Attribute-Based Encryption for Circuits from Multilinear Maps

Abstract: In this work, we provide the first construction of Attribute-Based Encryption (ABE) for general circuits. Our construction is based on the existence of multilinear maps. We prove selective security of our scheme in the standard model under the natural multilinear generalization of the BDDH assumption. Our scheme achieves both Key-Policy and Ciphertext-Policy variants of ABE.

• The paper introduces an ABE scheme leveraging multilinear maps to support circuits with arbitrary fan-out and depth.
• It employs a 'move forward and shift' technique to assign unique random elements per circuit wire, mitigating backtracking attacks.
• The approach expands the applicability of ABE in secure access control, paving the way for advancements in cloud computing and cryptographic research.

Attribute-Based Encryption for Circuits from Multilinear Maps

The paper by Amit Sahai and Brent Waters presents a novel approach to Attribute-Based Encryption (ABE) for general circuits, leveraging the existence of multilinear maps as the foundational cryptographic primitive. This work significantly extends the class of functions that ABE systems can support, addressing a long-standing challenge in the field.

Overview

The fundamental motivation behind ABE is to provide a more flexible encryption paradigm where access to encrypted data is determined by attributes rather than specific user identities. Two main variants exist: Key-Policy ABE (KP-ABE) and Ciphertext-Policy ABE (CP-ABE). In KP-ABE, a user's ability to decrypt is determined by a secret key tied to a specific policy expressed as a boolean function over attributes. CP-ABE, in contrast, associates policies directly with the ciphertexts, and decryption is possible with a key that matches the attribute set.

Previous constructions of ABE systems were limited in the complexity of the policies (functions) they could support, typically confined to the NC¹ class, which encompasses polynomial-size boolean formulas. Achieving ABE for general circuits, which have arbitrary fan-out and depth, remained an elusive goal primarily due to difficulties like backtracking attacks, inherent to previous constructions.

Main Contributions

1. Construction using Multilinear Maps: Sahai and Waters introduce a method to construct ABE systems for circuits of arbitrary fan-out and depth using multilinear maps. This approach overcomes the limitations of bilinear maps, which were inadequate for supporting such generality due to their vulnerability to backtracking attacks.
2. Security Model and Assumptions: The security of their ABE scheme is demonstrated under a generalized Decision Bilinear Diffie-Hellman (DBDH) assumption pertinent to multilinear maps, specifically the Decision k-Multilinear assumption. This assumption proposes that distinguishing a specific group element product from a random one within a k-multilinear map setting is computationally hard.
3. Scheme Construction: The authors detail the construction of the ABE system within a key-policy variant framework. By assuming access to a multilinear map generator, the construction can handle general circuits benignly reduced to monotone circuits using De Morgan's laws. The system functions by associating unique random elements with each circuit wire, preventing unauthorized decryption attempts that exploit backtracking.
4. Technical Insights: The paper elaborates on "move forward and shift" techniques in decryption. This method effectively prevents backward information flow that prior schemes could not sufficiently safeguard against. This new mechanism does not rely on linear secret-sharing schemes, marking a departure from typical previous methodologies.

Implications and Future Work

This paper considerably broadens the applicability of ABE by enabling encryption systems to support complex access control policies, which can be beneficial in various domains such as cloud computing and secure multi-party computations. The move to multilinear maps, pioneered by Garg, Gentry, and Halevi, heralds a promising shift and opens avenues for further exploration in ABE and related cryptographic areas.

As multilinear map constructions mature, it is expected that their cryptanalysis will evolve, potentially leading to more robust implementations and applications. Beyond theoretical advancements, practical considerations such as efficiency and deployment readiness of multilinear maps remain pivotal areas for future inquiry. Further exploration of cryptographic assumptions underpinning multilinear maps could refine the security and applicability of these novel tools across broader real-world scenarios.

In summary, this paper takes a significant step towards realizing more versatile and functionally rich encryption paradigms, setting a path for future cryptographic innovations in attribute-based systems and beyond.