Deniable encryption (Canetti et al. CRYPTO '97) is an intriguing primitive that provides a security guarantee against not only eavesdropping attacks as required by semantic security, but also stronger coercion attacks performed after the fact. The concept of deniability has later demonstrated useful and powerful in many other contexts, such as leakage resilience, adaptive security of protocols, and security against selective opening attacks. Despite its conceptual usefulness, our understanding of how to construct deniable primitives under standard assumptions is restricted. In particular from standard lattice assumptions, i.e. Learning with Errors (LWE), we have only flexibly and non-negligible advantage deniable public-key encryption schemes, whereas with the much stronger assumption of indistinguishable obfuscation, we can obtain at least fully sender-deniable PKE and computation. How to achieve deniability for other more advanced encryption schemes under standard assumptions remains an interesting open question. In this work, we construct a flexibly bi-deniable Attribute-Based Encryption (ABE) scheme for all polynomial-size Branching Programs from LWE. Our techniques involve new ways of manipulating Gaussian noise that may be of independent interest, and lead to a significantly sharper analysis of noise growth in Dual Regev type encryption schemes. We hope these ideas give insight into achieving deniability and related properties for further, advanced cryptographic systems from lattice assumptions.
展开▼
机译:可否认的加密(Canetti et al。CRYPTO '97)是一个有趣的原语,它提供了安全保证,不仅可以防止语义安全所要求的窃听攻击,而且还可以防止在此之后进行的更强大的强制攻击。可否认性的概念后来在许多其他情况下被证明是有用且强大的,例如泄漏弹性,协议的自适应安全性以及针对选择性开放攻击的安全性。尽管它在概念上有用,但是我们对如何在标准假设下构造可定义基元的理解受到限制。特别是从标准的格点假设(即“错误学习”(LWE))中,我们只有灵活且不可忽略的优势可否认的公钥加密方案,而在难以区分的混淆性更强的假设下,我们至少可以获得完全可否认发送者的信息。 PKE和计算。在标准假设下如何实现其他更高级加密方案的可否认性仍然是一个有趣的开放问题。在这项工作中,我们为LWE的所有多项式大小的分支程序构造了一个灵活的双可否认的基于属性的加密(ABE)方案。我们的技术涉及可能独立关注的操纵高斯噪声的新方法,并导致在Dual Regev类型加密方案中对噪声增长的分析更加清晰。我们希望这些想法能为基于格假设的进一步高级加密系统实现可否认性和相关属性提供见识。
展开▼
