International Association for Cryptologic Research (IACR)
Abstract
We construct the first decentralized multi-authority attribute-based encryption
(MA-ABE) scheme for a non-trivial class of access policies whose security is
based (in the random oracle model) solely on the Learning With Errors (LWE)
assumption. The supported access policies are ones described by DNF
formulas. All previous constructions of MA-ABE schemes supporting any
non-trivial class of access policies were proven secure (in the random oracle
model) assuming various assumptions on bilinear maps.
In our system, any party can become an authority and there is no requirement for
any global coordination other than the creation of an initial set of common
reference parameters. A party can simply act as a standard ABE authority by
creating a public key and issuing private keys to different users that reflect
their attributes. A user can encrypt data in terms of any DNF formulas over
attributes issued from any chosen set of authorities. Finally, our system does
not require any central authority. In terms of efficiency, when instantiating
the scheme with a global bound s on the size of access policies, the sizes of
public keys, secret keys, and ciphertexts, all grow with s.
Technically, we develop new tools for building ciphertext-policy ABE (CP-ABE)
schemes using LWE. Along the way, we construct the first provably secure CP-ABE
scheme supporting access policies in NC1 that avoids the generic
universal-circuit-based key-policy to ciphertext-policy transformation. In
particular, our construction relies on linear secret sharing schemes with new
properties and in some sense is more similar to CP-ABE schemes that rely on
bilinear maps. While our CP-ABE construction is not more efficient than
existing ones, it is conceptually intriguing and further we show how to extend
it to get the MA-ABE scheme described above