Lattice-based dual receiver encryption and more

Abstract

Dual receiver encryption (DRE), proposed by Diament et al. at ACM CCS 2004, is a special extension notion of public-key encryption, which enables two independent receivers to decrypt a ciphertext into a same plaintext. This primitive is quite useful in designing combined public key cryptosystems and denial of service attack-resilient protocols. Up till now, a series of DRE schemes are constructed with bilinear pairing groups. In this work, we introduce the first construction of lattice-based DRE. Our scheme is secure against chosen-ciphertext attacks from the standard Learning with Errors (LWE) assumption with a public key of bit-size about 2nm log q, where m and q are small polynomials in n. Additionally, for the DRE notion in the identity-based setting, identity-based DRE (ID-DRE), we also give a lattice-based ID-DRE scheme that achieves chosen-plaintext and adaptively chosen identity security based on the LWE assumption with public parameter size about (2ℓ + 1)nm log q, where ℓ is the bit-size of the identity in the scheme.