Internet Archive Scholar

Cryptanalysis of Boyen's Attribute-Based Encryption Scheme in TCC 2013 [article]

Shweta Agrawal, Rajarshi Biswas, Ryo Nishimaki, Keita Xagawa, Xiang Xie, Shota Yamada
2021 IACR Cryptology ePrint Archive  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (557.9 kB)
https://web.archive.org/web/20220120161422/https://eprint.iacr.org/2021/505.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL. The file type is application/pdf.

In TCC 2013, Boyen suggested the first lattice based construction of attribute based encryption (ABE) for the circuit class NC1. Unfortunately, soon after, a flaw was found in the security proof of the scheme. However, it remained unclear whether the scheme is actually insecure, and if so, whether it can be repaired. Meanwhile, the construction has been heavily cited and continues to be extensively studied due to its technical novelty. In particular, this is the first lattice based ABE which
more » ... s linear secret sharing schemes (LSSS) as a crucial tool to enforce access control. In this work, we show that the scheme is in fact insecure. To do so, we provide a polynomial-time attack that completely breaks the security of the scheme. We suggest a route to fix the security of the scheme, via the notion of admissible linear secret sharing schemes (LSSS) and instantiate these for the class of DNFs. Subsequent to our work, Datta, Komargodski and Waters (Eurocrypt 2021) provided a construction of admissible LSSS for NC1 and resurrected Boyen's claimed result.
dblp:journals/iacr/AgrawalBNXXY21 fatcat:3az4bkkbpzcshjlehxaanfwnfm
Citation

Shweta Agrawal, Rajarshi Biswas, Ryo Nishimaki, Keita Xagawa, Xiang Xie, Shota Yamada. "Cryptanalysis of Boyen's Attribute-Based Encryption Scheme in TCC 2013." IACR Cryptology ePrint Archive (2021) 505