Research On Attribute-Based Encryption From Lattices

With the rapid development of the Cloud Storage which evolves from the Cloud Computing, more and more people prefer to store their own files in remote cloud storage to expediently access them through any networked device at anytime and anywhere. In addition to storage, the Cloud Storage can also share its data to anyone else if the users want, then how do the data owners control the access permissions of authorized users? For the security of the users’ data, we need an encryption scheme that can complete this important mission. In the existing cryptography methods, attribute-based encryption(ABE) gets many researchers’ attention for its fine-grained access control ability.An ABE scheme is a combination of an identity-based encryption(IBE) and an access structure. In an ABE scheme, the trust authority produces every user’s secret keys according to their own set of attributes and ciphertexts are also labeled with a set of attributes. A particular user can decrypt the ciphertexts only if there is a match between these two sets of attributes through the control of access structure. The data owners can flexibly control who can access to the data as the requirement of user by applying an ABE scheme. Most of the ABE schemes remain based on the machinery of bilinear maps. The ABE based on bilinear maps would get restricted development in post-quantum era for their low efficiency in complexity of calculations and vulnerable to quantum computers. Lattices seem to be a better choice, for they not only have benefits of quantum attack resistance but also get a rich mathematical structure. So the ABE schemes from lattices are in popularity now.Access structure is the core of ABE system. In this work, we study the key-policy ABE for circuits. We have achieved the following results:1. Attribute-based encryption for restricted circuits from latticesWe define a kind of restricted circuits with polynomially bounded depth. Our restricted circuits means that for any input x, if f(x) ?1then for all the OR gates in the sub-circuits f?, its lower index child node will output 1. Then we propose a key-policy attribute-based encryption(KP-ABE) scheme for those restricted circuits from lattices. We prove that the scheme is secure against chosen plaintext attack in the selective model under the learning with errors(LWE) assumptions. Moreover, secret keys in our scheme are shorter than in previous scheme.2. Double-matrix key-policy attribute-based encryption(KP-ABE) for circuits from latticesIn double-matrix schemes, we distribute each node of the circuits two matrix and present a KP-ABE scheme for general circuits by invoking the technology of “two-to-one”. Then we extend the general circuit to a circuit with arbitrary fan-in gates and present a corresponding KP-ABE scheme. Moreover, we prove that both schemes are secure against chosen plaintext attack in the selective model under the LWE assumptions. In an ABE scheme for circuits of arbitrary polynomial size, its public parameters and ciphertexts are generally proportional to the depth of the circuit. Compared with a Boolean circuit with gates of fan-in 2, a circuit with arbitrary fan-in gates for the same access control policy would considerably get much smaller depth. Our new schemes for circuits with arbitrary fan-in gates consequently have fewer public parameters and ciphertexts which will produce higher efficiency. However, the scheme for extended circuits would generate a lot of secret keys for each gate which depends on their fan-in k, so this scheme is applicable to the case of low fan-in.3. Homomorphic KP-ABE for circuits from latticesWe design three Eval algorithms and present two homomorphic KP-ABE schemes through the introduction of key-homomorphism. There are an ABE scheme for general circuits and another one for circuits with arbitrary fan-in gates in this kind of schemes. We prove that both schemes are secure against chosen plaintext attack in the selective model under the LWE assumptions. The first scheme gets extremely short secret key and the second scheme can support the better circuits with arbitrary fan-in gates besides its same extremely short secret key. Besides the fewer public parameters and ciphertexts, the smaller depth caused by the circuits with arbitrary fan-in gates can bring us more benefits. In an ABE scheme from lattices, we always add some noise to the ciphertext according to the LWE assumption and the magnitude of the noise would increase by a factor that depends on the depth of the circuit. The smaller depth decreases the increment of noise and this would alleviate the limits on other parameters.