Attribute-Based Encryption for Circuits from Multilinear Maps

Authors

Sanjam Garg and Craig Gentry and Shai Halevi and Amit Sahai and Brent Waters

Abstract

In this work, we provide the first construction of Attribute-Based Encryption (ABE) for general circuits. Our construction is based on the existence of multilinear maps. We prove selective security of our scheme in the standard model under the natural multilinear generalization of the BDDH assumption. Our scheme achieves both Key-Policy and Ciphertext-Policy variants of ABE. Our scheme and its proof of security directly translate to the recent multilinear map framework of Garg, Gentry, and Halevi. This paper subsumes the manuscript of Sahai and Waters [SW12].

Usage


1    package it.unisa.dia.gas.crypto.jpbc.fe.abe.gghsw13;
2    
3    import it.unisa.dia.gas.crypto.circuit.Circuit;
4    import it.unisa.dia.gas.crypto.circuit.DefaultCircuit;
5    import it.unisa.dia.gas.crypto.jpbc.fe.abe.gghsw13.engines.GGHSW13KEMEngine;
6    import it.unisa.dia.gas.crypto.jpbc.fe.abe.gghsw13.generators.GGHSW13KeyPairGenerator;
7    import it.unisa.dia.gas.crypto.jpbc.fe.abe.gghsw13.generators.GGHSW13ParametersGenerator;
8    import it.unisa.dia.gas.crypto.jpbc.fe.abe.gghsw13.generators.GGHSW13SecretKeyGenerator;
9    import it.unisa.dia.gas.crypto.jpbc.fe.abe.gghsw13.params.*;
10   import it.unisa.dia.gas.crypto.kem.KeyEncapsulationMechanism;
11   import it.unisa.dia.gas.plaf.jpbc.pairing.PairingFactory;
12   import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
13   import org.bouncycastle.crypto.CipherParameters;
14   import org.bouncycastle.crypto.InvalidCipherTextException;
15   
16   import java.security.SecureRandom;
17   import java.util.Arrays;
18   
19   import static it.unisa.dia.gas.crypto.circuit.Circuit.Gate.Type.*;
20   import static it.unisa.dia.gas.crypto.circuit.DefaultCircuit.DefaultGate;
21   import static org.junit.Assert.*;
22   
23   /**
24    * @author Angelo De Caro (jpbclib@gmail.com)
25    */
26   public class GGHSW13KEM {
27   
28       public GGHSW13KEM() {
29       }
30   
31   
32       public AsymmetricCipherKeyPair setup(int n) {
33           GGHSW13KeyPairGenerator setup = new GGHSW13KeyPairGenerator();
34           setup.init(new GGHSW13KeyPairGenerationParameters(
35                   new SecureRandom(),
36                   new GGHSW13ParametersGenerator().init(
37                           PairingFactory.getPairing("params/mm/ctl13/toy.properties"),
38                           n).generateParameters()
39           ));
40   
41           return setup.generateKeyPair();
42       }
43   
44       public byte[][] encaps(CipherParameters publicKey, String w) {
45           try {
46               KeyEncapsulationMechanism kem = new GGHSW13KEMEngine();
47               kem.init(true, new GGHSW13EncryptionParameters((GGHSW13PublicKeyParameters) publicKey, w));
48   
49               byte[] ciphertext = kem.process();
50   
51               assertNotNull(ciphertext);
52               assertNotSame(0, ciphertext.length);
53   
54               byte[] key = Arrays.copyOfRange(ciphertext, 0, kem.getKeyBlockSize());
55               byte[] ct = Arrays.copyOfRange(ciphertext, kem.getKeyBlockSize(), ciphertext.length);
56   
57               return new byte[][]{key, ct};
58           } catch (InvalidCipherTextException e) {
59               e.printStackTrace();
60               fail(e.getMessage());
61           }
62           return null;
63       }
64   
65       public CipherParameters keyGen(CipherParameters publicKey, CipherParameters masterSecretKey, Circuit circuit) {
66           GGHSW13SecretKeyGenerator keyGen = new GGHSW13SecretKeyGenerator();
67           keyGen.init(new GGHSW13SecretKeyGenerationParameters(
68                   (GGHSW13PublicKeyParameters) publicKey,
69                   (GGHSW13MasterSecretKeyParameters) masterSecretKey,
70                   circuit
71           ));
72   
73           return keyGen.generateKey();
74       }
75   
76       public byte[] decaps(CipherParameters secretKey, byte[] ciphertext) {
77           try {
78               KeyEncapsulationMechanism kem = new GGHSW13KEMEngine();
79   
80               kem.init(false, secretKey);
81               byte[] key = kem.processBlock(ciphertext);
82   
83               assertNotNull(key);
84               assertNotSame(0, key.length);
85   
86               return key;
87           } catch (InvalidCipherTextException e) {
88               e.printStackTrace();
89               fail(e.getMessage());
90           }
91   
92           return null;
93       }
94   
95   
96       public static void main(String[] args) {
97           int n = 4;
98           int q = 3;
99           Circuit circuit = new DefaultCircuit(n, q, 3, new DefaultGate[]{
100                  new DefaultGate(INPUT, 0, 1),
101                  new DefaultGate(INPUT, 1, 1),
102                  new DefaultGate(INPUT, 2, 1),
103                  new DefaultGate(INPUT, 3, 1),
104  
105                  new DefaultGate(AND, 4, 2, new int[]{0, 1}),
106                  new DefaultGate(OR, 5, 2, new int[]{2, 3}),
107  
108                  new DefaultGate(AND, 6, 3, new int[]{4, 5}),
109          });
110  
111          GGHSW13KEM kem = new GGHSW13KEM();
112  
113          // Setup
114          AsymmetricCipherKeyPair keyPair = kem.setup(n);
115  
116          // Keygen
117          CipherParameters secretKey = kem.keyGen(keyPair.getPublic(), keyPair.getPrivate(), circuit);
118  
119          // Encaps/Decaps for satisfying assignment
120          String assignment = "1101";
121          byte[][] ct = kem.encaps(keyPair.getPublic(), assignment);
122          assertEquals(true, Arrays.equals(ct[0], kem.decaps(secretKey, ct[1])));
123  
124          // Encaps/Decaps for not-satisfying assignment
125          assignment = "1001";
126          ct = kem.encaps(keyPair.getPublic(), assignment);
127          assertEquals(false, Arrays.equals(ct[0], kem.decaps(secretKey, ct[1])));
128      }
129  
130  }