Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE and Compact Garbled Circuits

Friday, May 2, 2014 - 10:30am to 12:00pm

Location:

32-G449

Speaker:

Sergey Gorbunov

Abstract: We construct the first (key-policy) attribute-based encryption (ABE)

system with short secret keys: the size of keys in our system depends

only on the depth of the policy circuit, not its size. Our constructions

extend naturally to arithmetic circuits with arbitrary fan-in gates

thereby further reducing the circuit depth. Building on this ABE system

we obtain the first reusable circuit garbling scheme that produces

garbled circuits whose size is the same as the original circuit

plus an additive $poly(k,d)$ bits, where $k$ is the security parameter

and $d$ is the circuit depth. All previous constructions incurred a

multiplicative $poly(k)$ blowup.

We construct our attribute-based system using a new mechanism we call

fully key-homomorphic encryption which is a public-key system that

lets anyone translate a ciphertext encrypted under a public-key

$\vec{pk}=(pk_1,...,pk_n)$ into a ciphertext encrypted under

the public-key $(f(\vec{pk}),f)$ of the same plaintext, for any

efficiently computable $f$. We show that this mechanism gives an ABE

with short keys. Security of our construction relies on the subexponential

hardness of the learning with errors problem.

We also present a second (key-policy) ABE, using multilinear maps,

with short ciphertexts: an encryption to an attribute vector $\vec{x}$

is the size of $\vec{x}$ plus $poly(k,d)$ additional bits. This gives a

reusable circuit garbling scheme where the garbled input is short.

Joint work with Dan Boneh, Craig Gentry, Shai Halevi, Valeria

Nikolaenko, Gil Segev, Vinod Vaikuntanathan, and Dhinakaran Vinayagamurthy