Offline witness encryption

Abusalah, Hamza and Fuchsbauer, Georg and Pietrzak, Krzysztof (2016) Offline witness encryption. In: ACNS: Applied Cryptography and Network Security, June 19 - 22, 2016, Guildford, United Kingdom.

[img] Text
838.pdf - Submitted Version
Available under License Creative Commons Attribution.
Download (502Kb)
Official URL:


Witness encryption (WE) was introduced by Garg et al. [GGSW13]. A WE scheme is defined for some NP language L and lets a sender encrypt messages relative to instances x. A ciphertext for x can be decrypted using w witnessing x ∈ L, but hides the message if x ∈ L. Garg et al. construct WE from multilinear maps and give another construction [GGH+13b] using indistinguishability obfuscation (iO) for circuits. Due to the reliance on such heavy tools, WE can cur- rently hardly be implemented on powerful hardware and will unlikely be realizable on constrained devices like smart cards any time soon. We construct a WE scheme where encryption is done by simply computing a Naor-Yung ciphertext (two CPA encryptions and a NIZK proof). To achieve this, our scheme has a setup phase, which outputs public parameters containing an obfuscated circuit (only required for decryption), two encryption keys and a common reference string (used for encryption). This setup need only be run once, and the parame- ters can be used for arbitrary many encryptions. Our scheme can also be turned into a functional WE scheme, where a message is encrypted w.r.t. a statement and a function f, and decryption with a witness w yields f (m, w). Our construction is inspired by the functional encryption scheme by Garg et al. and we prove (selective) security assuming iO and statistically simulation-sound NIZK. We give a construction of the latter in bilinear groups and combining it with ElGamal encryption, our ciphertexts are of size 1.3 kB at a 128-bit security level and can be computed on a smart card.

Item Type: Conference or Workshop Item (Paper)
Uncontrolled Keywords: Groth-Sahai proofs, Indistinguishability obfuscation, NIZK, Witness encryption
Subjects: 000 Computer science, knowledge & general works > 000 Computer science, knowledge & systems > 005 Computer programming, programs & data
600 Technology > 600 Technology
Research Group: Pietrzak Group
SWORD Depositor: Sword Import User
Depositing User: Sword Import User
Date Deposited: 23 Feb 2017 06:43
Last Modified: 30 Aug 2017 14:26

Actions (login required)

View Item View Item