Rechen- und Netzmodulen bestückt. Hierdurch zeigt sich sowohl die praktische Anwendbarkeit der Transformationen als auch eine deutliche Reduktion der Komplexität gegenüber anderen Lösungsansätzen. Einige der von uns vorgeschlagenen Verfahren unterbieten gar die Laufzeiten des meistgenutzten Elliptic Curve Digital Signature Algorithm (ECDSA) bei der Erstellung der Signaturen. Die Systematik der Lösung erlaubt prinzipiell auch die Transformation von Verfahren jenseits von IBS und ECC. Dadurch können auch Anwendungsfälle aus dem Bereich der Post-Quanten-Kryptographie von unseren Ergebnissen profitieren. Die vorliegende Arbeit liefert die nötigen Grundlagen für solche Erweiterungen, die aktuell diskutiert und entwickelt werden

New Security Definitions, Constructions and Applications of Proxy Re-Encryption

La externalización de la gestión de la información es una práctica cada vez más común, siendo la computación en la nube (en inglés, cloud computing) el paradigma más representativo. Sin embargo, este enfoque genera también preocupación con respecto a la seguridad y privacidad debido a la inherente pérdida del control sobre los datos. Las soluciones tradicionales, principalmente basadas en la aplicación de políticas y estrategias de control de acceso, solo reducen el problema a una cuestión de confianza, que puede romperse fácilmente por los proveedores de servicio, tanto de forma accidental como intencionada. Por lo tanto, proteger la información externalizada, y al mismo tiempo, reducir la confianza que es necesario establecer con los proveedores de servicio, se convierte en un objetivo inmediato. Las soluciones basadas en criptografía son un mecanismo crucial de cara a este fin. Esta tesis está dedicada al estudio de un criptosistema llamado recifrado delegado (en inglés, proxy re-encryption), que constituye una solución práctica a este problema, tanto desde el punto de vista funcional como de eficiencia. El recifrado delegado es un tipo de cifrado de clave pública que permite delegar en una entidad la capacidad de transformar textos cifrados de una clave pública a otra, sin que pueda obtener ninguna información sobre el mensaje subyacente. Desde un punto de vista funcional, el recifrado delegado puede verse como un medio de delegación segura de acceso a información cifrada, por lo que representa un candidato natural para construir mecanismos de control de acceso criptográficos. Aparte de esto, este tipo de cifrado es, en sí mismo, de gran interés teórico, ya que sus definiciones de seguridad deben balancear al mismo tiempo la seguridad de los textos cifrados con la posibilidad de transformarlos mediante el recifrado, lo que supone una estimulante dicotomía. Las contribuciones de esta tesis siguen un enfoque transversal, ya que van desde las propias definiciones de seguridad del recifrado delegado, hasta los detalles específicos de potenciales aplicaciones, pasando por construcciones concretas

Challenges in Cybersecurity and Privacy - the European Research Landscape

Cybersecurity and Privacy issues are becoming an important barrier for a trusted and dependable global digital society development. Cyber-criminals are continuously shifting their cyber-attacks specially against cyber-physical systems and IoT, since they present additional vulnerabilities due to their constrained capabilities, their unattended nature and the usage of potential untrustworthiness components. Likewise, identity-theft, fraud, personal data leakages, and other related cyber-crimes are continuously evolving, causing important damages and privacy problems for European citizens in both virtual and physical scenarios. In this context, new holistic approaches, methodologies, techniques and tools are needed to cope with those issues, and mitigate cyberattacks, by employing novel cyber-situational awareness frameworks, risk analysis and modeling, threat intelligent systems, cyber-threat information sharing methods, advanced big-data analysis techniques as well as exploiting the benefits from latest technologies such as SDN/NFV and Cloud systems. In addition, novel privacy-preserving techniques, and crypto-privacy mechanisms, identity and eID management systems, trust services, and recommendations are needed to protect citizens’ privacy while keeping usability levels. The European Commission is addressing the challenge through different means, including the Horizon 2020 Research and Innovation program, thereby financing innovative projects that can cope with the increasing cyberthreat landscape. This book introduces several cybersecurity and privacy research challenges and how they are being addressed in the scope of 15 European research projects. Each chapter is dedicated to a different funded European Research project, which aims to cope with digital security and privacy aspects, risks, threats and cybersecurity issues from a different perspective. Each chapter includes the project’s overviews and objectives, the particular challenges they are covering, research achievements on security and privacy, as well as the techniques, outcomes, and evaluations accomplished in the scope of the EU project. The book is the result of a collaborative effort among relative ongoing European Research projects in the field of privacy and security as well as related cybersecurity fields, and it is intended to explain how these projects meet the main cybersecurity and privacy challenges faced in Europe. Namely, the EU projects analyzed in the book are: ANASTACIA, SAINT, YAKSHA, FORTIKA, CYBECO, SISSDEN, CIPSEC, CS-AWARE. RED-Alert, Truessec.eu. ARIES, LIGHTest, CREDENTIAL, FutureTrust, LEPS. Challenges in Cybersecurity and Privacy - the European Research Landscape is ideal for personnel in computer/communication industries as well as academic staff and master/research students in computer science and communications networks interested in learning about cyber-security and privacy aspects

Cryptographic Protocols for Privacy Enhancing Technologies: From Privacy Preserving Human Attestation to Internet Voting

Desire of privacy is oftentimes associated with the intention to hide certain aspects of our thoughts or actions due to some illicit activity. This is a narrow understanding of privacy, and a marginal fragment of the motivations for undertaking an action with a desired level of privacy. The right for not being subject to arbitrary interference of our privacy is part of the universal declaration of human rights (Article 12) and, above that, a requisite for our freedom. Developing as a person freely, which results in the development of society, requires actions to be done without a watchful eye. While the awareness of privacy in the context of modern technologies is not widely spread, it is clearly understood, as can be seen in the context of elections, that in order to make a free choice one needs to maintain its privacy. So why demand privacy when electing our government, but not when selecting our daily interests, books we read, sites we browse, or persons we encounter? It is popular belief that the data that we expose of ourselves would not be exploited if one is a law-abiding citizen. No further from the truth, as this data is used daily for commercial purposes: users’ data has value. To make matters worse, data has also been used for political purposes without the user’s consent or knowledge. However, the benefits that data can bring to individuals seem endless and a solution of not using this data at all seems extremist. Legislative efforts have tried, in the past years, to provide mechanisms for users to decide what is done with their data and define a framework where companies can use user data, but always under the consent of the latter. However, these attempts take time to take track, and have unfortunately not been very successful since their introduction. In this thesis we explore the possibility of constructing cryptographic protocols to provide a technical, rather than legislative, solution to the privacy problem. In particular we focus on two aspects of society: browsing and internet voting. These two events shape our lives in one way or another, and require high levels of privacy to provide a safe environment for humans to act upon them freely. However, these two problems have opposite solutions. On the one hand, elections are a well established event in society that has been around for millennia, and privacy and accountability are well rooted requirements for such events. This might be the reason why its digitalisation is something which is falling behind with respect to other acts of our society (banking, shopping, reading, etc). On the other hand, browsing is a recently introduced action, but that has quickly taken track given the amount of possibilities that it opens with such ease. We now have access to whatever we can imagine (except for voting) at the distance of a click. However, the data that we generate while browsing is extremely sensitive, and most of it is disclosed to third parties under the claims of making the user experience better (targeted recommendations, ads or bot-detection). Chapter 1 motivates why resolving such a problem is necessary for the progress of digital society. It then introduces the problem that this thesis aims to resolve, together with the methodology. In Chapter 2 we introduce some technical concepts used throughout the thesis. Similarly, we expose the state-of-the-art and its limitations. In Chapter 3 we focus on a mechanism to provide private browsing. In particular, we focus on how we can provide a safer, and more private way, for human attestation. Determining whether a user is a human or a bot is important for the survival of an online world. However, the existing mechanisms are either invasive or pose a burden to the user. We present a solution that is based on a machine learning model to distinguish between humans and bots that uses natural events of normal browsing (such as touch the screen of a phone) to make its prediction. To ensure that no private data leaves the user’s device, we evaluate such a model in the device rather than sending the data over the wire. To provide insurance that the expected model has been evaluated, the user’s device generates a cryptographic proof. However this opens an important question. Can we achieve a high level of accuracy without resulting in a noneffective battery consumption? We provide a positive answer to this question in this work, and show that a privacy-preserving solution can be achieved while maintaining the accuracy high and the user’s performance overhead low. In Chapter 4 we focus on the problem of internet voting. Internet voting means voting remotely, and therefore in an uncontrolled environment. This means that anyone can be voting under the supervision of a coercer, which makes the main goal of the protocols presented to be that of coercionresistance. We need to build a protocol that allows a voter to escape the act of coercion. We present two proposals with the main goal of providing a usable, and scalable coercion resistant protocol. They both have different trade-offs. On the one hand we provide a coercion resistance mechanism that results in linear filtering, but that provides a slightly weaker notion of coercion-resistance. Secondly, we present a mechanism with a slightly higher complexity (poly-logarithmic) but that instead provides a stronger notion of coercion resistance. Both solutions are based on a same idea: allowing the voter to cast several votes (such that only the last one is counted) in a way that cannot be determined by a coercer. Finally, in Chapter 5, we conclude the thesis, and expose how our results push one step further the state-of-the-art. We concisely expose our contributions, and describe clearly what are the next steps to follow. The results presented in this work argue against the two main claims against privacy preserving solutions: either that privacy is not practical or that higher levels of privacy result in lower levels of security.Programa de Doctorado en Ciencia y Tecnología Informática por la Universidad Carlos III de MadridPresidente: Agustín Martín Muñoz.- Secretario: José María de Fuentes García-Romero de Tejada.- Vocal: Alberto Peinado Domíngue

On the Secure and Resilient Design of Connected Vehicles: Methods and Guidelines

Vehicles have come a long way from being purely mechanical systems to systems that consist of an internal network of more than 100 microcontrollers and systems that communicate with external entities, such as other vehicles, road infrastructure, the manufacturer’s cloud and external applications. This combination of resource constraints, safety-criticality, large attack surface and the fact that millions of people own and use them each day, makes securing vehicles particularly challenging as security practices and methods need to be tailored to meet these requirements.This thesis investigates how security demands should be structured to ease discussions and collaboration between the involved parties and how requirements engineering can be accelerated by introducing generic security requirements. Practitioners are also assisted in choosing appropriate techniques for securing vehicles by identifying and categorising security and resilience techniques suitable for automotive systems. Furthermore, three specific mechanisms for securing automotive systems and providing resilience are designed and evaluated. The first part focuses on cyber security requirements and the identification of suitable techniques based on three different approaches, namely (i) providing a mapping to security levels based on a review of existing security standards and recommendations; (ii) proposing a taxonomy for resilience techniques based on a literature review; and (iii) combining security and resilience techniques to protect automotive assets that have been subject to attacks. The second part presents the design and evaluation of three techniques. First, an extension for an existing freshness mechanism to protect the in-vehicle communication against replay attacks is presented and evaluated. Second, a trust model for Vehicle-to-Vehicle communication is developed with respect to cyber resilience to allow a vehicle to include trust in neighbouring vehicles in its decision-making processes. Third, a framework is presented that enables vehicle manufacturers to protect their fleet by detecting anomalies and security attacks using vehicle trust and the available data in the cloud

Revocable Hierarchical Attribute-based Signatures from Lattices

Attribute-based Signatures (ABS) allow users to obtain attributes from issuing authorities, and sign messages whilst simultaneously proving compliance of their attributes with a verification policy. ABS demands that both the signer and the set of attributes used to satisfy a policy remain hidden to the verifier. Hierarchical ABS (HABS) supporting roots of trust and delegation were recently proposed to alleviate scalability issues in centralised ABS schemes. An important yet challenging property for privacy-preserving ABS is revocation, which may be applied to signers or some of the attributes they possess. Existing ABS schemes lack efficient revocation of either signers or their attributes, relying on generic costly proofs.Moreover, in HABS there is a further need to support revocation of authorities on the delegation paths, which is not provided by existing HABS constructions. This paper proposes a direct HABS scheme with a Verifier-Local Revocation (VLR) property. We extend the original HABS security model to address revocation and develop a new attribute delegation technique with appropriate VLR mechanism for HABS, which also implies the first ABS scheme to support VLR. Moreover, our scheme supports inner-product signing policies, offering a wider class of attribute relations than previous HABS schemes, and is the first to be based on lattices, which are thought to offer post-quantum security