Improved (hierarchical) inner-product encryption from lattices

Abstract

Inner-product encryption (IPE) provides fine-grained access control and has attractive applications. Agrawal, Freeman, and Vaikuntanathan (Asiacrypt 2011) proposed the first IPE scheme from lattices by twisting the identity-based encryption (IBE) scheme by Agrawal, Boneh, and Boyen (Eurocrypt 2010). Their IPE scheme supports inner-product predicates over R μ , where the ring is R = ℤq. Several applications require the ring R to be exponentially large and, thus, they set q = 2 O(n) to implement such applications. This choice results in the AFV IPE scheme with public parameters of size O(μn2 lg3 q) = O(μn5) and ciphertexts of size O(μn lg3 q) = O(μn4), where n is the security parameter. Hence, this makes the scheme impractical, as they noted. We address this efficiency issue by "untwisting" their twist and providing another twist. Our scheme supports inner-product predicates over Rμ where R = GF(qn ) instead of ℤ q. Our scheme has public parameters of size O(μn2 lg2 q) and ciphertexts of size O(μn lg2 q). Since the cardinality of GF(q n ) is inherently exponential in n, we have no need to set q as the exponential size for applications. As side contributions, we extend our IPE scheme to a hierarchical IPE (HIPE) scheme and propose a fuzzy IBE scheme from IPE. Our HIPE scheme is more efficient than that developed by Abdalla, De Caro, and Mochetti (Latincrypt 2012). Our fuzzy IBE is secure under a much weaker assumption than that employed by Agrawal et al. (PKC 2012), who constructed the first lattice-based fuzzy IBE scheme. © 2013 International Association for Cryptologic Research.