Fully Secure Hidden Vector Encryption

  • Angelo De Caro
  • Vincenzo Iovino
  • Giuseppe Persiano
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7708)


Predicate encryption is an important cryptographic primitive (see [3,5,9,11]) that enables fine-grained control on the decryption keys. Roughly speaking, in a predicate encryption scheme the owner of the master secret key Msk can derive secret key Sk P , for any predicate P from a specified class of predicates ℙ. In encrypting a message M, the sender can specify an attribute vector \({\ensuremath{\vec x}}\) and the resulting ciphertext \(\tilde X\) can be decrypted only by using keys Sk P such that \(P({\ensuremath{\vec x}})=1\). Security is modeled by means of a game between a challenger \(\mathcal{C}\) and a PPT adversary \(\mathcal{A}\) that sees the public key, is allowed to ask for keys of predicates P of his choice and gives two challenge vectors \({\ensuremath{\vec x}}_0\) and \({\ensuremath{\vec x}}_1\). \(\mathcal{A}\) then receives a challenge ciphertext (an encryption of a randomly chosen challenge vector) and has to guess which of the two challenge vectors has been encrypted. The adversary \(\mathcal{A}\) is allowed to ask queries even after seeing the challenge ciphertext. In the unrestricted queries model, it is required the adversary \(\mathcal{A}\) to ask for keys of predicates P that do not discriminate the two challenge vectors; that is, for which \(P({\ensuremath{\vec x}}_0)=P({\ensuremath{\vec x}}_1)\). It can be readily seen that this condition is necessary. In this paper, we consider hidden vector encryption (HVE in short), a notable case of predicate encryption introduced by Boneh and Waters [5] and further developed in [16,10,15]. In a HVE scheme, the ciphertext attributes are vectors \({\ensuremath{\vec x}}=\langle x_1,\ldots,x_\ell\rangle\) of length ℓ over alphabet Σ, keys are associated with vectors \({\ensuremath{\vec y}}=\langle y_1,\ldots,y_\ell\rangle\) of length ℓ over alphabet Σ ∪ { ⋆ } and we consider the \({\sf Match}({\ensuremath{\vec x}},{\ensuremath{\vec y}})\) predicate which is true if and only if, for all i, y i  ≠ ⋆ implies x i  = y i . In [5], it is shown that HVE implies predicate encryption schemes for conjunctions, comparison, range queries and subset queries. We describe also constructions of secure predicate encryption for Boolean predicates that can be expressed as k-CNF and k-DNF (for any constant k) over binary variables.

Our main contribution is a very simple, in terms of construction and security proof, implementation of the HVE primitive that can be proved fully secure against probabilistic polynomial-time adversaries in the unrestricted queries model under non-interactive constant sized (that is independent of ℓ) hardness assumptions on bilinear groups of composite order. Our proof employs the dual system methodology of Waters [18], that gave one of the first fully secure construction in this area, blended with a careful design of intermediate security games that keep into account the relationship between challenge ciphertext and key queries.


predicate encryption HVE full security pairing-based cryptography 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Boneh, D.: Bilinear Groups of Composite Order. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 39–56. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Boneh, D., Boyen, X.: Secure Identity Based Encryption Without Random Oracles. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 443–459. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public Key Encryption with Keyword Search. In: Cachin, C., Camenisch, J. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF Formulas on Ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Waters, B.: Conjunctive, Subset, and Range Queries on Encrypted Data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 535–554. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Canetti, R., Halevi, S., Katz, J.: Chosen-Ciphertext Security from Identity-Based Encryption. In: Cachin, C., Camenisch, J. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–222. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Gentry, C.: Practical Identity-Based Encryption Without Random Oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 445–464. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Gentry, C., Halevi, S.: Hierarchical Identity Based Encryption with Polynomially Many Levels. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 437–456. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. 9.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-Based Encryption for Fine-Grained Access Control for Encrypted Data. In: ACM CCS 2006, Alexandria, VA, USA, October 30-November 3, pp. 89–98 (2006)Google Scholar
  10. 10.
    Iovino, V., Persiano, G.: Hidden-Vector Encryption with Groups of Prime Order. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 75–88. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Katz, J., Sahai, A., Waters, B.: Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 146–162. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Lewko, A., Waters, B.: New Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 455–479. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Okamoto, T., Takashima, K.: Adaptively Attribute-Hiding (Hierarchical) Inner Product Encryption. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 591–608. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  14. 14.
    O’Neill, A.: Definitional issues in functional encryption. Technical Report 2010-556, Cryptology ePrint Archives (2010),
  15. 15.
    Sedghi, S., van Liesdonk, P., Nikova, S., Hartel, P., Jonker, W.: Searching Keywords with Wildcards on Encrypted Data. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 138–153. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Shi, E., Waters, B.: Delegating Capabilities in Predicate Encryption Systems. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 560–578. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Waters, B.: Efficient Identity-Based Encryption Without Random Oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Waters, B.: Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 619–636. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Angelo De Caro
    • 1
  • Vincenzo Iovino
    • 1
  • Giuseppe Persiano
    • 1
  1. 1.Dipartimento di Informatica ed ApplicazioniUniversità di SalernoFiscianoItaly

Personalised recommendations