{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T13:07:57Z","timestamp":1771938477917,"version":"3.50.1"},"reference-count":58,"publisher":"Association for Computing Machinery (ACM)","issue":"6","license":[{"start":{"date-parts":[[2016,12,10]],"date-time":"2016-12-10T00:00:00Z","timestamp":1481328000000},"content-version":"vor","delay-in-days":366,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["J. ACM"],"published-print":{"date-parts":[[2015,12,10]]},"abstract":"\n In an attribute-based encryption (ABE) scheme, a ciphertext is associated with an \u2113-bit\n public index<\/jats:italic>\n ind and a message\n m<\/jats:italic>\n , and a secret key is associated with a Boolean predicate\n P<\/jats:italic>\n . The secret key allows decrypting the ciphertext and learning\n m<\/jats:italic>\n if and only if\n P<\/jats:italic>\n (ind) = 1. Moreover, the scheme should be secure against collusions of users, namely, given secret keys for polynomially many predicates, an adversary learns nothing about the message if none of the secret keys can individually decrypt the ciphertext.\n <\/jats:p>\n \n We present attribute-based encryption schemes for circuits of any arbitrary polynomial size, where the public parameters and the ciphertext grow linearly with the depth of the circuit. Our construction is secure under the standard learning with errors (LWE) assumption. Previous constructions of attribute-based encryption were for Boolean formulas, captured by the complexity class\n NC<\/jats:italic>\n 1<\/jats:sup>\n .\n <\/jats:p>\n \n In the course of our construction, we present a new framework for constructing ABE schemes. As a by-product of our framework, we obtain ABE schemes for polynomial-size branching programs, corresponding to the complexity class\n LOGSPACE<\/jats:italic>\n , under quantitatively better assumptions.\n <\/jats:p>","DOI":"10.1145\/2824233","type":"journal-article","created":{"date-parts":[[2015,12,14]],"date-time":"2015-12-14T09:19:41Z","timestamp":1450084781000},"page":"1-33","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":64,"title":["Attribute-Based Encryption for Circuits"],"prefix":"10.1145","volume":"62","author":[{"given":"Sergey","family":"Gorbunov","sequence":"first","affiliation":[{"name":"University of Waterloo, Cambridge, MA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vinod","family":"Vaikuntanathan","sequence":"additional","affiliation":[{"name":"MIT and University of Toronto, Cambridge, MA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hoeteck","family":"Wee","sequence":"additional","affiliation":[{"name":"CNRS -- ENS, Paris, France"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2015,12,10]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-13190-5_28"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.5555\/1881412.1881420"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30057-8_17"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-25385-0_2"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/646229.681554"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/380752.380857"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-00457-5_28"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046614.2046628"},{"key":"e_1_2_1_9_1","unstructured":"Prabhanjan Ananth Zvika Brakerski Gil Segev and Vinod Vaikuntanathan. 2014. From selective to adaptive security in functional encryption. Cryptology ePrint Archive: Report 2014\/917. (2014)."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.5555\/1880918.1880936"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1127345.1127346"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382279"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0054122"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24676-3_14"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24676-3_30"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/646766.704155"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-55220-5_30"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/1987260.1987281"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-36594-2_8"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/FOCS.2011.12"},{"key":"e_1_2_1_21_1","unstructured":"David Cash Dennis Hofheinz and Eike Kiltz. 2009. How to delegate a lattice basis. Cryptology ePrint Archive Report 2009\/351. (2009)."},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-011-9105-2"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.5555\/1881412.1881446"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.5555\/647995.742435"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40041-4_26"},{"key":"e_1_2_1_26_1","unstructured":"Sanjam Garg Craig Gentry and Shai Halevi. 2012. Candidate multilinear maps from ideal lattices and applications. Cryptology ePrint Archive Report 2012\/610. (2012)."},{"key":"e_1_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Sanjam Garg Craig Gentry Shai Halevi Amit Sahai and Brent Waters. 2013. Attribute-based encryption for circuits from multilinear maps. In Proceedings of CRYPTO. 479--499. Also Cryptology ePrint Archive Report 2013\/128.","DOI":"10.1007\/978-3-642-40084-1_27"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.5555\/1881412.1881445"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1536414.1536440"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1374376.1374407"},{"key":"e_1_2_1_31_1","volume-title":"Proceedings of STOC.","author":"Goldwasser Shafi","year":"2013","unstructured":"Shafi Goldwasser, Yael Kalai, Raluca Ada Popa, Vinod Vaikuntanathan, and Nickolai Zeldovich. 2013. Succinct functional encryption and its power: Reusable garbled circuits and beyond. In Proceedings of STOC."},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1374376.1374396"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-32009-5_11"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180418"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.5555\/2028067.2028101"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-010-9077-7"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.5555\/1788414.1788423"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-13190-5_4"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-11799-2_27"},{"key":"e_1_2_1_40_1","volume-title":"Lewko and Brent Waters","author":"Allison","year":"2012","unstructured":"Allison B. Lewko and Brent Waters. 2012. New proof methods for attribute-based encryption: Achieving full security through selective techniques. In Proceedings of CRYPTO. 180--198."},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2012.97"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1137\/S0097539795284959"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-29011-4_41"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1806689.1806739"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.5555\/1881412.1881427"},{"key":"e_1_2_1_46_1","unstructured":"Adam O'Neill. 2010. Definitional issues in functional encryption. Cryptology ePrint Archive Report 2010\/556. (2010)."},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1007\/11535218_14"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1002\/ett.2722"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","unstructured":"Bryan Parno Mariana Raykova and Vinod Vaikuntanathan. 2012. How to delegate and verify in public: Verifiable computation from attribute-based encryption. In Proceeding of TCC. 422--439. 10.1007\/978-3-642-28914-9_24","DOI":"10.1007\/978-3-642-28914-9_24"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","unstructured":"Chris Peikert. 2009. Public-key cryptosystems from the worst-case shortest vector problem. In Proceeding of STOC. 333--342. 10.1145\/1536414.1536461","DOI":"10.1145\/1536414.1536461"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/1568318.1568324"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1137\/100782929"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","unstructured":"Amit Sahai and Hakan Seyalioglu. 2010. Worry-free encryption: Functional encryption with public keys. In Proceeding of the ACM CCS. 463--472. 10.1145\/1866307.1866359","DOI":"10.1145\/1866307.1866359"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","unstructured":"Amit Sahai and Brent Waters. 2005. Fuzzy identity-based encryption. In Proceeding of EUROCRYPT. 457--473. 10.1007\/11426639_27","DOI":"10.1007\/11426639_27"},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","unstructured":"Adi Shamir. 1984. Identity-based cryptosystems and signature schemes. In Proceeding of CRYPTO. 47--53.","DOI":"10.5555\/19478.19483"},{"key":"e_1_2_1_56_1","doi-asserted-by":"crossref","unstructured":"Damien Stehl\u00e9 and Ron Steinfeld. 2010. Faster fully homomorphic encryption. In Proceeding of ASIACRYPT. 377--394.","DOI":"10.1007\/978-3-642-17373-8_22"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","unstructured":"Brent Waters. 2009. Dual system encryption: Realizing fully secure IBE and HIBE under simple assumptions. In Proceeding of CRYPTO. 619--636. 10.1007\/978-3-642-03356-8_36","DOI":"10.1007\/978-3-642-03356-8_36"},{"key":"e_1_2_1_58_1","doi-asserted-by":"crossref","unstructured":"Brent Waters. 2012. Functional encryption for regular languages. In Proceeding of CRYPTO. 218--235.","DOI":"10.1007\/978-3-642-32009-5_14"}],"container-title":["Journal of the ACM"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2824233","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2824233","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2824233","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T09:16:42Z","timestamp":1763457402000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2824233"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,12,10]]},"references-count":58,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2015,12,10]]}},"alternative-id":["10.1145\/2824233"],"URL":"https:\/\/doi.org\/10.1145\/2824233","relation":{},"ISSN":["0004-5411","1557-735X"],"issn-type":[{"value":"0004-5411","type":"print"},{"value":"1557-735X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,12,10]]},"assertion":[{"value":"2014-07-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2015-09-01","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2015-12-10","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}