Ciphertext-Updatable Attribute-Based and Predicate Encryption from Lattices

Abstract

We present a novel variant of attribute-based encryption (ABE) and predicate encryption (PE) which supports ciphertext updates, called ciphertext-updatable ABE (CU-ABE) and PE (CU-PE). Such a feature enhances the usability of the fine-grained encryption paradigm by allowing controlled updates to the ciphertexts. Updating ciphertexts is carried out via update tokens, which can only be generated by the master secret key holder, yet any party with access to the token can convert the ciphertexts.

Apart from defining these new primitives and establishing their security in the indistinguishability-based setting, we provide various constructions with different trade-offs. Concretely, we provide a generic transformation from plain ABE to unidirectional and single-hop CU-ABE using only (inner-product) functional encryption (IPFE), which can be instantiated from plain LWE. Then, we show how to combine this CU-ABE with lockable obfuscation to obtain unidirectional and single-hop CU-PE from LWE. These constructions support bounded number of update tokens.

While unidirectional and single-hop updates with bounded number of tokens are sufficient for practical applications, we show that we can extend our results to multi-hop and unbounded token setting by constructing both key-policy and ciphertext-policy CU-ABE schemes for all bounded-depth circuits. Proving security of these multi-hop constructions turned out to be non-trivial, which required us to develop novel techniques and rely on public-coin evasive LWE assumption.