Unbounded ABE via Bilinear Entropy Expansion, Revisited Jie Chen - - PowerPoint PPT Presentation

unbounded abe via bilinear entropy expansion revisited
SMART_READER_LITE
LIVE PREVIEW

Unbounded ABE via Bilinear Entropy Expansion, Revisited Jie Chen - - PowerPoint PPT Presentation

Oct 21, 2022 384 likes •1.21k views

Unbounded ABE via Bilinear Entropy Expansion, Revisited Jie Chen Junqing Gong Lucas Kowalczyk Hoeteck Wee ECNU ENS de Lyon Columbia University ENS & CNRS attribute-based encryption (ABE) [SW05, GPSW06] 1 attribute-based encryption

slide-1
SLIDE 1

Unbounded ABE via Bilinear Entropy Expansion, Revisited

Jie Chen

ECNU

Junqing Gong

ENS de Lyon

Lucas Kowalczyk

Columbia University

Hoeteck Wee

ENS & CNRS

slide-2
SLIDE 2

attribute-based encryption (ABE)

[SW05, GPSW06]

1

slide-3
SLIDE 3

!"# !$#

attribute-based encryption (ABE)

[SW05, GPSW06]

2

slide-4
SLIDE 4

!"#

$%" $!"

attribute-based encryption (ABE)

[SW05, GPSW06]

!"& !"' (’CS’ and ‘PhD’) or ‘Professor’ ’CS’ and ‘PhD’ ’EE’ and ‘Professor’

3

slide-5
SLIDE 5

!"#

$%" $!"

attribute-based encryption (ABE)

[SW05, GPSW06]

!"& !"' (’CS’ and ‘PhD’) or ‘Professor’ ’CS’ and ‘PhD’ ’EE’ and ‘Professor’ (’CS’, ’Professor’) enc($)

4

slide-6
SLIDE 6

attribute-based encryption (ABE)

[SW05, GPSW06]

(’CS’ and ‘PhD’) or ‘Professor’ ’CS’ and ‘PhD’ ’EE’ and ‘Professor’ (’CS’, ’Professor’)

5

slide-7
SLIDE 7

attribute-based encryption (ABE)

[SW05, GPSW06]

(’CS’ and ‘PhD’) or ‘Professor’ ’CS’ and ‘PhD’ ’EE’ and ‘Professor’ (’CS’, ’Professor’)

6

slide-8
SLIDE 8

attribute-based encryption (ABE)

[SW05, GPSW06]

collusion (’CS’ and ‘PhD’) or ‘Professor’ ’CS’ and ‘PhD’ ’EE’ and ‘Professor’ (’CS’, ’Professor’)

7

slide-9
SLIDE 9

attribute-based encryption (ABE)

[SW05, GPSW06]

(’CS’ and ‘PhD’) or ‘Professor’ ’CS’ and ‘PhD’ ’EE’ and ‘Professor’ (’CS’, ’Professor’)

8

!"# !"$ !"%

&'" &!"

enc(&)

slide-10
SLIDE 10

attribute-based encryption (ABE)

[SW05, GPSW06]

(’CS’ and ‘PhD’) or ‘Professor’ ’CS’ and ‘PhD’ ’EE’ and ‘Professor’ (’CS’, ’Professor’)

9

!"# !"$ !"%

&'" &!"

enc(&) all attributes: [.] = {1, 2, ⋯ , .}

slide-11
SLIDE 11

attribute-based encryption (ABE)

[SW05, GPSW06]

!

" # = true

!

% # = false

!

& # = false

10

# ⊆ [)] +," +,% +,&

  • .,
  • +,

enc(-) all attributes: [)] = {1, 2, ⋯ , )}

slide-12
SLIDE 12

ABE

bounded !"# = % &

11

' ⊆ [&]

!"#

+

, ' = true

+

  • ' = false

+

. ' = false

all attributes: [&] = {1, 2, ⋯ , &}

slide-13
SLIDE 13

unbounded ABE

[ LewkoWaters11 ]

unbounded !"# = %(')

12

bounded )*+ = , - . ⊆ [-]

)*+

2

3 . = true

2

4 . = false

2

5 . = false

all attributes: [-] = {1, 2, ⋯ , -}

slide-14
SLIDE 14

state of the art

  • LewkoWaters11
  • OkamotoTakashima12
  • RouselakisWaters13
  • Attrapadung14
  • KowalczykLewko15
  • Attrapadung16
  • AgrawalChase17

13

efficient (bilinear) groups

prime-order - asymmetric

adaptive security

adversary can choose the target at any time

standard assumption

!-Lin, DLin and more - without random oracle

slide-15
SLIDE 15

state of the art

efficient (bilinear) groups

prime-order - asymmetric

adaptive security

adversary can choose the target at any time

static assumption

!-Lin, DLin and more

  • LewkoWaters11
  • OkamotoTakashima12
  • RouselakisWaters13
  • Attrapadung14
  • KowalczykLewko15
  • Attrapadung16
  • AgrawalChase17

14

slide-16
SLIDE 16

state of the art

  • OkamotoTakashima12

15

efficient (bilinear) groups

prime-order - asymmetric

adaptive security

adversary can choose the target at any time

static assumption

!-Lin, DLin and more

slide-17
SLIDE 17

this work

16

  • more efficient: 40% shorter ciphertext/key; or
  • more expressive: arithmetic span program

new and simpler unbounded ABE schemes

slide-18
SLIDE 18

this work

17

more efficient: 40% shorter ciphertext/keyor

  • more expressive: arithmetic span program

new and simpler unbounded ABE schemes

slide-19
SLIDE 19

this work

18

more efficient: 40% shorter ciphertext/key more expressive: arithmetic span program new and simpler unbounded ABE schemes

slide-20
SLIDE 20

this work

bounded ABE unbounded ABE

19

compiler

scheme

more efficient: 40% shorter ciphertext/key more expressive: arithmetic span program new and simpler unbounded ABE schemes

slide-21
SLIDE 21

this work

entropy expansion lemma bounded ABE unbounded ABE

20

compiler

scheme proof

more efficient: 40% shorter ciphertext/key more expressive: arithmetic span program new and simpler unbounded ABE schemes

slide-22
SLIDE 22

this work

bounded ABE unbounded ABE

21

compiler

scheme

more efficient: 40% shorter ciphertext/key more expressive: arithmetic span program new and simpler unbounded ABE schemes

  • [ LOSTW10 ]

[ IW14 ]

slide-23
SLIDE 23

compiler & lemma

22

entropy expansion lemma bounded ABE unbounded ABE compiler

slide-24
SLIDE 24

compiler & lemma

23

entropy expansion lemma bounded ABE unbounded ABE compiler

bilinear group of composite order !"!#

slide-25
SLIDE 25

compiler & lemma

24

entropy expansion lemma bounded ABE unbounded ABE compiler

!" ! ℍ

bilinear group of composite order $%$&

slide-26
SLIDE 26

compiler & lemma

25

entropy expansion lemma bounded ABE unbounded ABE compiler

!" #: ! ℍ × ⟶

bilinear group of composite order ()(*

slide-27
SLIDE 27

compiler & lemma

26

entropy expansion lemma bounded ABE unbounded ABE compiler

!" #: ! ℍ × ⟶

() (*

bilinear group of composite order +,+-

.1-subgroup .2-subgroup

slide-28
SLIDE 28

compiler & lemma

27

entropy expansion lemma bounded ABE unbounded ABE compiler

!" #: ! ℍ × ⟶

() (*

bilinear group of composite order +,+-

.1-subgroup .2-subgroup

ℎ) ℎ*

.1-subgroup .2-subgroup

⋅ ⋅

slide-29
SLIDE 29

compiler & lemma

28

bounded ABE unbounded ABE compiler

slide-30
SLIDE 30

compiler & lemma

29

bounded ABE unbounded ABE compiler

! "#$ = ( '(, '(

*+, … , '( *- )

#(-subgroup

slide-31
SLIDE 31

compiler & lemma

30

bounded ABE unbounded ABE compiler

! "#$ = ( '(, '(

*+, … , '( *- )

#(-subgroup ct '(

/*0, '( /

1 ∈ 3

slide-32
SLIDE 32

compiler & lemma

31

bounded ABE unbounded ABE compiler

! "#$ = ( '(, '(

*+, … , '( *- )

#(-subgroup ct '(

/*0, '( /

1 ∈ 3

slide-33
SLIDE 33

compiler & lemma

32

bounded ABE unbounded ABE compiler

! "#$ = ( '(, '(

*+, … , '( *- )

#(-subgroup ct sk '(

/*0, '( /

ℎ(

2*0, ℎ( 2

3 ∈ 5 3 ∈ 5

slide-34
SLIDE 34

compiler & lemma

33

bounded ABE unbounded ABE compiler

! "#$ = ( '(, '(

*+, … , '( *- )

"#$ = ( '(, '(

/0, '( /+ )

#(-subgroup #(-subgroup ct sk 1 ∈ 3 1 ∈ 3 '(

4*5, '( 4

ℎ(

7*5, ℎ( 7

slide-35
SLIDE 35

compiler & lemma

34

bounded ABE unbounded ABE compiler

! "#$ = ( '(, '(

*+, … , '( *- )

"#$ = ( '(, '(

/0, '( /+ )

#(-subgroup #(-subgroup ct sk 12 + 4 5 1( ⟻ 78 [ LewkoWaters11 ] 4 ∈ : 4 ∈ : '(

;*<, '( ;

ℎ(

>*<, ℎ( >

slide-36
SLIDE 36

compiler & lemma

35

bounded ABE unbounded ABE compiler

! "#$ = ( '(, '(

*+, … , '( *- )

"#$ = ( '(, '(

/0, '( /+ )

1 ∈ 3 '(

4 /056⋅/+ , '( 4

#(-subgroup #(-subgroup 1 ∈ 3 ℎ(

9 /056⋅/+ , ℎ( 9

ct sk :; + 1 = :( ⟻ ?6 1 ∈ 3 1 ∈ 3 '(

4*@, '( 4

ℎ(

9*@, ℎ( 9

[ LewkoWaters11 ]

slide-37
SLIDE 37

compiler & lemma

36

entropy expansion lemma bounded ABE unbounded ABE

! "#$ = ( '(, '(

*+, … , '( *- )

"#$ = ( '(, '(

/0, '( /+ )

1 ∈ 3 '(

4 /056⋅/+ , '( 4

#(-subgroup #(-subgroup 1 ∈ 3 ℎ(

9 /056⋅/+ , ℎ( 9

ct sk 1 ∈ 3 1 ∈ 3 '(

4*:, '( 4

ℎ(

9*:, ℎ( 9

slide-38
SLIDE 38

compiler & lemma

37

entropy expansion lemma bounded ABE unbounded ABE

" #$% = ( (), ()

+,, … , () +. )

#$% = ( (), ()

01, () 0, )

2 ∈ 4 ()

5 0167⋅0, , () 5

$)-subgroup $)-subgroup 2 ∈ 4 ℎ)

: 0167⋅0, , ℎ) :

ct sk 2 ∈ 4 2 ∈ 4 ()

5+;, () 5

ℎ)

:+;, ℎ) :

slide-39
SLIDE 39

compiler & lemma

38

" #$% = ( (), ()

+,, … , () +. )

#$% = ( (), ()

01, () 0, )

2 ∈ 4

entropy expansion lemma bounded ABE unbounded ABE

/

()

5 0167⋅0, , () 5

$)-subgroup $)-subgroup 2 ∈ 4 ℎ)

: 0167⋅0, , ℎ) :

ct sk 2 ∈ 4 2 ∈ 4 ()

5+;, () 5

ℎ)

:+;, ℎ) :

slide-40
SLIDE 40

compiler & lemma

39

! ∈ # $%-subgroup

entropy expansion lemma bounded ABE unbounded ABE

&%

'(), &% '

+$, = ( &/, &/

01, &/ 02 )

! ∈ # &/

' 0145⋅02 , &/ '

$/-subgroup ! ∈ # ℎ/

8 0145⋅02 , ℎ/ 8

ℎ%

8(), ℎ% 8

! ∈ # ct sk

slide-41
SLIDE 41

compiler & lemma

40

! ∈ # $%-subgroup

entropy expansion lemma bounded ABE unbounded ABE

(%

)*+, (% )

  • $. = ( (1, (1

23, (1 24 )

! ∈ # (1

) 2367⋅24 , (1 )

$1-subgroup ! ∈ # ℎ1

9 2367⋅24 , ℎ1 9

  • $. = ( (1, (1

23, (1 24 )

! ∈ # (1

) 2367⋅24 , (1 )

$1-subgroup ! ∈ # ℎ1

9 2367⋅24 , ℎ1 9

ℎ%

9*+, ℎ% 9

! ∈ # ct sk

slide-42
SLIDE 42

compiler & lemma

41

entropy expansion lemma bounded ABE unbounded ABE

dual system method [Waters09] ! ∈ # $%-subgroup

(%

)*+, (% )

  • $. = ( (1, (1

23, (1 24 )

! ∈ # (1

) 2367⋅24 , (1 )

$1-subgroup ! ∈ # ℎ1

9 2367⋅24 , ℎ1 9

  • $. = ( (1, (1

23, (1 24 )

! ∈ # (1

) 2367⋅24 , (1 )

$1-subgroup ! ∈ # ℎ1

9 2367⋅24 , ℎ1 9

! ∈ # ct sk ℎ%

9*+, ℎ% 9

slide-43
SLIDE 43

compiler & lemma

42

bounded ABE unbounded ABE

! ∈ # $%-subgroup

(%

)*+, (% )

  • $. = ( (1, (1

23, (1 24 )

! ∈ # (1

) 2367⋅24 , (1 )

$1-subgroup ! ∈ # ℎ1

9 2367⋅24 , ℎ1 9

  • $. = ( (1, (1

23, (1 24 )

! ∈ # (1

) 2367⋅24 , (1 )

$1-subgroup ! ∈ # ℎ1

9 2367⋅24 , ℎ1 9

! ∈ # ct sk

entropy expansion lemma

(warm-up version) ℎ%

9*+, ℎ% 9

slide-44
SLIDE 44

proof strategy

43

adversary’s view

  • ur goal

!"# enc(!) )#* )#+ ⋮

  • ur ABE
slide-45
SLIDE 45

44

proof strategy

  • ur goal

enc(%) $

random

%() enc(%) *)+ *), ⋮

  • ur ABE

%() *)+ *), ⋮

  • ur ABE

slide-46
SLIDE 46

45

proof strategy

step 1: use entropy expansion lemma

!"# enc(!) )#* )#+ ⋮

  • ur ABE
slide-47
SLIDE 47

46

proof strategy

step 1: use entropy expansion lemma

⋅ ≈

#$% = ( (), ()

+,, () +- )

/ ∈ 1 ()

2 +,34⋅+- , () 2

/ ∈ 1 ℎ)

6 +,34⋅+- , ℎ) 6

#$% = ( (), ()

+,, () +- )

/ ∈ 1 ()

2 +,34⋅+- , () 2

/ ∈ 1 ℎ)

6 +,34⋅+- , ℎ) 6

/ ∈ 1 (7

289, (7 2

/ ∈ 1 ℎ7

689, ℎ7 6

slide-48
SLIDE 48

47

proof strategy

step 1: use entropy expansion lemma

! "#$ ! "#% ⋮ ' enc(,) enc(,) ,.# enc(,) "#$ "#% ⋮

  • ur ABE

,.# "#$ "#% ⋮

  • ur ABE

./-subgroup .$-subgroup .$-subgroup

⋅ ≈

slide-49
SLIDE 49

48

proof strategy

step 1: use entropy expansion lemma

! "#$ ! "#% ⋮ ' enc(,)

./-subgroup

slide-50
SLIDE 50

bounded ABE

! "#$ ! "#% ⋮ ' enc(,)

49

proof strategy

step 1: use entropy expansion lemma

./-subgroup

slide-51
SLIDE 51

! enc(&)

use prior analysis

50

proof strategy

step 2: analyze bounded ABE

$ ) *+, ) *+- ⋮

bounded ABE

slide-52
SLIDE 52

51

proof strategy

step 3: back to unbounded ABE

! enc(&) $ ) *+, ) *+- ⋮

enc(&) &0+ *+, *+- ⋮

  • ur ABE

$

bounded ABE

slide-53
SLIDE 53

entropy expansion lemma

!", !"

$, !" $%, !" $&

52

!"

', !" '$ ⋅ !" ')($%+,⋅$&) , !" ')

. ∈ 0

≈ ⋅

. ∈ 0 !2

', !2 '$ ⋅ !2 ')3) , !2 ')

!", !"

$, !" $%, !" $&

!"

', !" '$ ⋅ !" ')($%+,⋅$&) , !" ')

. ∈ 0

warm-up version

ABE ciphertext: . ∈ 4 ⊆ [0] ABE mpk ℎ"

9)$, ℎ" 9), ℎ" 9) $%+,⋅$&

. ∈ 0 ABE keys × ;: random self-reducibility ℎ"

9)$, ℎ" 9), ℎ" 9) $%+,⋅$&

. ∈ 0 ℎ"

9, ℎ" 9 3)

. ∈ 0

slide-54
SLIDE 54

entropy expansion lemma

!", !"

$, !" $%, !" $&

53

!"

', !" '$ ⋅ !" ')($%+,⋅$&) , !" ')

. ∈ 0 ABE mpk ABE ciphertext: . ∈ 1 ⊆ [0] ABE keys × 6: random self-reducibility ℎ"

8)$, ℎ" 8), ℎ" 8) $%+,⋅$&

. ∈ 0 ℎ"

8)$,

slide-55
SLIDE 55

entropy expansion lemma

!", !"

$, !" $%, !" $&

54

!"

', !" '$ ⋅ !" ')($%+,⋅$&) , !" ')

. ∈ 0 ABE mpk ABE ciphertext: . ∈ 1 ⊆ [0] ABE keys × 6: random self-reducibility ℎ"

8)$, ℎ" 8), ℎ" 8) $%+,⋅$&

. ∈ 0 ℎ"

8)$,

slide-56
SLIDE 56

!", !"

$, !" $%, !" $&

!"

', !" '$ ⋅ !" ')($%+,⋅$&) , !" ')

. ∈ 0

55

entropy expansion lemma

ABE mpk ABE ciphertext: . ∈ 1 ⊆ [0] ABE keys × 6: random self-reducibility ℎ"

8)$, ℎ" 8), ℎ" 8) $%+,⋅$&

. ∈ 0 ℎ"

8)$,

slide-57
SLIDE 57

!", !"

$, !" $%, !" $&

ℎ"

()$, ℎ" (), ℎ" () $%*+⋅$&

  • ∈ /

56

!"

0, !" 0$ ⋅ !" 0)($%*+⋅$&) , !" 0)

  • ∈ /

ABE ciphertext

entropy expansion lemma

ABE mpk ABE keys × 4: random self-reducibility ℎ"

()$,

slide-58
SLIDE 58

!", !"

$, !" $%, !" $&

57

ℎ"

()$, ℎ" (), ℎ" () $%*+⋅$&

  • ∈ /

!"

0, !" 0$ ⋅ !" 0)($%*+⋅$&) , !" 0)

  • ∈ /

entropy expansion lemma

ABE keys × 4: random self-reducibility ABE ciphertext ABE mpk ℎ"

()$,

slide-59
SLIDE 59

!", !"

$, !" $%, !" $&

58

ℎ"

()$, ℎ" (), ℎ" () $%*+⋅$&

  • ∈ /

!"

0, !" 0$ ⋅ !" 0)($%*+⋅$&) , !" 0)

  • ∈ /

entropy expansion lemma

ABE keys × 4: random self-reducibility ABE ciphertext ABE mpk ℎ"

()$,

[ KowalczykLewko15 ]

slide-60
SLIDE 60

≈ ⋅

#$, #$

&, #$ &', #$ &(

59

ℎ$

*+&, ℎ$ *+, ℎ$ *+ &',-⋅&(

. ∈ 0 #$

1, #$ 1& ⋅ #$ 1+(&',-⋅&() , #$ 1+

. ∈ 0 #$, #$

&, #$ &', #$ &(

ℎ$

*+&, ℎ$ *+, ℎ$ *+ &',-⋅&(

. ∈ 0 #$

1, #$ 1& ⋅ #$ 1+(&',-⋅&() , #$ 1+

. ∈ 0

entropy expansion lemma

ABE keys × 5: random self-reducibility ABE ciphertext ABE mpk

slide-61
SLIDE 61

≈ ⋅

ℎ$

%&', ℎ$ %&, ℎ$ %& ')*+⋅',

  • ∈ /

0$

1, 0$ 1' ⋅ 0$ 1&(')*+⋅',) , 0$ 1&

60

04, 04

', 04 '), 04 ',

ℎ4

%&', ℎ4 %&, ℎ4 %& ')*+⋅',

  • ∈ /

04

1, 04 1' ⋅ 04 1&(')*+⋅',) , 04 1&

  • ∈ /

04, 04

', 04 '), 04 ',

ℎ4

%&', ℎ4 %&, ℎ4 %& ')*+⋅',

  • ∈ /

04

1, 04 1' ⋅ 04 1&(')*+⋅',) , 04 1&

  • ∈ /
  • ∈ /

entropy expansion lemma

ABE keys × 6: random self-reducibility ABE ciphertext ABE mpk

slide-62
SLIDE 62

≈ ⋅

61

  • 1. #$ + & ⋅ #' ⟼ )&

*+, *+

  • , *+
  • ., *+
  • /

ℎ+

12-, ℎ+ 12, ℎ+ 12 -.34⋅-/

5 ∈ 7 *+

8, *+ 8- ⋅ *+ 82(-.34⋅-/) , *+ 82

5 ∈ 7 *+, *+

  • , *+
  • ., *+
  • /

ℎ+

12-, ℎ+ 12, ℎ+ 12 -.34⋅-/

5 ∈ 7 *+

8, *+ 8- ⋅ *+ 82(-.34⋅-/) , *+ 82

5 ∈ 7 ℎ;

12-, ℎ; 12, ℎ; 12 -.34⋅-/

5 ∈ 7 *;

8, *; 8- ⋅ *; 82(-.34⋅-/) , *; 82

5 ∈ 7

entropy expansion lemma

slide-63
SLIDE 63

≈ ⋅

62

#$, #$

&, #$ &', #$ &(

ℎ$

*+&, ℎ$ *+, ℎ$ *+ &',-⋅&(

. ∈ 0 #$

1, #$ 1& ⋅ #$ 1+(&',-⋅&() , #$ 1+

. ∈ 0 #$, #$

&, #$ &', #$ &(

ℎ$

*+&, ℎ$ *+, ℎ$ *+ &',-⋅&(

. ∈ 0 #$

1, #$ 1& ⋅ #$ 1+(&',-⋅&() , #$ 1+

. ∈ 0 ℎ4

*+&, ℎ4 *+, ℎ4 *+ &',-⋅&(

. ∈ 0 #4

1, #4 1& ⋅ #$ 1+(&',-⋅&() , #$ 1+

. ∈ 0

entropy expansion lemma

  • 1. 56 + 8 ⋅ 59 ⟼ ;8
slide-64
SLIDE 64

≈ ⋅

63

#$, #$

&, #$ &', #$ &(

ℎ$

*+&, ℎ$ *+, ℎ$ *+ &',-⋅&(

. ∈ 0 #$

1, #$ 1& ⋅ #$ 1+(&',-⋅&() , #$ 1+

. ∈ 0 #$, #$

&, #$ &', #$ &(

ℎ$

*+&, ℎ$ *+, ℎ$ *+ &',-⋅&(

. ∈ 0 #$

1, #$ 1& ⋅ #$ 1+(&',-⋅&() , #$ 1+

. ∈ 0 ℎ4

*+&, ℎ4 *+, ℎ4 *+ &',-⋅&(

. ∈ 0 #4

1, #4 1& ⋅ #$ 1+(&',-⋅&() , #$ 1+

. ∈ 0 ℎ4

*+, ℎ4 *+56

#4

1+56, #4 1+

entropy expansion lemma

  • 1. 78 + 6 ⋅ 7: ⟼ 56
slide-65
SLIDE 65

≈ ⋅

  • need auxiliary #$-subgroup [LW11, OT12]
  • Lewko-Waters IBE [LW10]

64

%&, %&

(, %& (), %& (*

ℎ&

,-(, ℎ& ,-, ℎ& ,- ()./⋅(*

0 ∈ 2 %&

3, %& 3( ⋅ %& 3-(()./⋅(*) , %& 3-

0 ∈ 2 %&, %&

(, %& (), %& (*

ℎ&

,-(, ℎ& ,-, ℎ& ,- ()./⋅(*

0 ∈ 2 %&

3, %& 3( ⋅ %& 3-(()./⋅(*) , %& 3-

0 ∈ 2 ℎ6

,-(, ℎ6 ,-, ℎ6 ,- ()./⋅(*

0 ∈ 2 %6

3, %6 3( ⋅ %& 3-(()./⋅(*) , %& 3-

0 ∈ 2 ℎ6

,-, ℎ6 ,-78

%6

3-78, %6 3-

entropy expansion lemma

  • 1. 9: + 8 ⋅ 9< ⟼ 78
slide-66
SLIDE 66

≈ ⋅

  • need auxiliary #$-subgroup [LW11, OT12]
  • Lewko-Waters IBE [LW10]

65

%&, %&

(, %& (), %& (*

ℎ&

,-(, ℎ& ,-, ℎ& ,- ()./⋅(*

0 ∈ 2 %&

3, %& 3( ⋅ %& 3-(()./⋅(*) , %& 3-

0 ∈ 2 %&, %&

(, %& (), %& (*

ℎ&

,-(, ℎ& ,-, ℎ& ,- ()./⋅(*

0 ∈ 2 %&

3, %& 3( ⋅ %& 3-(()./⋅(*) , %& 3-

0 ∈ 2 ℎ6

,-(, ℎ6 ,-, ℎ6 ,- ()./⋅(*

0 ∈ 2 %6

3, %6 3( ⋅ %& 3-(()./⋅(*) , %& 3-

0 ∈ 2 ℎ6

,-, ℎ6 ,-78

%6

3-78, %6 3-

entropy expansion lemma

  • 1. 9: + 8 ⋅ 9< ⟼ 78
slide-67
SLIDE 67

≈ ⋅

2. #, %& ↦ ()*, %&)

  • Lewko-Waters IBE [LW10]

66

,-, ,-

., ,- ./, ,- .0

ℎ-

23., ℎ- 23, ℎ- 23 ./4&⋅.0

5 ∈ 7 ,-

8, ,-

  • 8. ⋅ ,-

83(./4&⋅.0) , ,- 83

5 ∈ 7 ,-, ,-

., ,- ./, ,- .0

ℎ-

23., ℎ- 23, ℎ- 23 ./4&⋅.0

5 ∈ 7 ,-

8, ,-

  • 8. ⋅ ,-

83(./4&⋅.0) , ,- 83

5 ∈ 7 ℎ9

23#, ℎ9 23, ℎ9 23 ./4&⋅.0

5 ∈ 7 ,9

8, ,9 8# ⋅ ,- 83(./4&⋅.0) , ,- 83

5 ∈ 7 ℎ9

23, ℎ9 23:*

,9

83:*, ,9 83

entropy expansion lemma

  • need auxiliary ;<-subgroup [LW11, OT12]
  • 1. #= + * ⋅ #? ⟼ :*
slide-68
SLIDE 68

≈ ⋅

  • Lewko-Waters IBE [LW10]

67

2. #, %& ↦ ()*, %&) ,-, ,-

., ,- ./, ,- .0

ℎ-

23., ℎ- 23, ℎ- 23 ./4&⋅.0

5 ∈ 7 ,-

8, ,-

  • 8. ⋅ ,-

83(./4&⋅.0) , ,- 83

5 ∈ 7 ,-, ,-

., ,- ./, ,- .0

ℎ-

23., ℎ- 23, ℎ- 23 ./4&⋅.0

5 ∈ 7 ,-

8, ,-

  • 8. ⋅ ,-

83(./4&⋅.0) , ,- 83

5 ∈ 7 ℎ9

23#, ℎ9 23, ℎ9 23 ./4&⋅.0

5 ∈ 7 ,9

8, ,9 8# ⋅ ,- 83(./4&⋅.0) , ,- 83

5 ∈ 7 ℎ9

23, ℎ9 23:*

,9

83:*, ,9 83

entropy expansion lemma

  • need auxiliary ;<-subgroup [LW11, OT12]
  • 1. #= + * ⋅ #? ⟼ :*
slide-69
SLIDE 69

ℎ"

#$%, ℎ" #$, ℎ" #$ '()*⋅',

  • "

., -" .% ⋅ -/ .$('()*⋅',) , -/ .$

≈ ⋅

  • "

.34

ℎ"

#$34

  • Lewko-Waters IBE [LW10]

68

2. %, 5* ↦ (34, 5*)

  • /, -/

', -/ '(, -/ ',

ℎ/

#$', ℎ/ #$, ℎ/ #$ '()*⋅',

7 ∈ 9

  • /

., -/ .' ⋅ -/ .$('()*⋅',) , -/ .$

7 ∈ 9

  • /, -/

', -/ '(, -/ ',

ℎ/

#$', ℎ/ #$, ℎ/ #$ '()*⋅',

7 ∈ 9

  • /

., -/ .' ⋅ -/ .$('()*⋅',) , -/ .$

7 ∈ 9 7 ∈ 9 7 ∈ 9 ℎ"

#$, ℎ" #$:4

  • "

.$:4, -" .$

entropy expansion lemma

  • need auxiliary ;<-subgroup [LW11, OT12]
  • 1. %= + 4 ⋅ %? ⟼ :4
slide-70
SLIDE 70

ℎ"

#$%, ℎ" #$, ℎ" #$ '()*⋅',

≈ ⋅

LOSTW10: a classical ABE under ./0 = (3", 3"

45, … , 3" 47)

69

39, 39

', 39 '(, 39 ',

ℎ9

#$', ℎ9 #$, ℎ9 #$ '()*⋅',

: ∈ < 39

=, 39 =' ⋅ 39 =$('()*⋅',) , 39 =$

: ∈ < 39, 39

', 39 '(, 39 ',

ℎ9

#$', ℎ9 #$, ℎ9 #$ '()*⋅',

: ∈ < 39

=, 39 =' ⋅ 39 =$('()*⋅',) , 39 =$

: ∈ < 3"

=, 3" =% ⋅ 39 =$('()*⋅',) , 39 =$

3"

=4>

ℎ"

#$4>

: ∈ < : ∈ < ℎ"

#$, ℎ" #$?>

3"

=$?>, 3" =$

entropy expansion lemma

slide-71
SLIDE 71

prime-order scheme

[ CGW15, GDCC16 ]

70

!", !"

$, !" $%, !" $&

ℎ"

()$, ℎ" (), ℎ" () $%*+⋅$&

  • ∈ /

!"

0, !" 0$ ⋅ !" 0)($%*+⋅$&) , !" 0)

  • ∈ /
slide-72
SLIDE 72

prime-order scheme

!"

# [ CGW15, GDCC16 ]

$" $"

%

&#

71

$", $"

(, $" (), $" (*

ℎ"

,-(, ℎ" ,-, ℎ" ,- ()./⋅(*

1 ∈ 3 $"

%, $" %( ⋅ $" %-(()./⋅(*) , $" %-

1 ∈ 3

6-Lin

slide-73
SLIDE 73

prime-order scheme

!

[ CGW15, GDCC16 ]

"#

$%

"#

%

72

"#, "#

%, "# %', "# %(

ℎ#

*+%, ℎ# *+, ℎ# *+ %',-⋅%(

/ ∈ 1 "#

$, "# $% ⋅ "# $+(%',-⋅%() , "# $+

/ ∈ 1 4#

5

65

slide-74
SLIDE 74

prime-order scheme

! " #

[ CGW15, GDCC16 ]

ℎ% ℎ%

&

ℎ%

&'

73

(%, (%

', (% '*, (% '+

ℎ%

&,', ℎ% &,, ℎ% &, '*-.⋅'+

0 ∈ 2 (%

3, (% 3' ⋅ (% 3,('*-.⋅'+) , (% 3,

0 ∈ 2

slide-75
SLIDE 75

prime-order scheme

! "

[ CGW15, GDCC16 ]

dimension of W

74

$%, $%

', $% '(, $% ')

ℎ%

+,', ℎ% +,, ℎ% +, '(-.⋅')

0 ∈ 2 $%

3, $% 3' ⋅ $% 3,('(-.⋅')) , $% 3,

0 ∈ 2 6%

7

slide-76
SLIDE 76

prime-order scheme

!

[ CGW15, GDCC16 ]

"#

$

"%

$

LOSTW10 auxiliary

dimension of W height: 3( ↦ 2( + 1 GDCC16

  • urs

entropy expansion lemma

75

  • ., -.

0, -. 01, -. 02

ℎ.

450, ℎ. 45, ℎ. 45 0167⋅02

9 ∈ ;

  • .

<, -. <0 ⋅ -. <5(0167⋅02) , -. <5

9 ∈ ; ".

$

slide-77
SLIDE 77

prime-order scheme

! "

[ CGW15, GDCC16 ]

#$

%

dimension of W width: ' ↦ ' + 1

+

height: 3' ↦ 2' + 1 GDCC16

  • urs

LOSTW10

analyze LOSTW10

76

./, ./

1, ./ 12, ./ 13

ℎ/

561, ℎ/ 56, ℎ/ 56 1278⋅13

: ∈ < ./

=, ./ =1 ⋅ ./ =6(1278⋅13) , ./ =6

: ∈ <

slide-78
SLIDE 78

summary

77

slide-79
SLIDE 79

summary

78

entropy expansion lemma bounded ABE unbounded ABE compiler

scheme proof

slide-80
SLIDE 80

summary

79

? more applications of entropy expansion technique? ? entropy expansion lemma from lattices?

  • pen problems

entropy expansion lemma bounded ABE unbounded ABE compiler

scheme proof

slide-81
SLIDE 81

summary

80

? more applications of entropy expansion technique? ? entropy expansion lemma from lattices? Thank You • Very Much !

  • pen problems

entropy expansion lemma bounded ABE unbounded ABE compiler

scheme proof