research-article

Witness encryption and its applications

Authors:

Brent WatersAuthors Info & Claims

STOC '13: Proceedings of the forty-fifth annual ACM symposium on Theory of Computing

Pages 467 - 476

https://doi.org/10.1145/2488608.2488667

Published: 01 June 2013 Publication History

Abstract

We put forth the concept of witness encryption. A witness encryption scheme is defined for an NP language L (with corresponding witness relation R). In such a scheme, a user can encrypt a message M to a particular problem instance x to produce a ciphertext. A recipient of a ciphertext is able to decrypt the message if x is in the language and the recipient knows a witness w where R(x,w) holds. However, if x is not in the language, then no polynomial-time attacker can distinguish between encryptions of any two equal length messages. We emphasize that the encrypter himself may have no idea whether $x$ is actually in the language. Our contributions in this paper are threefold. First, we introduce and formally define witness encryption. Second, we show how to build several cryptographic primitives from witness encryption. Finally, we give a candidate construction based on the NP-complete Exact Cover problem and Garg, Gentry, and Halevi's recent construction of "approximate" multilinear maps.

Our method for witness encryption also yields the first candidate construction for an open problem posed by Rudich in 1989: constructing computational secret sharing schemes for an NP-complete access structure.

References

[1]

S. Agrawal, D. Boneh, and X. Boyen. Efficient lattice (h)ibe in the standard model. In EUROCRYPT, pages 553--572, 2010.

Digital Library

[2]

W. Aiello, Y. Ishai, and O. Reingold. Priced oblivious transfer: How to sell digital goods. In EUROCRYPT, pages 119--135, 2001.

Digital Library

[3]

A. Beimel. Secret-sharing schemes: A survey. In IWCC, pages 11--46, 2011.

Digital Library

[4]

D. Boneh and M. K. Franklin. Identity-based encryption from the weil pairing. SIAM J. Comput., 32(3):586--615, 2003. extended abstract in Crypto 2001.

Digital Library

[5]

D. Boneh and A. Silverberg. Applications of multilinear forms to cryptography. Contemporary Mathematics, 324:71--90, 2003.

[6]

D. Cash, D. Hofheinz, E. Kiltz, and C. Peikert. Bonsai trees, or how to delegate a lattice basis. In EUROCRYPT, pages 523--552, 2010.

Digital Library

[7]

A. Chailloux, D. F. Ciocan, I. Kerenidis, and S. P. Vadhan. Interactive and noninteractive zero knowledge are equivalent in the help model. In TCC, pages 501--534, 2008.

Digital Library

[8]

C. Cocks. An identity based encryption scheme based on quadratic residues. In IMA Int. Conf., pages 360--363, 2001.

Digital Library

[9]

R. Cramer and V. Shoup. Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In EUROCRYPT, pages 45--64, 2002.

Digital Library

[10]

W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644--654, 1976.

Digital Library

[11]

S. Garg, C. Gentry, and S. Halevi. Candidate multilinear maps from ideal lattices and applications. Cryptology ePrint Archive, Report 2012/610, 2012. http://eprint.iacr.org/.

[12]

S. Garg, C. Gentry, S. Halevi, A. Sahai, and B. Waters. Attribute-based encryption for circuits from multilinear maps. Cryptology ePrint Archive, Report 2013/128, 2013. http://eprint.iacr.org/.

[13]

S. Garg, R. Ostrovsky, I. Visconti, and A. Wadia. Resettable statistical zero knowledge. In TCC, pages 494--511, 2012.

Digital Library

[14]

O. Goldreich. Computational Complexity: A Conceptual Perspective. Cambridge University Press, New York, NY, USA, 1 edition, 2008.

Digital Library

[15]

O. Goldreich and L. A. Levin. A hard-core predicate for all one-way functions. In STOC, pages 25--32, 1989.

Digital Library

[16]

O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game or a completeness theorem for protocols with honest majority. In STOC, pages 218--229, 1987.

Digital Library

[17]

S. Goldwasser and S. Micali. Probabilistic encryption. Jour. of Computer and System Science, 28(2):270--299, 1984.

[18]

S. Goldwasser and R. Ostrovsky. Invariant signatures and non-interactive zero-knowledge proofs are equivalent (extended abstract). In CRYPTO, pages 228--245, 1992.

Digital Library

[19]

S. Gorbunov, V. Vaikuntanathan, and H. Wee. Predicate encryption for circuits. In STOC, 2013.

Digital Library

[20]

J. Groth, R. Ostrovsky, and A. Sahai. Perfect non-interactive zero knowledge for np. In Proceedings of Eurocrypt 2006, volume 4004 of LNCS, pages 339--358. Springer, 2006.

Digital Library

[21]

S. Hada and T. Tanaka. On the existence of 3-round zero-knowledge protocols. In CRYPTO, pages 408--423, 1998.

Digital Library

[22]

J. Håstad, R. Impagliazzo, L. A. Levin, and M. Luby. A pseudorandom generator from any one-way function. SIAM J. Comput., 28(4):1364--1396, 1999.

Digital Library

[23]

J. Hoffstein, J. Pipher, and J. H. Silverman. Ntru: A ring-based public key cryptosystem. In ANTS, pages 267--288, 1998.

Digital Library

[24]

R. Impagliazzo and S. Rudich. Limits on the provable consequences of one-way permutations. In STOC, pages 44--61, 1989.

Digital Library

[25]

C. M. Institute. Millennium prize problems. http://www.claymath.org/millennium/.

[26]

T. Itoh, Y. Ohta, and H. Shizuya. A language-dependent cryptographic primitive. J. Cryptology, 10(1):37--50, 1997.

Digital Library

[27]

T. Itoh and K. Sakurai. On the complexity of constant round zkip of possession of knowledge. In ASIACRYPT, pages 331--345, 1991.

Digital Library

[28]

B. M. Kapron, L. Malka, and S. Venkatesh. A characterization of non-interactive instance-dependent commitment-schemes (nic). In ICALP, pages 328--339, 2007.

Digital Library

[29]

R. M. Karp. Reducibility among combinatorial problems. In Complexity of Computer Computations, pages 85--103, 1972.

[30]

S. J. Ong and S. P. Vadhan. An equivalence between zero knowledge and commitments. In TCC, pages 482--500, 2008.

Digital Library

[31]

S. Rudich. Unpublished, 1989.

[32]

A. Sahai and B. Waters. Fuzzy identity-based encryption. In EUROCRYPT, pages 457--473, 2005.

Digital Library

[33]

A. Shamir. Identity-based cryptosystems and signature schemes. In CRYPTO, pages 47--53, 1984.

Digital Library

[34]

M. Tompa and H. Woll. Random self-reducibility and zero knowledge interactive proofs of possession of information. In FOCS, pages 472--482, 1987.

Digital Library

[35]

B. Waters. Efficient identity-based encryption without random oracles. In EUROCRYPT, pages 114--127, 2005.

Digital Library

[36]

E. P. Website. Eternity puzzle. http://www.eternity-puzzle.com/.

[37]

A. C.-C. Yao. How to generate and exchange secrets (extended abstract). In FOCS, pages 162--167, 1986.

Digital Library

Cited By

Campanelli MGanesh CGennaro R(2024)How to Make Rational Arguments Practical and ExtractableIACR Communications in Cryptology10.62056/a63zl86bmOnline publication date: 9-Apr-2024
https://doi.org/10.62056/a63zl86bm
Luo J(2024)Ad Hoc Broadcast, Trace, and RevokeIACR Communications in Cryptology10.62056/a39qxrxqiOnline publication date: 8-Jul-2024
https://doi.org/10.62056/a39qxrxqi
Zhang HHuang TZhang FWei BDu Y(2024)Self-Bilinear Map from One Way Encoding System and i𝒪Information10.3390/info1501005415:1(54)Online publication date: 17-Jan-2024
https://doi.org/10.3390/info15010054
Show More Cited By

Index Terms

Witness encryption and its applications
1. Theory of computation

Recommendations

New Constructions of Revocable Identity-Based Encryption From Multilinear Maps
A revocable identity-based encryption (RIBE) provides an efficient revocation method in IBE that a trusted authority periodically broadcasts an update key for nonrevoked users and a user can decrypt a ciphertext if he is not revoked in the update key. ...
A Verifiable Multi-recipient Encryption Scheme from Multilinear Maps
3PGCIC '14: Proceedings of the 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing

Multi-recipient encryption is an important public key cryptosystem, which can be applied for a variety of purposes, such as broadcasting data. In order to design an secure multi-recipient public key encryption (MRPKE) in post-quantum era, in this paper, ...
Efficient revocable identity-based encryption from multilinear maps

In Identity-Based Encryption IBE systems, there is a widespread concern over the issue on how to provide an efficient revocation mechanism. We develop a new approach in constructing an efficient revocable IBE scheme. Our approach utilizes recent ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

STOC '13: Proceedings of the forty-fifth annual ACM symposium on Theory of Computing

June 2013

998 pages

ISBN:9781450320290

DOI:10.1145/2488608

General Chairs:
Dan Boneh
Stanford University, USA
,
Tim Roughgarden
Stanford University, USA
,
Program Chair:
Joan Feigenbaum
Yale University, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGACT: ACM Special Interest Group on Algorithms and Computation Theory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 June 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tag

multilinear maps

Qualifiers

Research-article

Conference

STOC'13

Sponsor:

SIGACT

STOC'13: Symposium on Theory of Computing

June 1 - 4, 2013

California, Palo Alto, USA

Acceptance Rates

STOC '13 Paper Acceptance Rate 100 of 360 submissions, 28%;

Overall Acceptance Rate 1,469 of 4,586 submissions, 32%

Upcoming Conference

STOC '25

Sponsor:
sigact

57th Annual ACM Symposium on Theory of Computing (STOC 2025)

June 23 - 27, 2025

Prague , Czech Republic

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

207
Total Citations
View Citations
946
Total Downloads

Downloads (Last 12 months)109
Downloads (Last 6 weeks)14

Reflects downloads up to 12 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Campanelli MGanesh CGennaro R(2024)How to Make Rational Arguments Practical and ExtractableIACR Communications in Cryptology10.62056/a63zl86bmOnline publication date: 9-Apr-2024
https://doi.org/10.62056/a63zl86bm
Luo J(2024)Ad Hoc Broadcast, Trace, and RevokeIACR Communications in Cryptology10.62056/a39qxrxqiOnline publication date: 8-Jul-2024
https://doi.org/10.62056/a39qxrxqi
Zhang HHuang TZhang FWei BDu Y(2024)Self-Bilinear Map from One Way Encoding System and i𝒪Information10.3390/info1501005415:1(54)Online publication date: 17-Jan-2024
https://doi.org/10.3390/info15010054
Wadhwa SZanolini LAsgaonkar AD'Amato FFang CZhang FNayak KLuo BLiao XXu JKirda ELie D(2024)Data Independent Order Policy Enforcement: Limitations and SolutionsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670367(378-392)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670367
Bartusek JBrakerski ZVaikuntanathan VMohar BShinkar IO'Donnell R(2024)Quantum State Obfuscation from Classical OraclesProceedings of the 56th Annual ACM Symposium on Theory of Computing10.1145/3618260.3649673(1009-1017)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3618260.3649673
Chen YLi JMohar BShinkar IO'Donnell R(2024)Hardness of Range Avoidance and Remote Point for Restricted Circuits via CryptographyProceedings of the 56th Annual ACM Symposium on Theory of Computing10.1145/3618260.3649602(620-629)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3618260.3649602
Wang SYang MCao JLing ZTang QFu X(2024)CORE: Transaction Commit-Controlled Release of Private Data Over Blockchains2024 IEEE 44th International Conference on Distributed Computing Systems (ICDCS)10.1109/ICDCS60910.2024.00038(322-332)Online publication date: 23-Jul-2024
https://doi.org/10.1109/ICDCS60910.2024.00038
Hosoyamada AYamakawa T(2024)Finding Collisions in a Quantum World: Quantum Black-Box Separation of Collision-Resistance and One-WaynessJournal of Cryptology10.1007/s00145-024-09517-237:4Online publication date: 20-Aug-2024
https://doi.org/10.1007/s00145-024-09517-2
Francati DFriolo DMalavolta GVenturi D(2024)Multi-key and Multi-input Predicate Encryption (for Conjunctions) from Learning with ErrorsJournal of Cryptology10.1007/s00145-024-09504-737:3Online publication date: 14-May-2024
https://doi.org/10.1007/s00145-024-09504-7
Zhan HBai DWang YZhang M(2024)Efficient Non-interactive Zero-Knowledge Proof for Graph 3-Coloring ProblemFrontiers in Cyber Security10.1007/978-981-99-9331-4_25(370-386)Online publication date: 4-Jan-2024
https://doi.org/10.1007/978-981-99-9331-4_25
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents